From 7f1992ae6137d56b71faf8be440988e3ced46613 Mon Sep 17 00:00:00 2001 From: pulumi-bot Date: Sun, 17 Mar 2024 13:27:39 +0000 Subject: [PATCH 1/2] make tfgen --- examples/go.mod | 8 +- examples/go.sum | 8 +- provider/cmd/pulumi-resource-aws/schema.json | 428 +++++++++---------- provider/go.mod | 14 +- provider/go.sum | 20 +- sdk/go.mod | 4 + sdk/go.sum | 4 +- 7 files changed, 249 insertions(+), 237 deletions(-) diff --git a/examples/go.mod b/examples/go.mod index 7ea83ed9bbc..f873e44b2cc 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -8,7 +8,7 @@ require ( github.com/pulumi/pulumi-aws/provider/v6 v6.0.0-00010101000000-000000000000 github.com/pulumi/pulumi-terraform-bridge/pf v0.30.1-0.20240311191722-54802d5b003c github.com/pulumi/pulumi-terraform-bridge/testing v0.0.2-0.20230927165309-e3fd9503f2d3 - github.com/pulumi/pulumi/pkg/v3 v3.108.1 + github.com/pulumi/pulumi/pkg/v3 v3.109.0 github.com/stretchr/testify v1.8.4 ) @@ -334,7 +334,7 @@ require ( github.com/pulumi/esc v0.6.2 // indirect github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.1-0.20240311191722-54802d5b003c // indirect github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.108.1 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.111.1 // indirect github.com/pulumi/terraform-diff-reader v0.0.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect @@ -396,3 +396,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 diff --git a/examples/go.sum b/examples/go.sum index 49010d24fdb..9cd34207fc0 100644 --- a/examples/go.sum +++ b/examples/go.sum @@ -3113,10 +3113,10 @@ github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.1-0.20240311191722-54802d5b00 github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.1-0.20240311191722-54802d5b003c/go.mod h1:OCfjEGPU2fbBlda8UZhN/N3FljW6R08SK6lXPXzahwA= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 h1:mav2tSitA9BPJPLLahKgepHyYsMzwaTm4cvp0dcTMYw= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8/go.mod h1:qUYk2c9i/yqMGNj9/bQyXpS39BxNDSXYjVN1njnq0zY= -github.com/pulumi/pulumi/pkg/v3 v3.108.1 h1:K1UK40v5IpEPIaJ2un3WNOTBbLQaKR26HbLLh5EmMHY= -github.com/pulumi/pulumi/pkg/v3 v3.108.1/go.mod h1:48uCfxkPXUq/XTBqei9VuR0CRWObnSVlqcLkD6DhII8= -github.com/pulumi/pulumi/sdk/v3 v3.108.1 h1:5idjc3JmzToYVizRPbFyjJ5UU4AbExd04pcSP9AhPEc= -github.com/pulumi/pulumi/sdk/v3 v3.108.1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= +github.com/pulumi/pulumi/pkg/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 h1:11bg+OBoiYcd5nuCD026T/DxFha/s02XGse3OD/OmMs= +github.com/pulumi/pulumi/pkg/v3 v3.111.2-0.20240317125735-c3c4b4986ac1/go.mod h1:ZWsq8Y0EMHZ5E2ju92jC+POz97TEXs3BbQ6r2o0U4SA= +github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 h1:u2iPyoj2xIbPW/Nt0gS3z4+KiORNwQJTS+YvC7hg4OQ= +github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= github.com/pulumi/terraform-diff-reader v0.0.2/go.mod h1:sZ9FUzGO+yM41hsQHs/yIcj/Y993qMdBxBU5mpDmAfQ= github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240229143312-4f60ee4e2975 h1:1WBy43K/lHEdS5Hliwf3ylVSfAu5s0KhhEs6wNeP11Y= diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index 75a0c4b271f..136263f4471 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -153556,7 +153556,7 @@ } }, "aws:acm/certificate:Certificate": { - "description": "The ACM certificate resource allows requesting and management of certificates\nfrom the Amazon Certificate Manager.\n\nACM certificates can be created in three ways:\nAmazon-issued, where AWS provides the certificate authority and automatically manages renewal;\nimported certificates, issued by another certificate authority;\nand private certificates, issued using an ACM Private Certificate Authority.\n\n## Amazon-Issued Certificates\n\nFor Amazon-issued certificates, this resource deals with requesting certificates and managing their attributes and life-cycle.\nThis resource does not deal with validation of a certificate but can provide inputs\nfor other resources implementing the validation.\nIt does not wait for a certificate to be issued.\nUse a `aws.acm.CertificateValidation` resource for this.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.acm.CertificateValidation` to request a DNS validated certificate,\ndeploy the required validation records and wait for validation to complete.\n\nDomain validation through email is also supported but should be avoided as it requires a manual step outside of this provider.\n\n\n## Certificates Imported from Other Certificate Authority\n\nImported certificates can be used to make certificates created with an external certificate authority available for AWS services.\n\nAs they are not managed by AWS, imported certificates are not eligible for automatic renewal.\nNew certificate materials can be supplied to an existing imported certificate to update it in place.\n\n## Private Certificates\n\nPrivate certificates are issued by an ACM Private Cerificate Authority, which can be created using the resource type `aws.acmpca.CertificateAuthority`.\n\nPrivate certificates created using this resource are eligible for managed renewal if they have been exported or associated with another AWS service.\nSee [managed renewal documentation](https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html) for more information.\nBy default, a certificate is valid for 395 days and the managed renewal process will start 60 days before expiration.\nTo renew the certificate earlier than 60 days before expiration, configure `early_renewal_duration`.\n\n## Example Usage\n\n### Create Certificate\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cert = new aws.acm.Certificate(\"cert\", {\n domainName: \"example.com\",\n validationMethod: \"DNS\",\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.acm.Certificate(\"cert\",\n domain_name=\"example.com\",\n validation_method=\"DNS\",\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cert = new Aws.Acm.Certificate(\"cert\", new()\n {\n DomainName = \"example.com\",\n ValidationMethod = \"DNS\",\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tValidationMethod: pulumi.String(\"DNS\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.acm.Certificate;\nimport com.pulumi.aws.acm.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .domainName(\"example.com\")\n .validationMethod(\"DNS\")\n .tags(Map.of(\"Environment\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cert:\n type: aws:acm:Certificate\n properties:\n domainName: example.com\n validationMethod: DNS\n tags:\n Environment: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Domain Validation Options\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cert = new aws.acm.Certificate(\"cert\", {\n domainName: \"testing.example.com\",\n validationMethod: \"EMAIL\",\n validationOptions: [{\n domainName: \"testing.example.com\",\n validationDomain: \"example.com\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.acm.Certificate(\"cert\",\n domain_name=\"testing.example.com\",\n validation_method=\"EMAIL\",\n validation_options=[aws.acm.CertificateValidationOptionArgs(\n domain_name=\"testing.example.com\",\n validation_domain=\"example.com\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cert = new Aws.Acm.Certificate(\"cert\", new()\n {\n DomainName = \"testing.example.com\",\n ValidationMethod = \"EMAIL\",\n ValidationOptions = new[]\n {\n new Aws.Acm.Inputs.CertificateValidationOptionArgs\n {\n DomainName = \"testing.example.com\",\n ValidationDomain = \"example.com\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tDomainName: pulumi.String(\"testing.example.com\"),\n\t\t\tValidationMethod: pulumi.String(\"EMAIL\"),\n\t\t\tValidationOptions: acm.CertificateValidationOptionArray{\n\t\t\t\t\u0026acm.CertificateValidationOptionArgs{\n\t\t\t\t\tDomainName: pulumi.String(\"testing.example.com\"),\n\t\t\t\t\tValidationDomain: pulumi.String(\"example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.acm.Certificate;\nimport com.pulumi.aws.acm.CertificateArgs;\nimport com.pulumi.aws.acm.inputs.CertificateValidationOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .domainName(\"testing.example.com\")\n .validationMethod(\"EMAIL\")\n .validationOptions(CertificateValidationOptionArgs.builder()\n .domainName(\"testing.example.com\")\n .validationDomain(\"example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cert:\n type: aws:acm:Certificate\n properties:\n domainName: testing.example.com\n validationMethod: EMAIL\n validationOptions:\n - domainName: testing.example.com\n validationDomain: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Existing Certificate Body Import\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = new tls.PrivateKey(\"example\", {algorithm: \"RSA\"});\nconst exampleSelfSignedCert = new tls.SelfSignedCert(\"example\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: example.privateKeyPem,\n subject: {\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n },\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\nconst cert = new aws.acm.Certificate(\"cert\", {\n privateKey: example.privateKeyPem,\n certificateBody: exampleSelfSignedCert.certPem,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nexample = tls.PrivateKey(\"example\", algorithm=\"RSA\")\nexample_self_signed_cert = tls.SelfSignedCert(\"example\",\n key_algorithm=\"RSA\",\n private_key_pem=example.private_key_pem,\n subject=tls.SelfSignedCertSubjectArgs(\n common_name=\"example.com\",\n organization=\"ACME Examples, Inc\",\n ),\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\ncert = aws.acm.Certificate(\"cert\",\n private_key=example.private_key_pem,\n certificate_body=example_self_signed_cert.cert_pem)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Tls.PrivateKey(\"example\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var exampleSelfSignedCert = new Tls.SelfSignedCert(\"example\", new()\n {\n KeyAlgorithm = \"RSA\",\n PrivateKeyPem = example.PrivateKeyPem,\n Subject = new Tls.Inputs.SelfSignedCertSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n\n var cert = new Aws.Acm.Certificate(\"cert\", new()\n {\n PrivateKey = example.PrivateKeyPem,\n CertificateBody = exampleSelfSignedCert.CertPem,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := tls.NewPrivateKey(ctx, \"example\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, \"example\", \u0026tls.SelfSignedCertArgs{\n\t\t\tKeyAlgorithm: pulumi.String(\"RSA\"),\n\t\t\tPrivateKeyPem: example.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.SelfSignedCertSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t},\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tPrivateKey: example.PrivateKeyPem,\n\t\t\tCertificateBody: exampleSelfSignedCert.CertPem,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.SelfSignedCert;\nimport com.pulumi.tls.SelfSignedCertArgs;\nimport com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;\nimport com.pulumi.aws.acm.Certificate;\nimport com.pulumi.aws.acm.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new PrivateKey(\"example\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n var exampleSelfSignedCert = new SelfSignedCert(\"exampleSelfSignedCert\", SelfSignedCertArgs.builder() \n .keyAlgorithm(\"RSA\")\n .privateKeyPem(example.privateKeyPem())\n .subject(SelfSignedCertSubjectArgs.builder()\n .commonName(\"example.com\")\n .organization(\"ACME Examples, Inc\")\n .build())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .build());\n\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .privateKey(example.privateKeyPem())\n .certificateBody(exampleSelfSignedCert.certPem())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: tls:PrivateKey\n properties:\n algorithm: RSA\n exampleSelfSignedCert:\n type: tls:SelfSignedCert\n name: example\n properties:\n keyAlgorithm: RSA\n privateKeyPem: ${example.privateKeyPem}\n subject:\n commonName: example.com\n organization: ACME Examples, Inc\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n cert:\n type: aws:acm:Certificate\n properties:\n privateKey: ${example.privateKeyPem}\n certificateBody: ${exampleSelfSignedCert.certPem}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Referencing domain_validation_options With for_each Based Resources\n\nSee the `aws.acm.CertificateValidation` resource for a full example of performing DNS validation.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example: aws.route53.Record[] = [];\nfor (const range of Object.entries(.reduce((__obj, dvo) =\u003e ({ ...__obj, [dvo.domainName]: {\n name: dvo.resourceRecordName,\n record: dvo.resourceRecordValue,\n type: dvo.resourceRecordType,\n} }))).map(([k, v]) =\u003e ({key: k, value: v}))) {\n example.push(new aws.route53.Record(`example-${range.key}`, {\n allowOverwrite: true,\n name: range.value.name,\n records: [range.value.record],\n ttl: 60,\n type: aws.route53.recordtype.RecordType[range.value.type],\n zoneId: exampleAwsRoute53Zone.zoneId,\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = []\nfor range in [{\"key\": k, \"value\": v} for [k, v] in enumerate({dvo.domain_name: {\n name: dvo.resource_record_name,\n record: dvo.resource_record_value,\n type: dvo.resource_record_type,\n} for dvo in example_aws_acm_certificate.domain_validation_options})]:\n example.append(aws.route53.Record(f\"example-{range['key']}\",\n allow_overwrite=True,\n name=range[\"value\"][\"name\"],\n records=[range[\"value\"][\"record\"]],\n ttl=60,\n type=aws.route53/recordtype.RecordType(range[\"value\"][\"type\"]),\n zone_id=example_aws_route53_zone[\"zoneId\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new List\u003cAws.Route53.Record\u003e();\n foreach (var range in .ToDictionary(item =\u003e {\n var dvo = item.Value;\n return dvo.DomainName;\n }, item =\u003e {\n var dvo = item.Value;\n return \n {\n { \"name\", dvo.ResourceRecordName },\n { \"record\", dvo.ResourceRecordValue },\n { \"type\", dvo.ResourceRecordType },\n };\n }).Select(pair =\u003e new { pair.Key, pair.Value }))\n {\n example.Add(new Aws.Route53.Record($\"example-{range.Key}\", new()\n {\n AllowOverwrite = true,\n Name = range.Value.Name,\n Records = new[]\n {\n range.Value.Record,\n },\n Ttl = 60,\n Type = System.Enum.Parse\u003cAws.Route53.RecordType.RecordType\u003e(range.Value.Type),\n ZoneId = exampleAwsRoute53Zone.ZoneId,\n }));\n }\n});\n```\n```yaml\nresources:\n example:\n type: aws:route53:Record\n properties:\n allowOverwrite: true\n name: ${range.value.name}\n records:\n - ${range.value.record}\n ttl: 60\n type: ${range.value.type}\n zoneId: ${exampleAwsRoute53Zone.zoneId}\n options: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import certificates using their ARN. For example:\n\n```sh\n$ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a\n```\n", + "description": "The ACM certificate resource allows requesting and management of certificates\nfrom the Amazon Certificate Manager.\n\nACM certificates can be created in three ways:\nAmazon-issued, where AWS provides the certificate authority and automatically manages renewal;\nimported certificates, issued by another certificate authority;\nand private certificates, issued using an ACM Private Certificate Authority.\n\n## Amazon-Issued Certificates\n\nFor Amazon-issued certificates, this resource deals with requesting certificates and managing their attributes and life-cycle.\nThis resource does not deal with validation of a certificate but can provide inputs\nfor other resources implementing the validation.\nIt does not wait for a certificate to be issued.\nUse a `aws.acm.CertificateValidation` resource for this.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.acm.CertificateValidation` to request a DNS validated certificate,\ndeploy the required validation records and wait for validation to complete.\n\nDomain validation through email is also supported but should be avoided as it requires a manual step outside of this provider.\n\n\n## Certificates Imported from Other Certificate Authority\n\nImported certificates can be used to make certificates created with an external certificate authority available for AWS services.\n\nAs they are not managed by AWS, imported certificates are not eligible for automatic renewal.\nNew certificate materials can be supplied to an existing imported certificate to update it in place.\n\n## Private Certificates\n\nPrivate certificates are issued by an ACM Private Cerificate Authority, which can be created using the resource type `aws.acmpca.CertificateAuthority`.\n\nPrivate certificates created using this resource are eligible for managed renewal if they have been exported or associated with another AWS service.\nSee [managed renewal documentation](https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html) for more information.\nBy default, a certificate is valid for 395 days and the managed renewal process will start 60 days before expiration.\nTo renew the certificate earlier than 60 days before expiration, configure `early_renewal_duration`.\n\n## Example Usage\n\n### Create Certificate\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cert = new aws.acm.Certificate(\"cert\", {\n domainName: \"example.com\",\n validationMethod: \"DNS\",\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.acm.Certificate(\"cert\",\n domain_name=\"example.com\",\n validation_method=\"DNS\",\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cert = new Aws.Acm.Certificate(\"cert\", new()\n {\n DomainName = \"example.com\",\n ValidationMethod = \"DNS\",\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tValidationMethod: pulumi.String(\"DNS\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.acm.Certificate;\nimport com.pulumi.aws.acm.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .domainName(\"example.com\")\n .validationMethod(\"DNS\")\n .tags(Map.of(\"Environment\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cert:\n type: aws:acm:Certificate\n properties:\n domainName: example.com\n validationMethod: DNS\n tags:\n Environment: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Domain Validation Options\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cert = new aws.acm.Certificate(\"cert\", {\n domainName: \"testing.example.com\",\n validationMethod: \"EMAIL\",\n validationOptions: [{\n domainName: \"testing.example.com\",\n validationDomain: \"example.com\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.acm.Certificate(\"cert\",\n domain_name=\"testing.example.com\",\n validation_method=\"EMAIL\",\n validation_options=[aws.acm.CertificateValidationOptionArgs(\n domain_name=\"testing.example.com\",\n validation_domain=\"example.com\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cert = new Aws.Acm.Certificate(\"cert\", new()\n {\n DomainName = \"testing.example.com\",\n ValidationMethod = \"EMAIL\",\n ValidationOptions = new[]\n {\n new Aws.Acm.Inputs.CertificateValidationOptionArgs\n {\n DomainName = \"testing.example.com\",\n ValidationDomain = \"example.com\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tDomainName: pulumi.String(\"testing.example.com\"),\n\t\t\tValidationMethod: pulumi.String(\"EMAIL\"),\n\t\t\tValidationOptions: acm.CertificateValidationOptionArray{\n\t\t\t\t\u0026acm.CertificateValidationOptionArgs{\n\t\t\t\t\tDomainName: pulumi.String(\"testing.example.com\"),\n\t\t\t\t\tValidationDomain: pulumi.String(\"example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.acm.Certificate;\nimport com.pulumi.aws.acm.CertificateArgs;\nimport com.pulumi.aws.acm.inputs.CertificateValidationOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .domainName(\"testing.example.com\")\n .validationMethod(\"EMAIL\")\n .validationOptions(CertificateValidationOptionArgs.builder()\n .domainName(\"testing.example.com\")\n .validationDomain(\"example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cert:\n type: aws:acm:Certificate\n properties:\n domainName: testing.example.com\n validationMethod: EMAIL\n validationOptions:\n - domainName: testing.example.com\n validationDomain: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Existing Certificate Body Import\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = new tls.PrivateKey(\"example\", {algorithm: \"RSA\"});\nconst exampleSelfSignedCert = new tls.SelfSignedCert(\"example\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: example.privateKeyPem,\n subject: {\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n },\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\nconst cert = new aws.acm.Certificate(\"cert\", {\n privateKey: example.privateKeyPem,\n certificateBody: exampleSelfSignedCert.certPem,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nexample = tls.PrivateKey(\"example\", algorithm=\"RSA\")\nexample_self_signed_cert = tls.SelfSignedCert(\"example\",\n key_algorithm=\"RSA\",\n private_key_pem=example.private_key_pem,\n subject=tls.SelfSignedCertSubjectArgs(\n common_name=\"example.com\",\n organization=\"ACME Examples, Inc\",\n ),\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\ncert = aws.acm.Certificate(\"cert\",\n private_key=example.private_key_pem,\n certificate_body=example_self_signed_cert.cert_pem)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Tls.PrivateKey(\"example\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var exampleSelfSignedCert = new Tls.SelfSignedCert(\"example\", new()\n {\n KeyAlgorithm = \"RSA\",\n PrivateKeyPem = example.PrivateKeyPem,\n Subject = new Tls.Inputs.SelfSignedCertSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n\n var cert = new Aws.Acm.Certificate(\"cert\", new()\n {\n PrivateKey = example.PrivateKeyPem,\n CertificateBody = exampleSelfSignedCert.CertPem,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := tls.NewPrivateKey(ctx, \"example\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, \"example\", \u0026tls.SelfSignedCertArgs{\n\t\t\tKeyAlgorithm: pulumi.String(\"RSA\"),\n\t\t\tPrivateKeyPem: example.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.SelfSignedCertSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t},\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tPrivateKey: example.PrivateKeyPem,\n\t\t\tCertificateBody: exampleSelfSignedCert.CertPem,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.SelfSignedCert;\nimport com.pulumi.tls.SelfSignedCertArgs;\nimport com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;\nimport com.pulumi.aws.acm.Certificate;\nimport com.pulumi.aws.acm.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new PrivateKey(\"example\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n var exampleSelfSignedCert = new SelfSignedCert(\"exampleSelfSignedCert\", SelfSignedCertArgs.builder() \n .keyAlgorithm(\"RSA\")\n .privateKeyPem(example.privateKeyPem())\n .subject(SelfSignedCertSubjectArgs.builder()\n .commonName(\"example.com\")\n .organization(\"ACME Examples, Inc\")\n .build())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .build());\n\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .privateKey(example.privateKeyPem())\n .certificateBody(exampleSelfSignedCert.certPem())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: tls:PrivateKey\n properties:\n algorithm: RSA\n exampleSelfSignedCert:\n type: tls:SelfSignedCert\n name: example\n properties:\n keyAlgorithm: RSA\n privateKeyPem: ${example.privateKeyPem}\n subject:\n commonName: example.com\n organization: ACME Examples, Inc\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n cert:\n type: aws:acm:Certificate\n properties:\n privateKey: ${example.privateKeyPem}\n certificateBody: ${exampleSelfSignedCert.certPem}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Referencing domain_validation_options With for_each Based Resources\n\nSee the `aws.acm.CertificateValidation` resource for a full example of performing DNS validation.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example: aws.route53.Record[] = [];\nfor (const range of Object.entries(.reduce((__obj, dvo) =\u003e ({ ...__obj, [dvo.domainName]: {\n name: dvo.resourceRecordName,\n record: dvo.resourceRecordValue,\n type: dvo.resourceRecordType,\n} }))).map(([k, v]) =\u003e ({key: k, value: v}))) {\n example.push(new aws.route53.Record(`example-${range.key}`, {\n allowOverwrite: true,\n name: range.value.name,\n records: [range.value.record],\n ttl: 60,\n type: aws.route53.RecordType[range.value.type],\n zoneId: exampleAwsRoute53Zone.zoneId,\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = []\nfor range in [{\"key\": k, \"value\": v} for [k, v] in enumerate({dvo.domain_name: {\n name: dvo.resource_record_name,\n record: dvo.resource_record_value,\n type: dvo.resource_record_type,\n} for dvo in example_aws_acm_certificate.domain_validation_options})]:\n example.append(aws.route53.Record(f\"example-{range['key']}\",\n allow_overwrite=True,\n name=range[\"value\"][\"name\"],\n records=[range[\"value\"][\"record\"]],\n ttl=60,\n type=aws.route53.RecordType(range[\"value\"][\"type\"]),\n zone_id=example_aws_route53_zone[\"zoneId\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new List\u003cAws.Route53.Record\u003e();\n foreach (var range in .ToDictionary(item =\u003e {\n var dvo = item.Value;\n return dvo.DomainName;\n }, item =\u003e {\n var dvo = item.Value;\n return \n {\n { \"name\", dvo.ResourceRecordName },\n { \"record\", dvo.ResourceRecordValue },\n { \"type\", dvo.ResourceRecordType },\n };\n }).Select(pair =\u003e new { pair.Key, pair.Value }))\n {\n example.Add(new Aws.Route53.Record($\"example-{range.Key}\", new()\n {\n AllowOverwrite = true,\n Name = range.Value.Name,\n Records = new[]\n {\n range.Value.Record,\n },\n Ttl = 60,\n Type = System.Enum.Parse\u003cAws.Route53.RecordType\u003e(range.Value.Type),\n ZoneId = exampleAwsRoute53Zone.ZoneId,\n }));\n }\n});\n```\n```yaml\nresources:\n example:\n type: aws:route53:Record\n properties:\n allowOverwrite: true\n name: ${range.value.name}\n records:\n - ${range.value.record}\n ttl: 60\n type: ${range.value.type}\n zoneId: ${exampleAwsRoute53Zone.zoneId}\n options: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import certificates using their ARN. For example:\n\n```sh\n$ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a\n```\n", "properties": { "arn": { "type": "string", @@ -154460,7 +154460,7 @@ } }, "aws:acmpca/policy:Policy": { - "description": "Attaches a resource based policy to a private CA.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [current.accountId],\n }],\n actions: [\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources: [exampleAwsAcmpcaCertificateAuthority.arn],\n },\n {\n sid: \"2\",\n effect: allow,\n principals: [{\n type: \"AWS\",\n identifiers: [current.accountId],\n }],\n actions: [\"acm-pca:IssueCertificate\"],\n resources: [exampleAwsAcmpcaCertificateAuthority.arn],\n conditions: [{\n test: \"StringEquals\",\n variable: \"acm-pca:TemplateArn\",\n values: [\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n }],\n },\n ],\n});\nconst examplePolicy = new aws.acmpca.Policy(\"example\", {\n resourceArn: exampleAwsAcmpcaCertificateAuthority.arn,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[current[\"accountId\"]],\n )],\n actions=[\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources=[example_aws_acmpca_certificate_authority[\"arn\"]],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"2\",\n effect=allow,\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[current[\"accountId\"]],\n )],\n actions=[\"acm-pca:IssueCertificate\"],\n resources=[example_aws_acmpca_certificate_authority[\"arn\"]],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"acm-pca:TemplateArn\",\n values=[\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n )],\n ),\n])\nexample_policy = aws.acmpca.Policy(\"example\",\n resource_arn=example_aws_acmpca_certificate_authority[\"arn\"],\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n current.AccountId,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n },\n Resources = new[]\n {\n exampleAwsAcmpcaCertificateAuthority.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"2\",\n Effect = allow,\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n current.AccountId,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:IssueCertificate\",\n },\n Resources = new[]\n {\n exampleAwsAcmpcaCertificateAuthority.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"acm-pca:TemplateArn\",\n Values = new[]\n {\n \"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n },\n },\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Acmpca.Policy(\"example\", new()\n {\n ResourceArn = exampleAwsAcmpcaCertificateAuthority.Arn,\n PolicyDetails = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"1\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ncurrent.AccountId,\n},\n},\n},\nActions: []string{\n\"acm-pca:DescribeCertificateAuthority\",\n\"acm-pca:GetCertificate\",\n\"acm-pca:GetCertificateAuthorityCertificate\",\n\"acm-pca:ListPermissions\",\n\"acm-pca:ListTags\",\n},\nResources: interface{}{\nexampleAwsAcmpcaCertificateAuthority.Arn,\n},\n},\n{\nSid: pulumi.StringRef(\"2\"),\nEffect: pulumi.StringRef(allow),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ncurrent.AccountId,\n},\n},\n},\nActions: []string{\n\"acm-pca:IssueCertificate\",\n},\nResources: interface{}{\nexampleAwsAcmpcaCertificateAuthority.Arn,\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"acm-pca:TemplateArn\",\nValues: []string{\n\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = acmpca.NewPolicy(ctx, \"example\", \u0026acmpca.PolicyArgs{\nResourceArn: pulumi.Any(exampleAwsAcmpcaCertificateAuthority.Arn),\nPolicy: *pulumi.String(example.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.acmpca.Policy;\nimport com.pulumi.aws.acmpca.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(current.accountId())\n .build())\n .actions( \n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\")\n .resources(exampleAwsAcmpcaCertificateAuthority.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"2\")\n .effect(allow)\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(current.accountId())\n .build())\n .actions(\"acm-pca:IssueCertificate\")\n .resources(exampleAwsAcmpcaCertificateAuthority.arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"acm-pca:TemplateArn\")\n .values(\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\")\n .build())\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .resourceArn(exampleAwsAcmpcaCertificateAuthority.arn())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:acmpca:Policy\n name: example\n properties:\n resourceArn: ${exampleAwsAcmpcaCertificateAuthority.arn}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${current.accountId}\n actions:\n - acm-pca:DescribeCertificateAuthority\n - acm-pca:GetCertificate\n - acm-pca:GetCertificateAuthorityCertificate\n - acm-pca:ListPermissions\n - acm-pca:ListTags\n resources:\n - ${exampleAwsAcmpcaCertificateAuthority.arn}\n - sid: '2'\n effect: ${allow}\n principals:\n - type: AWS\n identifiers:\n - ${current.accountId}\n actions:\n - acm-pca:IssueCertificate\n resources:\n - ${exampleAwsAcmpcaCertificateAuthority.arn}\n conditions:\n - test: StringEquals\n variable: acm-pca:TemplateArn\n values:\n - arn:aws:acm-pca:::template/EndEntityCertificate/V1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_acmpca_policy` using the `resource_arn` value. For example:\n\n```sh\n$ pulumi import aws:acmpca/policy:Policy example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\n```\n", + "description": "Attaches a resource based policy to a private CA.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [current.accountId],\n }],\n actions: [\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources: [exampleAwsAcmpcaCertificateAuthority.arn],\n },\n {\n sid: \"2\",\n effect: allow,\n principals: [{\n type: \"AWS\",\n identifiers: [current.accountId],\n }],\n actions: [\"acm-pca:IssueCertificate\"],\n resources: [exampleAwsAcmpcaCertificateAuthority.arn],\n conditions: [{\n test: \"StringEquals\",\n variable: \"acm-pca:TemplateArn\",\n values: [\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n }],\n },\n ],\n});\nconst examplePolicy = new aws.acmpca.Policy(\"example\", {\n resourceArn: exampleAwsAcmpcaCertificateAuthority.arn,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[current[\"accountId\"]],\n )],\n actions=[\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n ],\n resources=[example_aws_acmpca_certificate_authority[\"arn\"]],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"2\",\n effect=allow,\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[current[\"accountId\"]],\n )],\n actions=[\"acm-pca:IssueCertificate\"],\n resources=[example_aws_acmpca_certificate_authority[\"arn\"]],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"acm-pca:TemplateArn\",\n values=[\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"],\n )],\n ),\n])\nexample_policy = aws.acmpca.Policy(\"example\",\n resource_arn=example_aws_acmpca_certificate_authority[\"arn\"],\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n current.AccountId,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\",\n },\n Resources = new[]\n {\n exampleAwsAcmpcaCertificateAuthority.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"2\",\n Effect = allow,\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n current.AccountId,\n },\n },\n },\n Actions = new[]\n {\n \"acm-pca:IssueCertificate\",\n },\n Resources = new[]\n {\n exampleAwsAcmpcaCertificateAuthority.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"acm-pca:TemplateArn\",\n Values = new[]\n {\n \"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n },\n },\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Acmpca.Policy(\"example\", new()\n {\n ResourceArn = exampleAwsAcmpcaCertificateAuthority.Arn,\n PolicyDetails = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"1\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ncurrent.AccountId,\n},\n},\n},\nActions: []string{\n\"acm-pca:DescribeCertificateAuthority\",\n\"acm-pca:GetCertificate\",\n\"acm-pca:GetCertificateAuthorityCertificate\",\n\"acm-pca:ListPermissions\",\n\"acm-pca:ListTags\",\n},\nResources: interface{}{\nexampleAwsAcmpcaCertificateAuthority.Arn,\n},\n},\n{\nSid: pulumi.StringRef(\"2\"),\nEffect: pulumi.StringRef(allow),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ncurrent.AccountId,\n},\n},\n},\nActions: []string{\n\"acm-pca:IssueCertificate\",\n},\nResources: interface{}{\nexampleAwsAcmpcaCertificateAuthority.Arn,\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"acm-pca:TemplateArn\",\nValues: []string{\n\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = acmpca.NewPolicy(ctx, \"example\", \u0026acmpca.PolicyArgs{\nResourceArn: pulumi.Any(exampleAwsAcmpcaCertificateAuthority.Arn),\nPolicy: pulumi.String(example.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.acmpca.Policy;\nimport com.pulumi.aws.acmpca.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(current.accountId())\n .build())\n .actions( \n \"acm-pca:DescribeCertificateAuthority\",\n \"acm-pca:GetCertificate\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:ListPermissions\",\n \"acm-pca:ListTags\")\n .resources(exampleAwsAcmpcaCertificateAuthority.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"2\")\n .effect(allow)\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(current.accountId())\n .build())\n .actions(\"acm-pca:IssueCertificate\")\n .resources(exampleAwsAcmpcaCertificateAuthority.arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"acm-pca:TemplateArn\")\n .values(\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\")\n .build())\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .resourceArn(exampleAwsAcmpcaCertificateAuthority.arn())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:acmpca:Policy\n name: example\n properties:\n resourceArn: ${exampleAwsAcmpcaCertificateAuthority.arn}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${current.accountId}\n actions:\n - acm-pca:DescribeCertificateAuthority\n - acm-pca:GetCertificate\n - acm-pca:GetCertificateAuthorityCertificate\n - acm-pca:ListPermissions\n - acm-pca:ListTags\n resources:\n - ${exampleAwsAcmpcaCertificateAuthority.arn}\n - sid: '2'\n effect: ${allow}\n principals:\n - type: AWS\n identifiers:\n - ${current.accountId}\n actions:\n - acm-pca:IssueCertificate\n resources:\n - ${exampleAwsAcmpcaCertificateAuthority.arn}\n conditions:\n - test: StringEquals\n variable: acm-pca:TemplateArn\n values:\n - arn:aws:acm-pca:::template/EndEntityCertificate/V1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_acmpca_policy` using the `resource_arn` value. For example:\n\n```sh\n$ pulumi import aws:acmpca/policy:Policy example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\n```\n", "properties": { "policy": { "type": "string", @@ -157106,7 +157106,7 @@ } }, "aws:apigateway/account:Account": { - "description": "Provides a settings of an API Gateway Account. Settings is applied region-wide per `provider` block.\n\n\u003e **Note:** As there is no API method for deleting account settings or resetting it to defaults, destroying this resource will keep your account settings intact\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"apigateway.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst cloudwatchRole = new aws.iam.Role(\"cloudwatch\", {\n name: \"api_gateway_cloudwatch_global\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst demo = new aws.apigateway.Account(\"demo\", {cloudwatchRoleArn: cloudwatchRole.arn});\nconst cloudwatch = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\",\n ],\n resources: [\"*\"],\n }],\n});\nconst cloudwatchRolePolicy = new aws.iam.RolePolicy(\"cloudwatch\", {\n name: \"default\",\n role: cloudwatchRole.id,\n policy: cloudwatch.then(cloudwatch =\u003e cloudwatch.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"apigateway.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ncloudwatch_role = aws.iam.Role(\"cloudwatch\",\n name=\"api_gateway_cloudwatch_global\",\n assume_role_policy=assume_role.json)\ndemo = aws.apigateway.Account(\"demo\", cloudwatch_role_arn=cloudwatch_role.arn)\ncloudwatch = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\",\n ],\n resources=[\"*\"],\n)])\ncloudwatch_role_policy = aws.iam.RolePolicy(\"cloudwatch\",\n name=\"default\",\n role=cloudwatch_role.id,\n policy=cloudwatch.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"apigateway.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var cloudwatchRole = new Aws.Iam.Role(\"cloudwatch\", new()\n {\n Name = \"api_gateway_cloudwatch_global\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var demo = new Aws.ApiGateway.Account(\"demo\", new()\n {\n CloudwatchRoleArn = cloudwatchRole.Arn,\n });\n\n var cloudwatch = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var cloudwatchRolePolicy = new Aws.Iam.RolePolicy(\"cloudwatch\", new()\n {\n Name = \"default\",\n Role = cloudwatchRole.Id,\n Policy = cloudwatch.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"apigateway.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudwatchRole, err := iam.NewRole(ctx, \"cloudwatch\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"api_gateway_cloudwatch_global\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAccount(ctx, \"demo\", \u0026apigateway.AccountArgs{\n\t\t\tCloudwatchRoleArn: cloudwatchRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudwatch, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:DescribeLogGroups\",\n\t\t\t\t\t\t\"logs:DescribeLogStreams\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:GetLogEvents\",\n\t\t\t\t\t\t\"logs:FilterLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"cloudwatch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: cloudwatchRole.ID(),\n\t\t\tPolicy: *pulumi.String(cloudwatch.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.apigateway.Account;\nimport com.pulumi.aws.apigateway.AccountArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"apigateway.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var cloudwatchRole = new Role(\"cloudwatchRole\", RoleArgs.builder() \n .name(\"api_gateway_cloudwatch_global\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var demo = new Account(\"demo\", AccountArgs.builder() \n .cloudwatchRoleArn(cloudwatchRole.arn())\n .build());\n\n final var cloudwatch = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\")\n .resources(\"*\")\n .build())\n .build());\n\n var cloudwatchRolePolicy = new RolePolicy(\"cloudwatchRolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(cloudwatchRole.id())\n .policy(cloudwatch.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n demo:\n type: aws:apigateway:Account\n properties:\n cloudwatchRoleArn: ${cloudwatchRole.arn}\n cloudwatchRole:\n type: aws:iam:Role\n name: cloudwatch\n properties:\n name: api_gateway_cloudwatch_global\n assumeRolePolicy: ${assumeRole.json}\n cloudwatchRolePolicy:\n type: aws:iam:RolePolicy\n name: cloudwatch\n properties:\n name: default\n role: ${cloudwatchRole.id}\n policy: ${cloudwatch.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - apigateway.amazonaws.com\n actions:\n - sts:AssumeRole\n cloudwatch:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:DescribeLogGroups\n - logs:DescribeLogStreams\n - logs:PutLogEvents\n - logs:GetLogEvents\n - logs:FilterLogEvents\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import API Gateway Accounts using the word `api-gateway-account`. For example:\n\n```sh\n$ pulumi import aws:apigateway/account:Account demo api-gateway-account\n```\n", + "description": "Provides a settings of an API Gateway Account. Settings is applied region-wide per `provider` block.\n\n\u003e **Note:** As there is no API method for deleting account settings or resetting it to defaults, destroying this resource will keep your account settings intact\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"apigateway.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst cloudwatchRole = new aws.iam.Role(\"cloudwatch\", {\n name: \"api_gateway_cloudwatch_global\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst demo = new aws.apigateway.Account(\"demo\", {cloudwatchRoleArn: cloudwatchRole.arn});\nconst cloudwatch = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\",\n ],\n resources: [\"*\"],\n }],\n});\nconst cloudwatchRolePolicy = new aws.iam.RolePolicy(\"cloudwatch\", {\n name: \"default\",\n role: cloudwatchRole.id,\n policy: cloudwatch.then(cloudwatch =\u003e cloudwatch.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"apigateway.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ncloudwatch_role = aws.iam.Role(\"cloudwatch\",\n name=\"api_gateway_cloudwatch_global\",\n assume_role_policy=assume_role.json)\ndemo = aws.apigateway.Account(\"demo\", cloudwatch_role_arn=cloudwatch_role.arn)\ncloudwatch = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\",\n ],\n resources=[\"*\"],\n)])\ncloudwatch_role_policy = aws.iam.RolePolicy(\"cloudwatch\",\n name=\"default\",\n role=cloudwatch_role.id,\n policy=cloudwatch.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"apigateway.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var cloudwatchRole = new Aws.Iam.Role(\"cloudwatch\", new()\n {\n Name = \"api_gateway_cloudwatch_global\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var demo = new Aws.ApiGateway.Account(\"demo\", new()\n {\n CloudwatchRoleArn = cloudwatchRole.Arn,\n });\n\n var cloudwatch = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var cloudwatchRolePolicy = new Aws.Iam.RolePolicy(\"cloudwatch\", new()\n {\n Name = \"default\",\n Role = cloudwatchRole.Id,\n Policy = cloudwatch.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"apigateway.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudwatchRole, err := iam.NewRole(ctx, \"cloudwatch\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"api_gateway_cloudwatch_global\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAccount(ctx, \"demo\", \u0026apigateway.AccountArgs{\n\t\t\tCloudwatchRoleArn: cloudwatchRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloudwatch, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:DescribeLogGroups\",\n\t\t\t\t\t\t\"logs:DescribeLogStreams\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:GetLogEvents\",\n\t\t\t\t\t\t\"logs:FilterLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"cloudwatch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: cloudwatchRole.ID(),\n\t\t\tPolicy: pulumi.String(cloudwatch.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.apigateway.Account;\nimport com.pulumi.aws.apigateway.AccountArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"apigateway.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var cloudwatchRole = new Role(\"cloudwatchRole\", RoleArgs.builder() \n .name(\"api_gateway_cloudwatch_global\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var demo = new Account(\"demo\", AccountArgs.builder() \n .cloudwatchRoleArn(cloudwatchRole.arn())\n .build());\n\n final var cloudwatch = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\")\n .resources(\"*\")\n .build())\n .build());\n\n var cloudwatchRolePolicy = new RolePolicy(\"cloudwatchRolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(cloudwatchRole.id())\n .policy(cloudwatch.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n demo:\n type: aws:apigateway:Account\n properties:\n cloudwatchRoleArn: ${cloudwatchRole.arn}\n cloudwatchRole:\n type: aws:iam:Role\n name: cloudwatch\n properties:\n name: api_gateway_cloudwatch_global\n assumeRolePolicy: ${assumeRole.json}\n cloudwatchRolePolicy:\n type: aws:iam:RolePolicy\n name: cloudwatch\n properties:\n name: default\n role: ${cloudwatchRole.id}\n policy: ${cloudwatch.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - apigateway.amazonaws.com\n actions:\n - sts:AssumeRole\n cloudwatch:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:DescribeLogGroups\n - logs:DescribeLogStreams\n - logs:PutLogEvents\n - logs:GetLogEvents\n - logs:FilterLogEvents\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import API Gateway Accounts using the word `api-gateway-account`. For example:\n\n```sh\n$ pulumi import aws:apigateway/account:Account demo api-gateway-account\n```\n", "properties": { "apiKeyVersion": { "type": "string", @@ -157323,7 +157323,7 @@ } }, "aws:apigateway/authorizer:Authorizer": { - "description": "Provides an API Gateway Authorizer.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst demoRestApi = new aws.apigateway.RestApi(\"demo\", {name: \"auth-demo\"});\nconst invocationAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"apigateway.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst invocationRole = new aws.iam.Role(\"invocation_role\", {\n name: \"api_gateway_auth_invocation\",\n path: \"/\",\n assumeRolePolicy: invocationAssumeRole.then(invocationAssumeRole =\u003e invocationAssumeRole.json),\n});\nconst lambdaAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n }],\n});\nconst lambda = new aws.iam.Role(\"lambda\", {\n name: \"demo-lambda\",\n assumeRolePolicy: lambdaAssumeRole.then(lambdaAssumeRole =\u003e lambdaAssumeRole.json),\n});\nconst authorizer = new aws.lambda.Function(\"authorizer\", {\n code: new pulumi.asset.FileArchive(\"lambda-function.zip\"),\n name: \"api_gateway_authorizer\",\n role: lambda.arn,\n handler: \"exports.example\",\n sourceCodeHash: std.filebase64sha256({\n input: \"lambda-function.zip\",\n }).then(invoke =\u003e invoke.result),\n});\nconst demo = new aws.apigateway.Authorizer(\"demo\", {\n name: \"demo\",\n restApi: demoRestApi.id,\n authorizerUri: authorizer.invokeArn,\n authorizerCredentials: invocationRole.arn,\n});\nconst invocationPolicy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"lambda:InvokeFunction\"],\n resources: [authorizer.arn],\n }],\n});\nconst invocationPolicyRolePolicy = new aws.iam.RolePolicy(\"invocation_policy\", {\n name: \"default\",\n role: invocationRole.id,\n policy: invocationPolicy.apply(invocationPolicy =\u003e invocationPolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\ndemo_rest_api = aws.apigateway.RestApi(\"demo\", name=\"auth-demo\")\ninvocation_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"apigateway.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ninvocation_role = aws.iam.Role(\"invocation_role\",\n name=\"api_gateway_auth_invocation\",\n path=\"/\",\n assume_role_policy=invocation_assume_role.json)\nlambda_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n)])\nlambda_ = aws.iam.Role(\"lambda\",\n name=\"demo-lambda\",\n assume_role_policy=lambda_assume_role.json)\nauthorizer = aws.lambda_.Function(\"authorizer\",\n code=pulumi.FileArchive(\"lambda-function.zip\"),\n name=\"api_gateway_authorizer\",\n role=lambda_.arn,\n handler=\"exports.example\",\n source_code_hash=std.filebase64sha256(input=\"lambda-function.zip\").result)\ndemo = aws.apigateway.Authorizer(\"demo\",\n name=\"demo\",\n rest_api=demo_rest_api.id,\n authorizer_uri=authorizer.invoke_arn,\n authorizer_credentials=invocation_role.arn)\ninvocation_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"lambda:InvokeFunction\"],\n resources=[authorizer.arn],\n)])\ninvocation_policy_role_policy = aws.iam.RolePolicy(\"invocation_policy\",\n name=\"default\",\n role=invocation_role.id,\n policy=invocation_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var demoRestApi = new Aws.ApiGateway.RestApi(\"demo\", new()\n {\n Name = \"auth-demo\",\n });\n\n var invocationAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"apigateway.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var invocationRole = new Aws.Iam.Role(\"invocation_role\", new()\n {\n Name = \"api_gateway_auth_invocation\",\n Path = \"/\",\n AssumeRolePolicy = invocationAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var lambda = new Aws.Iam.Role(\"lambda\", new()\n {\n Name = \"demo-lambda\",\n AssumeRolePolicy = lambdaAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var authorizer = new Aws.Lambda.Function(\"authorizer\", new()\n {\n Code = new FileArchive(\"lambda-function.zip\"),\n Name = \"api_gateway_authorizer\",\n Role = lambda.Arn,\n Handler = \"exports.example\",\n SourceCodeHash = Std.Filebase64sha256.Invoke(new()\n {\n Input = \"lambda-function.zip\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var demo = new Aws.ApiGateway.Authorizer(\"demo\", new()\n {\n Name = \"demo\",\n RestApi = demoRestApi.Id,\n AuthorizerUri = authorizer.InvokeArn,\n AuthorizerCredentials = invocationRole.Arn,\n });\n\n var invocationPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"lambda:InvokeFunction\",\n },\n Resources = new[]\n {\n authorizer.Arn,\n },\n },\n },\n });\n\n var invocationPolicyRolePolicy = new Aws.Iam.RolePolicy(\"invocation_policy\", new()\n {\n Name = \"default\",\n Role = invocationRole.Id,\n Policy = invocationPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdemoRestApi, err := apigateway.NewRestApi(ctx, \"demo\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"auth-demo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvocationAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"apigateway.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvocationRole, err := iam.NewRole(ctx, \"invocation_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"api_gateway_auth_invocation\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(invocationAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := iam.NewRole(ctx, \"lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"demo-lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(lambdaAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64sha256, err := std.Filebase64sha256(ctx, \u0026std.Filebase64sha256Args{\n\t\t\tInput: \"lambda-function.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauthorizer, err := lambda.NewFunction(ctx, \"authorizer\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda-function.zip\"),\n\t\t\tName: pulumi.String(\"api_gateway_authorizer\"),\n\t\t\tRole: lambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t\tSourceCodeHash: invokeFilebase64sha256.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAuthorizer(ctx, \"demo\", \u0026apigateway.AuthorizerArgs{\n\t\t\tName: pulumi.String(\"demo\"),\n\t\t\tRestApi: demoRestApi.ID(),\n\t\t\tAuthorizerUri: authorizer.InvokeArn,\n\t\t\tAuthorizerCredentials: invocationRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvocationPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"lambda:InvokeFunction\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tauthorizer.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"invocation_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: invocationRole.ID(),\n\t\t\tPolicy: invocationPolicy.ApplyT(func(invocationPolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026invocationPolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Authorizer;\nimport com.pulumi.aws.apigateway.AuthorizerArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var demoRestApi = new RestApi(\"demoRestApi\", RestApiArgs.builder() \n .name(\"auth-demo\")\n .build());\n\n final var invocationAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"apigateway.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var invocationRole = new Role(\"invocationRole\", RoleArgs.builder() \n .name(\"api_gateway_auth_invocation\")\n .path(\"/\")\n .assumeRolePolicy(invocationAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambdaAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var lambda = new Role(\"lambda\", RoleArgs.builder() \n .name(\"demo-lambda\")\n .assumeRolePolicy(lambdaAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var authorizer = new Function(\"authorizer\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda-function.zip\"))\n .name(\"api_gateway_authorizer\")\n .role(lambda.arn())\n .handler(\"exports.example\")\n .sourceCodeHash(StdFunctions.filebase64sha256(Filebase64sha256Args.builder()\n .input(\"lambda-function.zip\")\n .build()).result())\n .build());\n\n var demo = new Authorizer(\"demo\", AuthorizerArgs.builder() \n .name(\"demo\")\n .restApi(demoRestApi.id())\n .authorizerUri(authorizer.invokeArn())\n .authorizerCredentials(invocationRole.arn())\n .build());\n\n final var invocationPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"lambda:InvokeFunction\")\n .resources(authorizer.arn())\n .build())\n .build());\n\n var invocationPolicyRolePolicy = new RolePolicy(\"invocationPolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(invocationRole.id())\n .policy(invocationPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(invocationPolicy -\u003e invocationPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n demo:\n type: aws:apigateway:Authorizer\n properties:\n name: demo\n restApi: ${demoRestApi.id}\n authorizerUri: ${authorizer.invokeArn}\n authorizerCredentials: ${invocationRole.arn}\n demoRestApi:\n type: aws:apigateway:RestApi\n name: demo\n properties:\n name: auth-demo\n invocationRole:\n type: aws:iam:Role\n name: invocation_role\n properties:\n name: api_gateway_auth_invocation\n path: /\n assumeRolePolicy: ${invocationAssumeRole.json}\n invocationPolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: invocation_policy\n properties:\n name: default\n role: ${invocationRole.id}\n policy: ${invocationPolicy.json}\n lambda:\n type: aws:iam:Role\n properties:\n name: demo-lambda\n assumeRolePolicy: ${lambdaAssumeRole.json}\n authorizer:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda-function.zip\n name: api_gateway_authorizer\n role: ${lambda.arn}\n handler: exports.example\n sourceCodeHash:\n fn::invoke:\n Function: std:filebase64sha256\n Arguments:\n input: lambda-function.zip\n Return: result\nvariables:\n invocationAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - apigateway.amazonaws.com\n actions:\n - sts:AssumeRole\n invocationPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - lambda:InvokeFunction\n resources:\n - ${authorizer.arn}\n lambdaAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS API Gateway Authorizer using the `REST-API-ID/AUTHORIZER-ID`. For example:\n\n```sh\n$ pulumi import aws:apigateway/authorizer:Authorizer authorizer 12345abcde/example\n```\n", + "description": "Provides an API Gateway Authorizer.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst demoRestApi = new aws.apigateway.RestApi(\"demo\", {name: \"auth-demo\"});\nconst invocationAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"apigateway.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst invocationRole = new aws.iam.Role(\"invocation_role\", {\n name: \"api_gateway_auth_invocation\",\n path: \"/\",\n assumeRolePolicy: invocationAssumeRole.then(invocationAssumeRole =\u003e invocationAssumeRole.json),\n});\nconst lambdaAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n }],\n});\nconst lambda = new aws.iam.Role(\"lambda\", {\n name: \"demo-lambda\",\n assumeRolePolicy: lambdaAssumeRole.then(lambdaAssumeRole =\u003e lambdaAssumeRole.json),\n});\nconst authorizer = new aws.lambda.Function(\"authorizer\", {\n code: new pulumi.asset.FileArchive(\"lambda-function.zip\"),\n name: \"api_gateway_authorizer\",\n role: lambda.arn,\n handler: \"exports.example\",\n sourceCodeHash: std.filebase64sha256({\n input: \"lambda-function.zip\",\n }).then(invoke =\u003e invoke.result),\n});\nconst demo = new aws.apigateway.Authorizer(\"demo\", {\n name: \"demo\",\n restApi: demoRestApi.id,\n authorizerUri: authorizer.invokeArn,\n authorizerCredentials: invocationRole.arn,\n});\nconst invocationPolicy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"lambda:InvokeFunction\"],\n resources: [authorizer.arn],\n }],\n});\nconst invocationPolicyRolePolicy = new aws.iam.RolePolicy(\"invocation_policy\", {\n name: \"default\",\n role: invocationRole.id,\n policy: invocationPolicy.apply(invocationPolicy =\u003e invocationPolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\ndemo_rest_api = aws.apigateway.RestApi(\"demo\", name=\"auth-demo\")\ninvocation_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"apigateway.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ninvocation_role = aws.iam.Role(\"invocation_role\",\n name=\"api_gateway_auth_invocation\",\n path=\"/\",\n assume_role_policy=invocation_assume_role.json)\nlambda_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n)])\nlambda_ = aws.iam.Role(\"lambda\",\n name=\"demo-lambda\",\n assume_role_policy=lambda_assume_role.json)\nauthorizer = aws.lambda_.Function(\"authorizer\",\n code=pulumi.FileArchive(\"lambda-function.zip\"),\n name=\"api_gateway_authorizer\",\n role=lambda_.arn,\n handler=\"exports.example\",\n source_code_hash=std.filebase64sha256(input=\"lambda-function.zip\").result)\ndemo = aws.apigateway.Authorizer(\"demo\",\n name=\"demo\",\n rest_api=demo_rest_api.id,\n authorizer_uri=authorizer.invoke_arn,\n authorizer_credentials=invocation_role.arn)\ninvocation_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"lambda:InvokeFunction\"],\n resources=[authorizer.arn],\n)])\ninvocation_policy_role_policy = aws.iam.RolePolicy(\"invocation_policy\",\n name=\"default\",\n role=invocation_role.id,\n policy=invocation_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var demoRestApi = new Aws.ApiGateway.RestApi(\"demo\", new()\n {\n Name = \"auth-demo\",\n });\n\n var invocationAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"apigateway.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var invocationRole = new Aws.Iam.Role(\"invocation_role\", new()\n {\n Name = \"api_gateway_auth_invocation\",\n Path = \"/\",\n AssumeRolePolicy = invocationAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var lambda = new Aws.Iam.Role(\"lambda\", new()\n {\n Name = \"demo-lambda\",\n AssumeRolePolicy = lambdaAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var authorizer = new Aws.Lambda.Function(\"authorizer\", new()\n {\n Code = new FileArchive(\"lambda-function.zip\"),\n Name = \"api_gateway_authorizer\",\n Role = lambda.Arn,\n Handler = \"exports.example\",\n SourceCodeHash = Std.Filebase64sha256.Invoke(new()\n {\n Input = \"lambda-function.zip\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var demo = new Aws.ApiGateway.Authorizer(\"demo\", new()\n {\n Name = \"demo\",\n RestApi = demoRestApi.Id,\n AuthorizerUri = authorizer.InvokeArn,\n AuthorizerCredentials = invocationRole.Arn,\n });\n\n var invocationPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"lambda:InvokeFunction\",\n },\n Resources = new[]\n {\n authorizer.Arn,\n },\n },\n },\n });\n\n var invocationPolicyRolePolicy = new Aws.Iam.RolePolicy(\"invocation_policy\", new()\n {\n Name = \"default\",\n Role = invocationRole.Id,\n Policy = invocationPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdemoRestApi, err := apigateway.NewRestApi(ctx, \"demo\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"auth-demo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvocationAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"apigateway.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvocationRole, err := iam.NewRole(ctx, \"invocation_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"api_gateway_auth_invocation\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(invocationAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := iam.NewRole(ctx, \"lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"demo-lambda\"),\n\t\t\tAssumeRolePolicy: pulumi.String(lambdaAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64sha256, err := std.Filebase64sha256(ctx, \u0026std.Filebase64sha256Args{\n\t\t\tInput: \"lambda-function.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauthorizer, err := lambda.NewFunction(ctx, \"authorizer\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda-function.zip\"),\n\t\t\tName: pulumi.String(\"api_gateway_authorizer\"),\n\t\t\tRole: lambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t\tSourceCodeHash: invokeFilebase64sha256.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAuthorizer(ctx, \"demo\", \u0026apigateway.AuthorizerArgs{\n\t\t\tName: pulumi.String(\"demo\"),\n\t\t\tRestApi: demoRestApi.ID(),\n\t\t\tAuthorizerUri: authorizer.InvokeArn,\n\t\t\tAuthorizerCredentials: invocationRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvocationPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"lambda:InvokeFunction\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tauthorizer.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"invocation_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: invocationRole.ID(),\n\t\t\tPolicy: invocationPolicy.ApplyT(func(invocationPolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026invocationPolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Authorizer;\nimport com.pulumi.aws.apigateway.AuthorizerArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var demoRestApi = new RestApi(\"demoRestApi\", RestApiArgs.builder() \n .name(\"auth-demo\")\n .build());\n\n final var invocationAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"apigateway.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var invocationRole = new Role(\"invocationRole\", RoleArgs.builder() \n .name(\"api_gateway_auth_invocation\")\n .path(\"/\")\n .assumeRolePolicy(invocationAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambdaAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var lambda = new Role(\"lambda\", RoleArgs.builder() \n .name(\"demo-lambda\")\n .assumeRolePolicy(lambdaAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var authorizer = new Function(\"authorizer\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda-function.zip\"))\n .name(\"api_gateway_authorizer\")\n .role(lambda.arn())\n .handler(\"exports.example\")\n .sourceCodeHash(StdFunctions.filebase64sha256(Filebase64sha256Args.builder()\n .input(\"lambda-function.zip\")\n .build()).result())\n .build());\n\n var demo = new Authorizer(\"demo\", AuthorizerArgs.builder() \n .name(\"demo\")\n .restApi(demoRestApi.id())\n .authorizerUri(authorizer.invokeArn())\n .authorizerCredentials(invocationRole.arn())\n .build());\n\n final var invocationPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"lambda:InvokeFunction\")\n .resources(authorizer.arn())\n .build())\n .build());\n\n var invocationPolicyRolePolicy = new RolePolicy(\"invocationPolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(invocationRole.id())\n .policy(invocationPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(invocationPolicy -\u003e invocationPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n demo:\n type: aws:apigateway:Authorizer\n properties:\n name: demo\n restApi: ${demoRestApi.id}\n authorizerUri: ${authorizer.invokeArn}\n authorizerCredentials: ${invocationRole.arn}\n demoRestApi:\n type: aws:apigateway:RestApi\n name: demo\n properties:\n name: auth-demo\n invocationRole:\n type: aws:iam:Role\n name: invocation_role\n properties:\n name: api_gateway_auth_invocation\n path: /\n assumeRolePolicy: ${invocationAssumeRole.json}\n invocationPolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: invocation_policy\n properties:\n name: default\n role: ${invocationRole.id}\n policy: ${invocationPolicy.json}\n lambda:\n type: aws:iam:Role\n properties:\n name: demo-lambda\n assumeRolePolicy: ${lambdaAssumeRole.json}\n authorizer:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda-function.zip\n name: api_gateway_authorizer\n role: ${lambda.arn}\n handler: exports.example\n sourceCodeHash:\n fn::invoke:\n Function: std:filebase64sha256\n Arguments:\n input: lambda-function.zip\n Return: result\nvariables:\n invocationAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - apigateway.amazonaws.com\n actions:\n - sts:AssumeRole\n invocationPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - lambda:InvokeFunction\n resources:\n - ${authorizer.arn}\n lambdaAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS API Gateway Authorizer using the `REST-API-ID/AUTHORIZER-ID`. For example:\n\n```sh\n$ pulumi import aws:apigateway/authorizer:Authorizer authorizer 12345abcde/example\n```\n", "properties": { "arn": { "type": "string", @@ -157967,7 +157967,7 @@ } }, "aws:apigateway/domainName:DomainName": { - "description": "Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality\ncan be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\nThis resource just establishes ownership of and the TLS settings for\na particular domain name. An API can be attached to a particular path\nunder the registered domain name using\nthe `aws.apigateway.BasePathMapping` resource.\n\nAPI Gateway domains can be defined as either 'edge-optimized' or 'regional'. In an edge-optimized configuration,\nAPI Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In\naddition to this resource it's necessary to create a DNS record corresponding to the given domain name which is an alias\n(either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the `cloudfront_domain_name`\nattribute.\n\nIn a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though\na distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the\ngiven domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in\nthe `regional_domain_name` attribute.\n\n\u003e **Note:** API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the [Regions and Endpoints Documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#acm_region). To import an existing private key and certificate into ACM or request an ACM certificate, see the `aws.acm.Certificate` resource.\n\n\u003e **Note:** The `aws.apigateway.DomainName` resource expects dependency on the `aws.acm.CertificateValidation` as\nonly verified certificates can be used. This can be made either explicitly by adding the\n`depends_on = [aws_acm_certificate_validation.cert]` attribute. Or implicitly by referring certificate ARN\nfrom the validation resource where it will be available after the resource creation:\n`regional_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn`.\n\n## Example Usage\n\n### Edge Optimized (ACM Certificate)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigateway.DomainName(\"example\", {\n certificateArn: exampleAwsAcmCertificateValidation.certificateArn,\n domainName: \"api.example.com\",\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"example\", {\n name: example.domainName,\n type: \"A\",\n zoneId: exampleAwsRoute53Zone.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: example.cloudfrontDomainName,\n zoneId: example.cloudfrontZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigateway.DomainName(\"example\",\n certificate_arn=example_aws_acm_certificate_validation[\"certificateArn\"],\n domain_name=\"api.example.com\")\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"example\",\n name=example.domain_name,\n type=\"A\",\n zone_id=example_aws_route53_zone[\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example.cloudfront_domain_name,\n zone_id=example.cloudfront_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.DomainName(\"example\", new()\n {\n CertificateArn = exampleAwsAcmCertificateValidation.CertificateArn,\n Domain = \"api.example.com\",\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n Name = example.Domain,\n Type = \"A\",\n ZoneId = exampleAwsRoute53Zone.Id,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = example.CloudfrontDomainName,\n ZoneId = example.CloudfrontZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigateway.NewDomainName(ctx, \"example\", \u0026apigateway.DomainNameArgs{\n\t\t\tCertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example DNS record using Route53.\n\t\t// Route53 is not specifically required; any DNS host can be used.\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tName: example.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: example.CloudfrontDomainName,\n\t\t\t\t\tZoneId: example.CloudfrontZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .certificateArn(exampleAwsAcmCertificateValidation.certificateArn())\n .domainName(\"api.example.com\")\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(example.domainName())\n .type(\"A\")\n .zoneId(exampleAwsRoute53Zone.id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(example.cloudfrontDomainName())\n .zoneId(example.cloudfrontZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:DomainName\n properties:\n certificateArn: ${exampleAwsAcmCertificateValidation.certificateArn}\n domainName: api.example.com\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n name: ${example.domainName}\n type: A\n zoneId: ${exampleAwsRoute53Zone.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${example.cloudfrontDomainName}\n zoneId: ${example.cloudfrontZoneId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Regional (ACM Certificate)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigateway.DomainName(\"example\", {\n domainName: \"api.example.com\",\n regionalCertificateArn: exampleAwsAcmCertificateValidation.certificateArn,\n endpointConfiguration: {\n types: \"REGIONAL\",\n },\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"example\", {\n name: example.domainName,\n type: \"A\",\n zoneId: exampleAwsRoute53Zone.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: example.regionalDomainName,\n zoneId: example.regionalZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigateway.DomainName(\"example\",\n domain_name=\"api.example.com\",\n regional_certificate_arn=example_aws_acm_certificate_validation[\"certificateArn\"],\n endpoint_configuration=aws.apigateway.DomainNameEndpointConfigurationArgs(\n types=\"REGIONAL\",\n ))\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"example\",\n name=example.domain_name,\n type=\"A\",\n zone_id=example_aws_route53_zone[\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example.regional_domain_name,\n zone_id=example.regional_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.DomainName(\"example\", new()\n {\n Domain = \"api.example.com\",\n RegionalCertificateArn = exampleAwsAcmCertificateValidation.CertificateArn,\n EndpointConfiguration = new Aws.ApiGateway.Inputs.DomainNameEndpointConfigurationArgs\n {\n Types = \"REGIONAL\",\n },\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n Name = example.Domain,\n Type = \"A\",\n ZoneId = exampleAwsRoute53Zone.Id,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = example.RegionalDomainName,\n ZoneId = example.RegionalZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigateway.NewDomainName(ctx, \"example\", \u0026apigateway.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t\tRegionalCertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),\n\t\t\tEndpointConfiguration: \u0026apigateway.DomainNameEndpointConfigurationArgs{\n\t\t\t\tTypes: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example DNS record using Route53.\n\t\t// Route53 is not specifically required; any DNS host can be used.\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tName: example.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: example.RegionalDomainName,\n\t\t\t\t\tZoneId: example.RegionalZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .domainName(\"api.example.com\")\n .regionalCertificateArn(exampleAwsAcmCertificateValidation.certificateArn())\n .endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(example.domainName())\n .type(\"A\")\n .zoneId(exampleAwsRoute53Zone.id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(example.regionalDomainName())\n .zoneId(example.regionalZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:DomainName\n properties:\n domainName: api.example.com\n regionalCertificateArn: ${exampleAwsAcmCertificateValidation.certificateArn}\n endpointConfiguration:\n types: REGIONAL\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n name: ${example.domainName}\n type: A\n zoneId: ${exampleAwsRoute53Zone.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${example.regionalDomainName}\n zoneId: ${example.regionalZoneId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import API Gateway domain names using their `name`. For example:\n\n```sh\n$ pulumi import aws:apigateway/domainName:DomainName example dev.example.com\n```\n", + "description": "Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality\ncan be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\nThis resource just establishes ownership of and the TLS settings for\na particular domain name. An API can be attached to a particular path\nunder the registered domain name using\nthe `aws.apigateway.BasePathMapping` resource.\n\nAPI Gateway domains can be defined as either 'edge-optimized' or 'regional'. In an edge-optimized configuration,\nAPI Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In\naddition to this resource it's necessary to create a DNS record corresponding to the given domain name which is an alias\n(either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the `cloudfront_domain_name`\nattribute.\n\nIn a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though\na distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the\ngiven domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in\nthe `regional_domain_name` attribute.\n\n\u003e **Note:** API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the [Regions and Endpoints Documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#acm_region). To import an existing private key and certificate into ACM or request an ACM certificate, see the `aws.acm.Certificate` resource.\n\n\u003e **Note:** The `aws.apigateway.DomainName` resource expects dependency on the `aws.acm.CertificateValidation` as\nonly verified certificates can be used. This can be made either explicitly by adding the\n`depends_on = [aws_acm_certificate_validation.cert]` attribute. Or implicitly by referring certificate ARN\nfrom the validation resource where it will be available after the resource creation:\n`regional_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn`.\n\n## Example Usage\n\n### Edge Optimized (ACM Certificate)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigateway.DomainName(\"example\", {\n certificateArn: exampleAwsAcmCertificateValidation.certificateArn,\n domainName: \"api.example.com\",\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"example\", {\n name: example.domainName,\n type: aws.route53.RecordType.A,\n zoneId: exampleAwsRoute53Zone.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: example.cloudfrontDomainName,\n zoneId: example.cloudfrontZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigateway.DomainName(\"example\",\n certificate_arn=example_aws_acm_certificate_validation[\"certificateArn\"],\n domain_name=\"api.example.com\")\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"example\",\n name=example.domain_name,\n type=aws.route53.RecordType.A,\n zone_id=example_aws_route53_zone[\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example.cloudfront_domain_name,\n zone_id=example.cloudfront_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.DomainName(\"example\", new()\n {\n CertificateArn = exampleAwsAcmCertificateValidation.CertificateArn,\n Domain = \"api.example.com\",\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n Name = example.Domain,\n Type = Aws.Route53.RecordType.A,\n ZoneId = exampleAwsRoute53Zone.Id,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = example.CloudfrontDomainName,\n ZoneId = example.CloudfrontZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigateway.NewDomainName(ctx, \"example\", \u0026apigateway.DomainNameArgs{\n\t\t\tCertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example DNS record using Route53.\n\t\t// Route53 is not specifically required; any DNS host can be used.\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tName: example.DomainName,\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: example.CloudfrontDomainName,\n\t\t\t\t\tZoneId: example.CloudfrontZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .certificateArn(exampleAwsAcmCertificateValidation.certificateArn())\n .domainName(\"api.example.com\")\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(example.domainName())\n .type(\"A\")\n .zoneId(exampleAwsRoute53Zone.id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(example.cloudfrontDomainName())\n .zoneId(example.cloudfrontZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:DomainName\n properties:\n certificateArn: ${exampleAwsAcmCertificateValidation.certificateArn}\n domainName: api.example.com\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n name: ${example.domainName}\n type: A\n zoneId: ${exampleAwsRoute53Zone.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${example.cloudfrontDomainName}\n zoneId: ${example.cloudfrontZoneId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Regional (ACM Certificate)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigateway.DomainName(\"example\", {\n domainName: \"api.example.com\",\n regionalCertificateArn: exampleAwsAcmCertificateValidation.certificateArn,\n endpointConfiguration: {\n types: \"REGIONAL\",\n },\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"example\", {\n name: example.domainName,\n type: aws.route53.RecordType.A,\n zoneId: exampleAwsRoute53Zone.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: example.regionalDomainName,\n zoneId: example.regionalZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigateway.DomainName(\"example\",\n domain_name=\"api.example.com\",\n regional_certificate_arn=example_aws_acm_certificate_validation[\"certificateArn\"],\n endpoint_configuration=aws.apigateway.DomainNameEndpointConfigurationArgs(\n types=\"REGIONAL\",\n ))\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"example\",\n name=example.domain_name,\n type=aws.route53.RecordType.A,\n zone_id=example_aws_route53_zone[\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example.regional_domain_name,\n zone_id=example.regional_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.DomainName(\"example\", new()\n {\n Domain = \"api.example.com\",\n RegionalCertificateArn = exampleAwsAcmCertificateValidation.CertificateArn,\n EndpointConfiguration = new Aws.ApiGateway.Inputs.DomainNameEndpointConfigurationArgs\n {\n Types = \"REGIONAL\",\n },\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n Name = example.Domain,\n Type = Aws.Route53.RecordType.A,\n ZoneId = exampleAwsRoute53Zone.Id,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = example.RegionalDomainName,\n ZoneId = example.RegionalZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigateway.NewDomainName(ctx, \"example\", \u0026apigateway.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t\tRegionalCertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),\n\t\t\tEndpointConfiguration: \u0026apigateway.DomainNameEndpointConfigurationArgs{\n\t\t\t\tTypes: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example DNS record using Route53.\n\t\t// Route53 is not specifically required; any DNS host can be used.\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tName: example.DomainName,\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: example.RegionalDomainName,\n\t\t\t\t\tZoneId: example.RegionalZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .domainName(\"api.example.com\")\n .regionalCertificateArn(exampleAwsAcmCertificateValidation.certificateArn())\n .endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(example.domainName())\n .type(\"A\")\n .zoneId(exampleAwsRoute53Zone.id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(example.regionalDomainName())\n .zoneId(example.regionalZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:DomainName\n properties:\n domainName: api.example.com\n regionalCertificateArn: ${exampleAwsAcmCertificateValidation.certificateArn}\n endpointConfiguration:\n types: REGIONAL\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n name: ${example.domainName}\n type: A\n zoneId: ${exampleAwsRoute53Zone.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${example.regionalDomainName}\n zoneId: ${example.regionalZoneId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import API Gateway domain names using their `name`. For example:\n\n```sh\n$ pulumi import aws:apigateway/domainName:DomainName example dev.example.com\n```\n", "properties": { "arn": { "type": "string", @@ -158251,7 +158251,7 @@ } }, "aws:apigateway/integration:Integration": { - "description": "Provides an HTTP Method Integration for an API Gateway Integration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst myDemoResource = new aws.apigateway.Resource(\"MyDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"MyDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"MyDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n cacheKeyParameters: [\"method.request.path.param\"],\n cacheNamespace: \"foobar\",\n timeoutMilliseconds: 29000,\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n requestTemplates: {\n \"application/xml\": `{\n \"body\" : $input.json('$')\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"MyDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"MyDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"MyDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\",\n cache_key_parameters=[\"method.request.path.param\"],\n cache_namespace=\"foobar\",\n timeout_milliseconds=29000,\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n request_templates={\n \"application/xml\": \"\"\"{\n \"body\" : $input.json('$')\n}\n\"\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"MyDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"MyDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"MyDemoIntegration\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n CacheKeyParameters = new[]\n {\n \"method.request.path.param\",\n },\n CacheNamespace = \"foobar\",\n TimeoutMilliseconds = 29000,\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n },\n RequestTemplates = \n {\n { \"application/xml\", @\"{\n \"\"body\"\" : $input.json('$')\n}\n\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"MyDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"MyDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"MyDemoIntegration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t\tCacheKeyParameters: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"method.request.path.param\"),\n\t\t\t},\n\t\t\tCacheNamespace: pulumi.String(\"foobar\"),\n\t\t\tTimeoutMilliseconds: pulumi.Int(29000),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t},\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(\"{\\n \\\"body\\\" : $input.json('$')\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder() \n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder() \n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n var myDemoIntegration = new Integration(\"myDemoIntegration\", IntegrationArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(myDemoMethod.httpMethod())\n .type(\"MOCK\")\n .cacheKeyParameters(\"method.request.path.param\")\n .cacheNamespace(\"foobar\")\n .timeoutMilliseconds(29000)\n .requestParameters(Map.of(\"integration.request.header.X-Authorization\", \"'static'\"))\n .requestTemplates(Map.of(\"application/xml\", \"\"\"\n{\n \"body\" : $input.json('$')\n}\n \"\"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n name: MyDemoResource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n name: MyDemoMethod\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n myDemoIntegration:\n type: aws:apigateway:Integration\n name: MyDemoIntegration\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: ${myDemoMethod.httpMethod}\n type: MOCK\n cacheKeyParameters:\n - method.request.path.param\n cacheNamespace: foobar\n timeoutMilliseconds: 29000\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n requestTemplates:\n application/xml: |\n {\n \"body\" : $input.json('$')\n }\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Lambda integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst config = new pulumi.Config();\nconst myregion = config.requireObject(\"myregion\");\nconst accountId = config.requireObject(\"accountId\");\n// API Gateway\nconst api = new aws.apigateway.RestApi(\"api\", {name: \"myapi\"});\nconst resource = new aws.apigateway.Resource(\"resource\", {\n pathPart: \"resource\",\n parentId: api.rootResourceId,\n restApi: api.id,\n});\nconst method = new aws.apigateway.Method(\"method\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\n// IAM\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"myrole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = new aws.lambda.Function(\"lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"mylambda\",\n role: role.arn,\n handler: \"lambda.lambda_handler\",\n runtime: \"python3.7\",\n sourceCodeHash: std.filebase64sha256({\n input: \"lambda.zip\",\n }).then(invoke =\u003e invoke.result),\n});\nconst integration = new aws.apigateway.Integration(\"integration\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: method.httpMethod,\n integrationHttpMethod: \"POST\",\n type: \"AWS_PROXY\",\n uri: lambda.invokeArn,\n});\n// Lambda\nconst apigwLambda = new aws.lambda.Permission(\"apigw_lambda\", {\n statementId: \"AllowExecutionFromAPIGateway\",\n action: \"lambda:InvokeFunction\",\n \"function\": lambda.name,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nconfig = pulumi.Config()\nmyregion = config.require_object(\"myregion\")\naccount_id = config.require_object(\"accountId\")\n# API Gateway\napi = aws.apigateway.RestApi(\"api\", name=\"myapi\")\nresource = aws.apigateway.Resource(\"resource\",\n path_part=\"resource\",\n parent_id=api.root_resource_id,\n rest_api=api.id)\nmethod = aws.apigateway.Method(\"method\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\n# IAM\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"myrole\",\n assume_role_policy=assume_role.json)\nlambda_ = aws.lambda_.Function(\"lambda\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"mylambda\",\n role=role.arn,\n handler=\"lambda.lambda_handler\",\n runtime=\"python3.7\",\n source_code_hash=std.filebase64sha256(input=\"lambda.zip\").result)\nintegration = aws.apigateway.Integration(\"integration\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=method.http_method,\n integration_http_method=\"POST\",\n type=\"AWS_PROXY\",\n uri=lambda_.invoke_arn)\n# Lambda\napigw_lambda = aws.lambda_.Permission(\"apigw_lambda\",\n statement_id=\"AllowExecutionFromAPIGateway\",\n action=\"lambda:InvokeFunction\",\n function=lambda_.name,\n principal=\"apigateway.amazonaws.com\",\n source_arn=pulumi.Output.all(api.id, method.http_method, resource.path).apply(lambda id, http_method, path: f\"arn:aws:execute-api:{myregion}:{account_id}:{id}/*/{http_method}{path}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var myregion = config.RequireObject\u003cdynamic\u003e(\"myregion\");\n var accountId = config.RequireObject\u003cdynamic\u003e(\"accountId\");\n // API Gateway\n var api = new Aws.ApiGateway.RestApi(\"api\", new()\n {\n Name = \"myapi\",\n });\n\n var resource = new Aws.ApiGateway.Resource(\"resource\", new()\n {\n PathPart = \"resource\",\n ParentId = api.RootResourceId,\n RestApi = api.Id,\n });\n\n var method = new Aws.ApiGateway.Method(\"method\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n // IAM\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"myrole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = new Aws.Lambda.Function(\"lambda\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"mylambda\",\n Role = role.Arn,\n Handler = \"lambda.lambda_handler\",\n Runtime = \"python3.7\",\n SourceCodeHash = Std.Filebase64sha256.Invoke(new()\n {\n Input = \"lambda.zip\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var integration = new Aws.ApiGateway.Integration(\"integration\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = method.HttpMethod,\n IntegrationHttpMethod = \"POST\",\n Type = \"AWS_PROXY\",\n Uri = lambda.InvokeArn,\n });\n\n // Lambda\n var apigwLambda = new Aws.Lambda.Permission(\"apigw_lambda\", new()\n {\n StatementId = \"AllowExecutionFromAPIGateway\",\n Action = \"lambda:InvokeFunction\",\n Function = lambda.Name,\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = Output.Tuple(api.Id, method.HttpMethod, resource.Path).Apply(values =\u003e\n {\n var id = values.Item1;\n var httpMethod = values.Item2;\n var path = values.Item3;\n return $\"arn:aws:execute-api:{myregion}:{accountId}:{id}/*/{httpMethod}{path}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tmyregion := cfg.RequireObject(\"myregion\")\n\t\taccountId := cfg.RequireObject(\"accountId\")\n\t\t// API Gateway\n\t\tapi, err := apigateway.NewRestApi(ctx, \"api\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"myapi\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tresource, err := apigateway.NewResource(ctx, \"resource\", \u0026apigateway.ResourceArgs{\n\t\t\tPathPart: pulumi.String(\"resource\"),\n\t\t\tParentId: api.RootResourceId,\n\t\t\tRestApi: api.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmethod, err := apigateway.NewMethod(ctx, \"method\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// IAM\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"myrole\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64sha256, err := std.Filebase64sha256(ctx, \u0026std.Filebase64sha256Args{\n\t\t\tInput: \"lambda.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := lambda.NewFunction(ctx, \"lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"mylambda\"),\n\t\t\tRole: role.Arn,\n\t\t\tHandler: pulumi.String(\"lambda.lambda_handler\"),\n\t\t\tRuntime: pulumi.String(\"python3.7\"),\n\t\t\tSourceCodeHash: invokeFilebase64sha256.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"integration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: method.HttpMethod,\n\t\t\tIntegrationHttpMethod: pulumi.String(\"POST\"),\n\t\t\tType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tUri: lambda.InvokeArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lambda\n\t\t_, err = lambda.NewPermission(ctx, \"apigw_lambda\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromAPIGateway\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: lambda.Name,\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.All(api.ID(), method.HttpMethod, resource.Path).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tid := _args[0].(string)\n\t\t\t\thttpMethod := _args[1].(string)\n\t\t\t\tpath := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"arn:aws:execute-api:%v:%v:%v/*/%v%v\", myregion, accountId, id, httpMethod, path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var myregion = config.get(\"myregion\");\n final var accountId = config.get(\"accountId\");\n var api = new RestApi(\"api\", RestApiArgs.builder() \n .name(\"myapi\")\n .build());\n\n var resource = new Resource(\"resource\", ResourceArgs.builder() \n .pathPart(\"resource\")\n .parentId(api.rootResourceId())\n .restApi(api.id())\n .build());\n\n var method = new Method(\"method\", MethodArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"myrole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambda = new Function(\"lambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda.zip\"))\n .name(\"mylambda\")\n .role(role.arn())\n .handler(\"lambda.lambda_handler\")\n .runtime(\"python3.7\")\n .sourceCodeHash(StdFunctions.filebase64sha256(Filebase64sha256Args.builder()\n .input(\"lambda.zip\")\n .build()).result())\n .build());\n\n var integration = new Integration(\"integration\", IntegrationArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(method.httpMethod())\n .integrationHttpMethod(\"POST\")\n .type(\"AWS_PROXY\")\n .uri(lambda.invokeArn())\n .build());\n\n var apigwLambda = new Permission(\"apigwLambda\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromAPIGateway\")\n .action(\"lambda:InvokeFunction\")\n .function(lambda.name())\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(Output.tuple(api.id(), method.httpMethod(), resource.path()).applyValue(values -\u003e {\n var id = values.t1;\n var httpMethod = values.t2;\n var path = values.t3;\n return String.format(\"arn:aws:execute-api:%s:%s:%s/*/%s%s\", myregion,accountId,id,httpMethod,path);\n }))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Variables\n myregion:\n type: dynamic\n accountId:\n type: dynamic\nresources:\n # API Gateway\n api:\n type: aws:apigateway:RestApi\n properties:\n name: myapi\n resource:\n type: aws:apigateway:Resource\n properties:\n pathPart: resource\n parentId: ${api.rootResourceId}\n restApi: ${api.id}\n method:\n type: aws:apigateway:Method\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: GET\n authorization: NONE\n integration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: ${method.httpMethod}\n integrationHttpMethod: POST\n type: AWS_PROXY\n uri: ${lambda.invokeArn}\n # Lambda\n apigwLambda:\n type: aws:lambda:Permission\n name: apigw_lambda\n properties:\n statementId: AllowExecutionFromAPIGateway\n action: lambda:InvokeFunction\n function: ${lambda.name}\n principal: apigateway.amazonaws.com\n sourceArn: arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}\n lambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: mylambda\n role: ${role.arn}\n handler: lambda.lambda_handler\n runtime: python3.7\n sourceCodeHash:\n fn::invoke:\n Function: std:filebase64sha256\n Arguments:\n input: lambda.zip\n Return: result\n role:\n type: aws:iam:Role\n properties:\n name: myrole\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n # IAM\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## VPC Link\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst name = config.requireObject(\"name\");\nconst subnetId = config.requireObject(\"subnetId\");\nconst test = new aws.lb.LoadBalancer(\"test\", {\n name: name,\n internal: true,\n loadBalancerType: \"network\",\n subnets: [subnetId],\n});\nconst testVpcLink = new aws.apigateway.VpcLink(\"test\", {\n name: name,\n targetArn: test.arn,\n});\nconst testRestApi = new aws.apigateway.RestApi(\"test\", {name: name});\nconst testResource = new aws.apigateway.Resource(\"test\", {\n restApi: testRestApi.id,\n parentId: testRestApi.rootResourceId,\n pathPart: \"test\",\n});\nconst testMethod = new aws.apigateway.Method(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n requestModels: {\n \"application/json\": \"Error\",\n },\n});\nconst testIntegration = new aws.apigateway.Integration(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: testMethod.httpMethod,\n requestTemplates: {\n \"application/json\": \"\",\n \"application/xml\": `#set($inputRoot = $input.path('$'))\n{ }`,\n },\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type: \"HTTP\",\n uri: \"https://www.google.de\",\n integrationHttpMethod: \"GET\",\n passthroughBehavior: \"WHEN_NO_MATCH\",\n contentHandling: \"CONVERT_TO_TEXT\",\n connectionType: \"VPC_LINK\",\n connectionId: testVpcLink.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nname = config.require_object(\"name\")\nsubnet_id = config.require_object(\"subnetId\")\ntest = aws.lb.LoadBalancer(\"test\",\n name=name,\n internal=True,\n load_balancer_type=\"network\",\n subnets=[subnet_id])\ntest_vpc_link = aws.apigateway.VpcLink(\"test\",\n name=name,\n target_arn=test.arn)\ntest_rest_api = aws.apigateway.RestApi(\"test\", name=name)\ntest_resource = aws.apigateway.Resource(\"test\",\n rest_api=test_rest_api.id,\n parent_id=test_rest_api.root_resource_id,\n path_part=\"test\")\ntest_method = aws.apigateway.Method(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\",\n request_models={\n \"application/json\": \"Error\",\n })\ntest_integration = aws.apigateway.Integration(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=test_method.http_method,\n request_templates={\n \"application/json\": \"\",\n \"application/xml\": \"\"\"#set($inputRoot = $input.path('$'))\n{ }\"\"\",\n },\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type=\"HTTP\",\n uri=\"https://www.google.de\",\n integration_http_method=\"GET\",\n passthrough_behavior=\"WHEN_NO_MATCH\",\n content_handling=\"CONVERT_TO_TEXT\",\n connection_type=\"VPC_LINK\",\n connection_id=test_vpc_link.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var name = config.RequireObject\u003cdynamic\u003e(\"name\");\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var test = new Aws.LB.LoadBalancer(\"test\", new()\n {\n Name = name,\n Internal = true,\n LoadBalancerType = \"network\",\n Subnets = new[]\n {\n subnetId,\n },\n });\n\n var testVpcLink = new Aws.ApiGateway.VpcLink(\"test\", new()\n {\n Name = name,\n TargetArn = test.Arn,\n });\n\n var testRestApi = new Aws.ApiGateway.RestApi(\"test\", new()\n {\n Name = name,\n });\n\n var testResource = new Aws.ApiGateway.Resource(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ParentId = testRestApi.RootResourceId,\n PathPart = \"test\",\n });\n\n var testMethod = new Aws.ApiGateway.Method(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n RequestModels = \n {\n { \"application/json\", \"Error\" },\n },\n });\n\n var testIntegration = new Aws.ApiGateway.Integration(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = testMethod.HttpMethod,\n RequestTemplates = \n {\n { \"application/json\", \"\" },\n { \"application/xml\", @\"#set($inputRoot = $input.path('$'))\n{ }\" },\n },\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n { \"integration.request.header.X-Foo\", \"'Bar'\" },\n },\n Type = \"HTTP\",\n Uri = \"https://www.google.de\",\n IntegrationHttpMethod = \"GET\",\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n ContentHandling = \"CONVERT_TO_TEXT\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = testVpcLink.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tname := cfg.RequireObject(\"name\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\ttest, err := lb.NewLoadBalancer(ctx, \"test\", \u0026lb.LoadBalancerArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tsubnetId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestVpcLink, err := apigateway.NewVpcLink(ctx, \"test\", \u0026apigateway.VpcLinkArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tTargetArn: test.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRestApi, err := apigateway.NewRestApi(ctx, \"test\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestResource, err := apigateway.NewResource(ctx, \"test\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tParentId: testRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestMethod, err := apigateway.NewMethod(ctx, \"test\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t\tRequestModels: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"Error\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"test\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: testMethod.HttpMethod,\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"\"),\n\t\t\t\t\"application/xml\": pulumi.String(\"#set($inputRoot = $input.path('$'))\\n{ }\"),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t\t\"integration.request.header.X-Foo\": pulumi.String(\"'Bar'\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tUri: pulumi.String(\"https://www.google.de\"),\n\t\t\tIntegrationHttpMethod: pulumi.String(\"GET\"),\n\t\t\tPassthroughBehavior: pulumi.String(\"WHEN_NO_MATCH\"),\n\t\t\tContentHandling: pulumi.String(\"CONVERT_TO_TEXT\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: testVpcLink.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LoadBalancer;\nimport com.pulumi.aws.lb.LoadBalancerArgs;\nimport com.pulumi.aws.apigateway.VpcLink;\nimport com.pulumi.aws.apigateway.VpcLinkArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var name = config.get(\"name\");\n final var subnetId = config.get(\"subnetId\");\n var test = new LoadBalancer(\"test\", LoadBalancerArgs.builder() \n .name(name)\n .internal(true)\n .loadBalancerType(\"network\")\n .subnets(subnetId)\n .build());\n\n var testVpcLink = new VpcLink(\"testVpcLink\", VpcLinkArgs.builder() \n .name(name)\n .targetArn(test.arn())\n .build());\n\n var testRestApi = new RestApi(\"testRestApi\", RestApiArgs.builder() \n .name(name)\n .build());\n\n var testResource = new Resource(\"testResource\", ResourceArgs.builder() \n .restApi(testRestApi.id())\n .parentId(testRestApi.rootResourceId())\n .pathPart(\"test\")\n .build());\n\n var testMethod = new Method(\"testMethod\", MethodArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .requestModels(Map.of(\"application/json\", \"Error\"))\n .build());\n\n var testIntegration = new Integration(\"testIntegration\", IntegrationArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(testMethod.httpMethod())\n .requestTemplates(Map.ofEntries(\n Map.entry(\"application/json\", \"\"),\n Map.entry(\"application/xml\", \"\"\"\n#set($inputRoot = $input.path('$'))\n{ } \"\"\")\n ))\n .requestParameters(Map.ofEntries(\n Map.entry(\"integration.request.header.X-Authorization\", \"'static'\"),\n Map.entry(\"integration.request.header.X-Foo\", \"'Bar'\")\n ))\n .type(\"HTTP\")\n .uri(\"https://www.google.de\")\n .integrationHttpMethod(\"GET\")\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .contentHandling(\"CONVERT_TO_TEXT\")\n .connectionType(\"VPC_LINK\")\n .connectionId(testVpcLink.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n name:\n type: dynamic\n subnetId:\n type: dynamic\nresources:\n test:\n type: aws:lb:LoadBalancer\n properties:\n name: ${name}\n internal: true\n loadBalancerType: network\n subnets:\n - ${subnetId}\n testVpcLink:\n type: aws:apigateway:VpcLink\n name: test\n properties:\n name: ${name}\n targetArn: ${test.arn}\n testRestApi:\n type: aws:apigateway:RestApi\n name: test\n properties:\n name: ${name}\n testResource:\n type: aws:apigateway:Resource\n name: test\n properties:\n restApi: ${testRestApi.id}\n parentId: ${testRestApi.rootResourceId}\n pathPart: test\n testMethod:\n type: aws:apigateway:Method\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: GET\n authorization: NONE\n requestModels:\n application/json: Error\n testIntegration:\n type: aws:apigateway:Integration\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: ${testMethod.httpMethod}\n requestTemplates:\n application/json:\n application/xml: |-\n #set($inputRoot = $input.path('$'))\n { }\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n integration.request.header.X-Foo: '''Bar'''\n type: HTTP\n uri: https://www.google.de\n integrationHttpMethod: GET\n passthroughBehavior: WHEN_NO_MATCH\n contentHandling: CONVERT_TO_TEXT\n connectionType: VPC_LINK\n connectionId: ${testVpcLink.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_integration` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n$ pulumi import aws:apigateway/integration:Integration example 12345abcde/67890fghij/GET\n```\n", + "description": "Provides an HTTP Method Integration for an API Gateway Integration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst myDemoResource = new aws.apigateway.Resource(\"MyDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"MyDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"MyDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n cacheKeyParameters: [\"method.request.path.param\"],\n cacheNamespace: \"foobar\",\n timeoutMilliseconds: 29000,\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n requestTemplates: {\n \"application/xml\": `{\n \"body\" : $input.json('$')\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"MyDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"MyDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"MyDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\",\n cache_key_parameters=[\"method.request.path.param\"],\n cache_namespace=\"foobar\",\n timeout_milliseconds=29000,\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n request_templates={\n \"application/xml\": \"\"\"{\n \"body\" : $input.json('$')\n}\n\"\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"MyDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"MyDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"MyDemoIntegration\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n CacheKeyParameters = new[]\n {\n \"method.request.path.param\",\n },\n CacheNamespace = \"foobar\",\n TimeoutMilliseconds = 29000,\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n },\n RequestTemplates = \n {\n { \"application/xml\", @\"{\n \"\"body\"\" : $input.json('$')\n}\n\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"MyDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"MyDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"MyDemoIntegration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t\tCacheKeyParameters: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"method.request.path.param\"),\n\t\t\t},\n\t\t\tCacheNamespace: pulumi.String(\"foobar\"),\n\t\t\tTimeoutMilliseconds: pulumi.Int(29000),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t},\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(\"{\\n \\\"body\\\" : $input.json('$')\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder() \n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder() \n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n var myDemoIntegration = new Integration(\"myDemoIntegration\", IntegrationArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(myDemoMethod.httpMethod())\n .type(\"MOCK\")\n .cacheKeyParameters(\"method.request.path.param\")\n .cacheNamespace(\"foobar\")\n .timeoutMilliseconds(29000)\n .requestParameters(Map.of(\"integration.request.header.X-Authorization\", \"'static'\"))\n .requestTemplates(Map.of(\"application/xml\", \"\"\"\n{\n \"body\" : $input.json('$')\n}\n \"\"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n name: MyDemoResource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n name: MyDemoMethod\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n myDemoIntegration:\n type: aws:apigateway:Integration\n name: MyDemoIntegration\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: ${myDemoMethod.httpMethod}\n type: MOCK\n cacheKeyParameters:\n - method.request.path.param\n cacheNamespace: foobar\n timeoutMilliseconds: 29000\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n requestTemplates:\n application/xml: |\n {\n \"body\" : $input.json('$')\n }\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Lambda integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst config = new pulumi.Config();\nconst myregion = config.requireObject(\"myregion\");\nconst accountId = config.requireObject(\"accountId\");\n// API Gateway\nconst api = new aws.apigateway.RestApi(\"api\", {name: \"myapi\"});\nconst resource = new aws.apigateway.Resource(\"resource\", {\n pathPart: \"resource\",\n parentId: api.rootResourceId,\n restApi: api.id,\n});\nconst method = new aws.apigateway.Method(\"method\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\n// IAM\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"myrole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = new aws.lambda.Function(\"lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"mylambda\",\n role: role.arn,\n handler: \"lambda.lambda_handler\",\n runtime: aws.lambda.Runtime.Python3d7,\n sourceCodeHash: std.filebase64sha256({\n input: \"lambda.zip\",\n }).then(invoke =\u003e invoke.result),\n});\nconst integration = new aws.apigateway.Integration(\"integration\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: method.httpMethod,\n integrationHttpMethod: \"POST\",\n type: \"AWS_PROXY\",\n uri: lambda.invokeArn,\n});\n// Lambda\nconst apigwLambda = new aws.lambda.Permission(\"apigw_lambda\", {\n statementId: \"AllowExecutionFromAPIGateway\",\n action: \"lambda:InvokeFunction\",\n \"function\": lambda.name,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nconfig = pulumi.Config()\nmyregion = config.require_object(\"myregion\")\naccount_id = config.require_object(\"accountId\")\n# API Gateway\napi = aws.apigateway.RestApi(\"api\", name=\"myapi\")\nresource = aws.apigateway.Resource(\"resource\",\n path_part=\"resource\",\n parent_id=api.root_resource_id,\n rest_api=api.id)\nmethod = aws.apigateway.Method(\"method\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\n# IAM\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"myrole\",\n assume_role_policy=assume_role.json)\nlambda_ = aws.lambda_.Function(\"lambda\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"mylambda\",\n role=role.arn,\n handler=\"lambda.lambda_handler\",\n runtime=aws.lambda_.Runtime.PYTHON3D7,\n source_code_hash=std.filebase64sha256(input=\"lambda.zip\").result)\nintegration = aws.apigateway.Integration(\"integration\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=method.http_method,\n integration_http_method=\"POST\",\n type=\"AWS_PROXY\",\n uri=lambda_.invoke_arn)\n# Lambda\napigw_lambda = aws.lambda_.Permission(\"apigw_lambda\",\n statement_id=\"AllowExecutionFromAPIGateway\",\n action=\"lambda:InvokeFunction\",\n function=lambda_.name,\n principal=\"apigateway.amazonaws.com\",\n source_arn=pulumi.Output.all(api.id, method.http_method, resource.path).apply(lambda id, http_method, path: f\"arn:aws:execute-api:{myregion}:{account_id}:{id}/*/{http_method}{path}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var myregion = config.RequireObject\u003cdynamic\u003e(\"myregion\");\n var accountId = config.RequireObject\u003cdynamic\u003e(\"accountId\");\n // API Gateway\n var api = new Aws.ApiGateway.RestApi(\"api\", new()\n {\n Name = \"myapi\",\n });\n\n var resource = new Aws.ApiGateway.Resource(\"resource\", new()\n {\n PathPart = \"resource\",\n ParentId = api.RootResourceId,\n RestApi = api.Id,\n });\n\n var method = new Aws.ApiGateway.Method(\"method\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n // IAM\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"myrole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = new Aws.Lambda.Function(\"lambda\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"mylambda\",\n Role = role.Arn,\n Handler = \"lambda.lambda_handler\",\n Runtime = Aws.Lambda.Runtime.Python3d7,\n SourceCodeHash = Std.Filebase64sha256.Invoke(new()\n {\n Input = \"lambda.zip\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n var integration = new Aws.ApiGateway.Integration(\"integration\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = method.HttpMethod,\n IntegrationHttpMethod = \"POST\",\n Type = \"AWS_PROXY\",\n Uri = lambda.InvokeArn,\n });\n\n // Lambda\n var apigwLambda = new Aws.Lambda.Permission(\"apigw_lambda\", new()\n {\n StatementId = \"AllowExecutionFromAPIGateway\",\n Action = \"lambda:InvokeFunction\",\n Function = lambda.Name,\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = Output.Tuple(api.Id, method.HttpMethod, resource.Path).Apply(values =\u003e\n {\n var id = values.Item1;\n var httpMethod = values.Item2;\n var path = values.Item3;\n return $\"arn:aws:execute-api:{myregion}:{accountId}:{id}/*/{httpMethod}{path}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tmyregion := cfg.RequireObject(\"myregion\")\n\t\taccountId := cfg.RequireObject(\"accountId\")\n\t\t// API Gateway\n\t\tapi, err := apigateway.NewRestApi(ctx, \"api\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"myapi\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tresource, err := apigateway.NewResource(ctx, \"resource\", \u0026apigateway.ResourceArgs{\n\t\t\tPathPart: pulumi.String(\"resource\"),\n\t\t\tParentId: api.RootResourceId,\n\t\t\tRestApi: api.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmethod, err := apigateway.NewMethod(ctx, \"method\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// IAM\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"myrole\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64sha256, err := std.Filebase64sha256(ctx, \u0026std.Filebase64sha256Args{\n\t\t\tInput: \"lambda.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := lambda.NewFunction(ctx, \"lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"mylambda\"),\n\t\t\tRole: role.Arn,\n\t\t\tHandler: pulumi.String(\"lambda.lambda_handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimePython3d7),\n\t\t\tSourceCodeHash: invokeFilebase64sha256.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"integration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: method.HttpMethod,\n\t\t\tIntegrationHttpMethod: pulumi.String(\"POST\"),\n\t\t\tType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tUri: lambda.InvokeArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lambda\n\t\t_, err = lambda.NewPermission(ctx, \"apigw_lambda\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromAPIGateway\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: lambda.Name,\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.All(api.ID(), method.HttpMethod, resource.Path).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tid := _args[0].(string)\n\t\t\t\thttpMethod := _args[1].(string)\n\t\t\t\tpath := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"arn:aws:execute-api:%v:%v:%v/*/%v%v\", myregion, accountId, id, httpMethod, path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var myregion = config.get(\"myregion\");\n final var accountId = config.get(\"accountId\");\n var api = new RestApi(\"api\", RestApiArgs.builder() \n .name(\"myapi\")\n .build());\n\n var resource = new Resource(\"resource\", ResourceArgs.builder() \n .pathPart(\"resource\")\n .parentId(api.rootResourceId())\n .restApi(api.id())\n .build());\n\n var method = new Method(\"method\", MethodArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"myrole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambda = new Function(\"lambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda.zip\"))\n .name(\"mylambda\")\n .role(role.arn())\n .handler(\"lambda.lambda_handler\")\n .runtime(\"python3.7\")\n .sourceCodeHash(StdFunctions.filebase64sha256(Filebase64sha256Args.builder()\n .input(\"lambda.zip\")\n .build()).result())\n .build());\n\n var integration = new Integration(\"integration\", IntegrationArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(method.httpMethod())\n .integrationHttpMethod(\"POST\")\n .type(\"AWS_PROXY\")\n .uri(lambda.invokeArn())\n .build());\n\n var apigwLambda = new Permission(\"apigwLambda\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromAPIGateway\")\n .action(\"lambda:InvokeFunction\")\n .function(lambda.name())\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(Output.tuple(api.id(), method.httpMethod(), resource.path()).applyValue(values -\u003e {\n var id = values.t1;\n var httpMethod = values.t2;\n var path = values.t3;\n return String.format(\"arn:aws:execute-api:%s:%s:%s/*/%s%s\", myregion,accountId,id,httpMethod,path);\n }))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Variables\n myregion:\n type: dynamic\n accountId:\n type: dynamic\nresources:\n # API Gateway\n api:\n type: aws:apigateway:RestApi\n properties:\n name: myapi\n resource:\n type: aws:apigateway:Resource\n properties:\n pathPart: resource\n parentId: ${api.rootResourceId}\n restApi: ${api.id}\n method:\n type: aws:apigateway:Method\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: GET\n authorization: NONE\n integration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: ${method.httpMethod}\n integrationHttpMethod: POST\n type: AWS_PROXY\n uri: ${lambda.invokeArn}\n # Lambda\n apigwLambda:\n type: aws:lambda:Permission\n name: apigw_lambda\n properties:\n statementId: AllowExecutionFromAPIGateway\n action: lambda:InvokeFunction\n function: ${lambda.name}\n principal: apigateway.amazonaws.com\n sourceArn: arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}\n lambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: mylambda\n role: ${role.arn}\n handler: lambda.lambda_handler\n runtime: python3.7\n sourceCodeHash:\n fn::invoke:\n Function: std:filebase64sha256\n Arguments:\n input: lambda.zip\n Return: result\n role:\n type: aws:iam:Role\n properties:\n name: myrole\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n # IAM\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## VPC Link\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst name = config.requireObject(\"name\");\nconst subnetId = config.requireObject(\"subnetId\");\nconst test = new aws.lb.LoadBalancer(\"test\", {\n name: name,\n internal: true,\n loadBalancerType: \"network\",\n subnets: [subnetId],\n});\nconst testVpcLink = new aws.apigateway.VpcLink(\"test\", {\n name: name,\n targetArn: test.arn,\n});\nconst testRestApi = new aws.apigateway.RestApi(\"test\", {name: name});\nconst testResource = new aws.apigateway.Resource(\"test\", {\n restApi: testRestApi.id,\n parentId: testRestApi.rootResourceId,\n pathPart: \"test\",\n});\nconst testMethod = new aws.apigateway.Method(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n requestModels: {\n \"application/json\": \"Error\",\n },\n});\nconst testIntegration = new aws.apigateway.Integration(\"test\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: testMethod.httpMethod,\n requestTemplates: {\n \"application/json\": \"\",\n \"application/xml\": `#set($inputRoot = $input.path('$'))\n{ }`,\n },\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type: \"HTTP\",\n uri: \"https://www.google.de\",\n integrationHttpMethod: \"GET\",\n passthroughBehavior: \"WHEN_NO_MATCH\",\n contentHandling: \"CONVERT_TO_TEXT\",\n connectionType: \"VPC_LINK\",\n connectionId: testVpcLink.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nname = config.require_object(\"name\")\nsubnet_id = config.require_object(\"subnetId\")\ntest = aws.lb.LoadBalancer(\"test\",\n name=name,\n internal=True,\n load_balancer_type=\"network\",\n subnets=[subnet_id])\ntest_vpc_link = aws.apigateway.VpcLink(\"test\",\n name=name,\n target_arn=test.arn)\ntest_rest_api = aws.apigateway.RestApi(\"test\", name=name)\ntest_resource = aws.apigateway.Resource(\"test\",\n rest_api=test_rest_api.id,\n parent_id=test_rest_api.root_resource_id,\n path_part=\"test\")\ntest_method = aws.apigateway.Method(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\",\n request_models={\n \"application/json\": \"Error\",\n })\ntest_integration = aws.apigateway.Integration(\"test\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=test_method.http_method,\n request_templates={\n \"application/json\": \"\",\n \"application/xml\": \"\"\"#set($inputRoot = $input.path('$'))\n{ }\"\"\",\n },\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type=\"HTTP\",\n uri=\"https://www.google.de\",\n integration_http_method=\"GET\",\n passthrough_behavior=\"WHEN_NO_MATCH\",\n content_handling=\"CONVERT_TO_TEXT\",\n connection_type=\"VPC_LINK\",\n connection_id=test_vpc_link.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var name = config.RequireObject\u003cdynamic\u003e(\"name\");\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var test = new Aws.LB.LoadBalancer(\"test\", new()\n {\n Name = name,\n Internal = true,\n LoadBalancerType = \"network\",\n Subnets = new[]\n {\n subnetId,\n },\n });\n\n var testVpcLink = new Aws.ApiGateway.VpcLink(\"test\", new()\n {\n Name = name,\n TargetArn = test.Arn,\n });\n\n var testRestApi = new Aws.ApiGateway.RestApi(\"test\", new()\n {\n Name = name,\n });\n\n var testResource = new Aws.ApiGateway.Resource(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ParentId = testRestApi.RootResourceId,\n PathPart = \"test\",\n });\n\n var testMethod = new Aws.ApiGateway.Method(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n RequestModels = \n {\n { \"application/json\", \"Error\" },\n },\n });\n\n var testIntegration = new Aws.ApiGateway.Integration(\"test\", new()\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = testMethod.HttpMethod,\n RequestTemplates = \n {\n { \"application/json\", \"\" },\n { \"application/xml\", @\"#set($inputRoot = $input.path('$'))\n{ }\" },\n },\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n { \"integration.request.header.X-Foo\", \"'Bar'\" },\n },\n Type = \"HTTP\",\n Uri = \"https://www.google.de\",\n IntegrationHttpMethod = \"GET\",\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n ContentHandling = \"CONVERT_TO_TEXT\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = testVpcLink.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tname := cfg.RequireObject(\"name\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\ttest, err := lb.NewLoadBalancer(ctx, \"test\", \u0026lb.LoadBalancerArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tsubnetId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestVpcLink, err := apigateway.NewVpcLink(ctx, \"test\", \u0026apigateway.VpcLinkArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t\tTargetArn: test.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRestApi, err := apigateway.NewRestApi(ctx, \"test\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.Any(name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestResource, err := apigateway.NewResource(ctx, \"test\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tParentId: testRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestMethod, err := apigateway.NewMethod(ctx, \"test\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t\tRequestModels: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"Error\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"test\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: testMethod.HttpMethod,\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"\"),\n\t\t\t\t\"application/xml\": pulumi.String(\"#set($inputRoot = $input.path('$'))\\n{ }\"),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t\t\"integration.request.header.X-Foo\": pulumi.String(\"'Bar'\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tUri: pulumi.String(\"https://www.google.de\"),\n\t\t\tIntegrationHttpMethod: pulumi.String(\"GET\"),\n\t\t\tPassthroughBehavior: pulumi.String(\"WHEN_NO_MATCH\"),\n\t\t\tContentHandling: pulumi.String(\"CONVERT_TO_TEXT\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: testVpcLink.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LoadBalancer;\nimport com.pulumi.aws.lb.LoadBalancerArgs;\nimport com.pulumi.aws.apigateway.VpcLink;\nimport com.pulumi.aws.apigateway.VpcLinkArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var name = config.get(\"name\");\n final var subnetId = config.get(\"subnetId\");\n var test = new LoadBalancer(\"test\", LoadBalancerArgs.builder() \n .name(name)\n .internal(true)\n .loadBalancerType(\"network\")\n .subnets(subnetId)\n .build());\n\n var testVpcLink = new VpcLink(\"testVpcLink\", VpcLinkArgs.builder() \n .name(name)\n .targetArn(test.arn())\n .build());\n\n var testRestApi = new RestApi(\"testRestApi\", RestApiArgs.builder() \n .name(name)\n .build());\n\n var testResource = new Resource(\"testResource\", ResourceArgs.builder() \n .restApi(testRestApi.id())\n .parentId(testRestApi.rootResourceId())\n .pathPart(\"test\")\n .build());\n\n var testMethod = new Method(\"testMethod\", MethodArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .requestModels(Map.of(\"application/json\", \"Error\"))\n .build());\n\n var testIntegration = new Integration(\"testIntegration\", IntegrationArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(testMethod.httpMethod())\n .requestTemplates(Map.ofEntries(\n Map.entry(\"application/json\", \"\"),\n Map.entry(\"application/xml\", \"\"\"\n#set($inputRoot = $input.path('$'))\n{ } \"\"\")\n ))\n .requestParameters(Map.ofEntries(\n Map.entry(\"integration.request.header.X-Authorization\", \"'static'\"),\n Map.entry(\"integration.request.header.X-Foo\", \"'Bar'\")\n ))\n .type(\"HTTP\")\n .uri(\"https://www.google.de\")\n .integrationHttpMethod(\"GET\")\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .contentHandling(\"CONVERT_TO_TEXT\")\n .connectionType(\"VPC_LINK\")\n .connectionId(testVpcLink.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n name:\n type: dynamic\n subnetId:\n type: dynamic\nresources:\n test:\n type: aws:lb:LoadBalancer\n properties:\n name: ${name}\n internal: true\n loadBalancerType: network\n subnets:\n - ${subnetId}\n testVpcLink:\n type: aws:apigateway:VpcLink\n name: test\n properties:\n name: ${name}\n targetArn: ${test.arn}\n testRestApi:\n type: aws:apigateway:RestApi\n name: test\n properties:\n name: ${name}\n testResource:\n type: aws:apigateway:Resource\n name: test\n properties:\n restApi: ${testRestApi.id}\n parentId: ${testRestApi.rootResourceId}\n pathPart: test\n testMethod:\n type: aws:apigateway:Method\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: GET\n authorization: NONE\n requestModels:\n application/json: Error\n testIntegration:\n type: aws:apigateway:Integration\n name: test\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: ${testMethod.httpMethod}\n requestTemplates:\n application/json:\n application/xml: |-\n #set($inputRoot = $input.path('$'))\n { }\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n integration.request.header.X-Foo: '''Bar'''\n type: HTTP\n uri: https://www.google.de\n integrationHttpMethod: GET\n passthroughBehavior: WHEN_NO_MATCH\n contentHandling: CONVERT_TO_TEXT\n connectionType: VPC_LINK\n connectionId: ${testVpcLink.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_integration` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n$ pulumi import aws:apigateway/integration:Integration example 12345abcde/67890fghij/GET\n```\n", "properties": { "cacheKeyParameters": { "type": "array", @@ -159533,7 +159533,7 @@ } }, "aws:apigateway/restApi:RestApi": { - "description": "Manages an API Gateway REST API. The REST API can be configured via [importing an OpenAPI specification](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html) in the `body` argument (with other arguments serving as overrides) or via other provider resources to manage the resources (`aws.apigateway.Resource` resource), methods (`aws.apigateway.Method` resource), integrations (`aws.apigateway.Integration` resource), etc. of the REST API. Once the REST API is configured, the `aws.apigateway.Deployment` resource can be used along with the `aws.apigateway.Stage` resource to publish the REST API.\n\n\u003e **Note:** Amazon API Gateway Version 1 resources are used for creating and deploying REST APIs. To create and deploy WebSocket and HTTP APIs, use Amazon API Gateway Version 2 resources.\n\n!\u003e **WARN:** When importing Open API Specifications with the `body` argument, by default the API Gateway REST API will be replaced with the Open API Specification thus removing any existing methods, resources, integrations, or endpoints. Endpoint mutations are asynchronous operations, and race conditions with DNS are possible. To overcome this limitation, use the `put_rest_api_mode` attribute and set it to `merge`.\n\n## Example Usage\n\n### OpenAPI Specification\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new aws.apigateway.RestApi(\"example\", {\n body: JSON.stringify({\n openapi: \"3.0.1\",\n info: {\n title: \"example\",\n version: \"1.0\",\n },\n paths: {\n \"/path1\": {\n get: {\n \"x-amazon-apigateway-integration\": {\n httpMethod: \"GET\",\n payloadFormatVersion: \"1.0\",\n type: \"HTTP_PROXY\",\n uri: \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name: \"example\",\n endpointConfiguration: {\n types: \"REGIONAL\",\n },\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: example.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify(example.body),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: example.id,\n stageName: \"example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.apigateway.RestApi(\"example\",\n body=json.dumps({\n \"openapi\": \"3.0.1\",\n \"info\": {\n \"title\": \"example\",\n \"version\": \"1.0\",\n },\n \"paths\": {\n \"/path1\": {\n \"get\": {\n \"x-amazon-apigateway-integration\": {\n \"httpMethod\": \"GET\",\n \"payloadFormatVersion\": \"1.0\",\n \"type\": \"HTTP_PROXY\",\n \"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name=\"example\",\n endpoint_configuration=aws.apigateway.RestApiEndpointConfigurationArgs(\n types=\"REGIONAL\",\n ))\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps(example.body)).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example.id,\n stage_name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Body = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"openapi\"] = \"3.0.1\",\n [\"info\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"title\"] = \"example\",\n [\"version\"] = \"1.0\",\n },\n [\"paths\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"/path1\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"get\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"x-amazon-apigateway-integration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"httpMethod\"] = \"GET\",\n [\"payloadFormatVersion\"] = \"1.0\",\n [\"type\"] = \"HTTP_PROXY\",\n [\"uri\"] = \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n Name = \"example\",\n EndpointConfiguration = new Aws.ApiGateway.Inputs.RestApiEndpointConfigurationArgs\n {\n Types = \"REGIONAL\",\n },\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = example.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(example.Body)),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = example.Id,\n StageName = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"openapi\": \"3.0.1\",\n\t\t\t\"info\": map[string]interface{}{\n\t\t\t\t\"title\": \"example\",\n\t\t\t\t\"version\": \"1.0\",\n\t\t\t},\n\t\t\t\"paths\": map[string]interface{}{\n\t\t\t\t\"/path1\": map[string]interface{}{\n\t\t\t\t\t\"get\": map[string]interface{}{\n\t\t\t\t\t\t\"x-amazon-apigateway-integration\": map[string]interface{}{\n\t\t\t\t\t\t\t\"httpMethod\": \"GET\",\n\t\t\t\t\t\t\t\"payloadFormatVersion\": \"1.0\",\n\t\t\t\t\t\t\t\"type\": \"HTTP_PROXY\",\n\t\t\t\t\t\t\t\"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tBody: pulumi.String(json0),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tEndpointConfiguration: \u0026apigateway.RestApiEndpointConfigurationArgs{\n\t\t\t\tTypes: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: example.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: example.Body.ApplyT(func(body *string) (pulumi.String, error) {\n\t\t\t\t\t\tvar _zero pulumi.String\n\t\t\t\t\t\ttmpJSON1, err := json.Marshal(body)\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson1 := string(tmpJSON1)\n\t\t\t\t\t\treturn pulumi.String(json1), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.inputs.RestApiEndpointConfigurationArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RestApi(\"example\", RestApiArgs.builder() \n .body(serializeJson(\n jsonObject(\n jsonProperty(\"openapi\", \"3.0.1\"),\n jsonProperty(\"info\", jsonObject(\n jsonProperty(\"title\", \"example\"),\n jsonProperty(\"version\", \"1.0\")\n )),\n jsonProperty(\"paths\", jsonObject(\n jsonProperty(\"/path1\", jsonObject(\n jsonProperty(\"get\", jsonObject(\n jsonProperty(\"x-amazon-apigateway-integration\", jsonObject(\n jsonProperty(\"httpMethod\", \"GET\"),\n jsonProperty(\"payloadFormatVersion\", \"1.0\"),\n jsonProperty(\"type\", \"HTTP_PROXY\"),\n jsonProperty(\"uri\", \"https://ip-ranges.amazonaws.com/ip-ranges.json\")\n ))\n ))\n ))\n ))\n )))\n .name(\"example\")\n .endpointConfiguration(RestApiEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(example.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(example.id())\n .stageName(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:RestApi\n properties:\n body:\n fn::toJSON:\n openapi: 3.0.1\n info:\n title: example\n version: '1.0'\n paths:\n /path1:\n get:\n x-amazon-apigateway-integration:\n httpMethod: GET\n payloadFormatVersion: '1.0'\n type: HTTP_PROXY\n uri: https://ip-ranges.amazonaws.com/ip-ranges.json\n name: example\n endpointConfiguration:\n types: REGIONAL\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${example.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON: ${example.body}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${example.id}\n stageName: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenAPI Specification with Private Endpoints\n\nUsing `put_rest_api_mode` = `merge` when importing the OpenAPI Specification, the AWS control plane will not delete all existing literal properties that are not explicitly set in the OpenAPI definition. Impacted API Gateway properties: ApiKeySourceType, BinaryMediaTypes, Description, EndpointConfiguration, MinimumCompressionSize, Name, Policy).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst current = aws.getRegion({});\nconst example = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst exampleDefaultSecurityGroup = new aws.ec2.DefaultSecurityGroup(\"example\", {vpcId: example.id});\nconst exampleSubnet = new aws.ec2.Subnet(\"example\", {\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n cidrBlock: example.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: 0,\n })).apply(invoke =\u003e invoke.result),\n vpcId: example.id,\n});\nconst exampleVpcEndpoint: aws.ec2.VpcEndpoint[] = [];\nfor (const range = {value: 0}; range.value \u003c 3; range.value++) {\n exampleVpcEndpoint.push(new aws.ec2.VpcEndpoint(`example-${range.value}`, {\n privateDnsEnabled: false,\n securityGroupIds: [exampleDefaultSecurityGroup.id],\n serviceName: current.then(current =\u003e `com.amazonaws.${current.name}.execute-api`),\n subnetIds: [exampleSubnet.id],\n vpcEndpointType: \"Interface\",\n vpcId: example.id,\n }));\n}\nconst exampleRestApi = new aws.apigateway.RestApi(\"example\", {\n body: JSON.stringify({\n openapi: \"3.0.1\",\n info: {\n title: \"example\",\n version: \"1.0\",\n },\n paths: {\n \"/path1\": {\n get: {\n \"x-amazon-apigateway-integration\": {\n httpMethod: \"GET\",\n payloadFormatVersion: \"1.0\",\n type: \"HTTP_PROXY\",\n uri: \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name: \"example\",\n putRestApiMode: \"merge\",\n endpointConfiguration: {\n types: \"PRIVATE\",\n vpcEndpointIds: [\n exampleVpcEndpoint[0].id,\n exampleVpcEndpoint[1].id,\n exampleVpcEndpoint[2].id,\n ],\n },\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: exampleRestApi.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify(exampleRestApi.body),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: exampleRestApi.id,\n stageName: \"example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ncurrent = aws.get_region()\nexample = aws.ec2.Vpc(\"example\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\nexample_default_security_group = aws.ec2.DefaultSecurityGroup(\"example\", vpc_id=example.id)\nexample_subnet = aws.ec2.Subnet(\"example\",\n availability_zone=available.names[0],\n cidr_block=example.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=0)).apply(lambda invoke: invoke.result),\n vpc_id=example.id)\nexample_vpc_endpoint = []\nfor range in [{\"value\": i} for i in range(0, 3)]:\n example_vpc_endpoint.append(aws.ec2.VpcEndpoint(f\"example-{range['value']}\",\n private_dns_enabled=False,\n security_group_ids=[example_default_security_group.id],\n service_name=f\"com.amazonaws.{current.name}.execute-api\",\n subnet_ids=[example_subnet.id],\n vpc_endpoint_type=\"Interface\",\n vpc_id=example.id))\nexample_rest_api = aws.apigateway.RestApi(\"example\",\n body=json.dumps({\n \"openapi\": \"3.0.1\",\n \"info\": {\n \"title\": \"example\",\n \"version\": \"1.0\",\n },\n \"paths\": {\n \"/path1\": {\n \"get\": {\n \"x-amazon-apigateway-integration\": {\n \"httpMethod\": \"GET\",\n \"payloadFormatVersion\": \"1.0\",\n \"type\": \"HTTP_PROXY\",\n \"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name=\"example\",\n put_rest_api_mode=\"merge\",\n endpoint_configuration=aws.apigateway.RestApiEndpointConfigurationArgs(\n types=\"PRIVATE\",\n vpc_endpoint_ids=[\n example_vpc_endpoint[0].id,\n example_vpc_endpoint[1].id,\n example_vpc_endpoint[2].id,\n ],\n ))\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example_rest_api.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps(example_rest_api.body)).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example_rest_api.id,\n stage_name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n\n var exampleDefaultSecurityGroup = new Aws.Ec2.DefaultSecurityGroup(\"example\", new()\n {\n VpcId = example.Id,\n });\n\n var exampleSubnet = new Aws.Ec2.Subnet(\"example\", new()\n {\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n CidrBlock = example.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = 0,\n })).Apply(invoke =\u003e invoke.Result),\n VpcId = example.Id,\n });\n\n var exampleVpcEndpoint = new List\u003cAws.Ec2.VpcEndpoint\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 3; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleVpcEndpoint.Add(new Aws.Ec2.VpcEndpoint($\"example-{range.Value}\", new()\n {\n PrivateDnsEnabled = false,\n SecurityGroupIds = new[]\n {\n exampleDefaultSecurityGroup.Id,\n },\n ServiceName = $\"com.amazonaws.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.execute-api\",\n SubnetIds = new[]\n {\n exampleSubnet.Id,\n },\n VpcEndpointType = \"Interface\",\n VpcId = example.Id,\n }));\n }\n var exampleRestApi = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Body = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"openapi\"] = \"3.0.1\",\n [\"info\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"title\"] = \"example\",\n [\"version\"] = \"1.0\",\n },\n [\"paths\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"/path1\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"get\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"x-amazon-apigateway-integration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"httpMethod\"] = \"GET\",\n [\"payloadFormatVersion\"] = \"1.0\",\n [\"type\"] = \"HTTP_PROXY\",\n [\"uri\"] = \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n Name = \"example\",\n PutRestApiMode = \"merge\",\n EndpointConfiguration = new Aws.ApiGateway.Inputs.RestApiEndpointConfigurationArgs\n {\n Types = \"PRIVATE\",\n VpcEndpointIds = new[]\n {\n exampleVpcEndpoint[0].Id,\n exampleVpcEndpoint[1].Id,\n exampleVpcEndpoint[2].Id,\n },\n },\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = exampleRestApi.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(exampleRestApi.Body)),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = exampleRestApi.Id,\n StageName = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDefaultSecurityGroup, err := ec2.NewDefaultSecurityGroup(ctx, \"example\", \u0026ec2.DefaultSecurityGroupArgs{\n\t\t\tVpcId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t\tCidrBlock: example.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\n\t\t\t\treturn std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\n\t\t\t\t\tInput: cidrBlock,\n\t\t\t\t\tNewbits: 8,\n\t\t\t\t\tNetnum: 0,\n\t\t\t\t}, nil), nil\n\t\t\t}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tVpcId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar exampleVpcEndpoint []*ec2.VpcEndpoint\n\t\tfor index := 0; index \u003c 3; index++ {\n\t\t\tkey0 := index\n\t\t\t_ := index\n\t\t\t__res, err := ec2.NewVpcEndpoint(ctx, fmt.Sprintf(\"example-%v\", key0), \u0026ec2.VpcEndpointArgs{\n\t\t\t\tPrivateDnsEnabled: pulumi.Bool(false),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\texampleDefaultSecurityGroup.ID(),\n\t\t\t\t},\n\t\t\t\tServiceName: pulumi.String(fmt.Sprintf(\"com.amazonaws.%v.execute-api\", current.Name)),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleSubnet.ID(),\n\t\t\t\t},\n\t\t\t\tVpcEndpointType: pulumi.String(\"Interface\"),\n\t\t\t\tVpcId: example.ID(),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\texampleVpcEndpoint = append(exampleVpcEndpoint, __res)\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"openapi\": \"3.0.1\",\n\t\t\t\"info\": map[string]interface{}{\n\t\t\t\t\"title\": \"example\",\n\t\t\t\t\"version\": \"1.0\",\n\t\t\t},\n\t\t\t\"paths\": map[string]interface{}{\n\t\t\t\t\"/path1\": map[string]interface{}{\n\t\t\t\t\t\"get\": map[string]interface{}{\n\t\t\t\t\t\t\"x-amazon-apigateway-integration\": map[string]interface{}{\n\t\t\t\t\t\t\t\"httpMethod\": \"GET\",\n\t\t\t\t\t\t\t\"payloadFormatVersion\": \"1.0\",\n\t\t\t\t\t\t\t\"type\": \"HTTP_PROXY\",\n\t\t\t\t\t\t\t\"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleRestApi, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tBody: pulumi.String(json0),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tPutRestApiMode: pulumi.String(\"merge\"),\n\t\t\tEndpointConfiguration: \u0026apigateway.RestApiEndpointConfigurationArgs{\n\t\t\t\tTypes: pulumi.String(\"PRIVATE\"),\n\t\t\t\tVpcEndpointIds: pulumi.StringArray{\n\t\t\t\t\texampleVpcEndpoint[0].ID(),\n\t\t\t\t\texampleVpcEndpoint[1].ID(),\n\t\t\t\t\texampleVpcEndpoint[2].ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: exampleRestApi.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: exampleRestApi.Body.ApplyT(func(body *string) (pulumi.String, error) {\n\t\t\t\t\t\tvar _zero pulumi.String\n\t\t\t\t\t\ttmpJSON1, err := json.Marshal(body)\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson1 := string(tmpJSON1)\n\t\t\t\t\t\treturn pulumi.String(json1), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: exampleRestApi.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.DefaultSecurityGroup;\nimport com.pulumi.aws.ec2.DefaultSecurityGroupArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.inputs.RestApiEndpointConfigurationArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n final var current = AwsFunctions.getRegion();\n\n var example = new Vpc(\"example\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build());\n\n var exampleDefaultSecurityGroup = new DefaultSecurityGroup(\"exampleDefaultSecurityGroup\", DefaultSecurityGroupArgs.builder() \n .vpcId(example.id())\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder() \n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .cidrBlock(example.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .vpcId(example.id())\n .build());\n\n for (var i = 0; i \u003c 3; i++) {\n new VpcEndpoint(\"exampleVpcEndpoint-\" + i, VpcEndpointArgs.builder() \n .privateDnsEnabled(false)\n .securityGroupIds(exampleDefaultSecurityGroup.id())\n .serviceName(String.format(\"com.amazonaws.%s.execute-api\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .subnetIds(exampleSubnet.id())\n .vpcEndpointType(\"Interface\")\n .vpcId(example.id())\n .build());\n\n \n}\n var exampleRestApi = new RestApi(\"exampleRestApi\", RestApiArgs.builder() \n .body(serializeJson(\n jsonObject(\n jsonProperty(\"openapi\", \"3.0.1\"),\n jsonProperty(\"info\", jsonObject(\n jsonProperty(\"title\", \"example\"),\n jsonProperty(\"version\", \"1.0\")\n )),\n jsonProperty(\"paths\", jsonObject(\n jsonProperty(\"/path1\", jsonObject(\n jsonProperty(\"get\", jsonObject(\n jsonProperty(\"x-amazon-apigateway-integration\", jsonObject(\n jsonProperty(\"httpMethod\", \"GET\"),\n jsonProperty(\"payloadFormatVersion\", \"1.0\"),\n jsonProperty(\"type\", \"HTTP_PROXY\"),\n jsonProperty(\"uri\", \"https://ip-ranges.amazonaws.com/ip-ranges.json\")\n ))\n ))\n ))\n ))\n )))\n .name(\"example\")\n .putRestApiMode(\"merge\")\n .endpointConfiguration(RestApiEndpointConfigurationArgs.builder()\n .types(\"PRIVATE\")\n .vpcEndpointIds( \n exampleVpcEndpoint[0].id(),\n exampleVpcEndpoint[1].id(),\n exampleVpcEndpoint[2].id())\n .build())\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(exampleRestApi.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(exampleRestApi.id())\n .stageName(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n exampleDefaultSecurityGroup:\n type: aws:ec2:DefaultSecurityGroup\n name: example\n properties:\n vpcId: ${example.id}\n exampleSubnet:\n type: aws:ec2:Subnet\n name: example\n properties:\n availabilityZone: ${available.names[0]}\n cidrBlock:\n fn::invoke:\n Function: std:cidrsubnet\n Arguments:\n input: ${example.cidrBlock}\n newbits: 8\n netnum: 0\n Return: result\n vpcId: ${example.id}\n exampleVpcEndpoint:\n type: aws:ec2:VpcEndpoint\n name: example\n properties:\n privateDnsEnabled: false\n securityGroupIds:\n - ${exampleDefaultSecurityGroup.id}\n serviceName: com.amazonaws.${current.name}.execute-api\n subnetIds:\n - ${exampleSubnet.id}\n vpcEndpointType: Interface\n vpcId: ${example.id}\n options: {}\n exampleRestApi:\n type: aws:apigateway:RestApi\n name: example\n properties:\n body:\n fn::toJSON:\n openapi: 3.0.1\n info:\n title: example\n version: '1.0'\n paths:\n /path1:\n get:\n x-amazon-apigateway-integration:\n httpMethod: GET\n payloadFormatVersion: '1.0'\n type: HTTP_PROXY\n uri: https://ip-ranges.amazonaws.com/ip-ranges.json\n name: example\n putRestApiMode: merge\n endpointConfiguration:\n types: PRIVATE\n vpcEndpointIds:\n - ${exampleVpcEndpoint[0].id}\n - ${exampleVpcEndpoint[1].id}\n - ${exampleVpcEndpoint[2].id}\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${exampleRestApi.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON: ${exampleRestApi.body}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${exampleRestApi.id}\n stageName: example\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Resources\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new aws.apigateway.RestApi(\"example\", {name: \"example\"});\nconst exampleResource = new aws.apigateway.Resource(\"example\", {\n parentId: example.rootResourceId,\n pathPart: \"example\",\n restApi: example.id,\n});\nconst exampleMethod = new aws.apigateway.Method(\"example\", {\n authorization: \"NONE\",\n httpMethod: \"GET\",\n resourceId: exampleResource.id,\n restApi: example.id,\n});\nconst exampleIntegration = new aws.apigateway.Integration(\"example\", {\n httpMethod: exampleMethod.httpMethod,\n resourceId: exampleResource.id,\n restApi: example.id,\n type: \"MOCK\",\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: example.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify([\n exampleResource.id,\n exampleMethod.id,\n exampleIntegration.id,\n ]),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: example.id,\n stageName: \"example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.apigateway.RestApi(\"example\", name=\"example\")\nexample_resource = aws.apigateway.Resource(\"example\",\n parent_id=example.root_resource_id,\n path_part=\"example\",\n rest_api=example.id)\nexample_method = aws.apigateway.Method(\"example\",\n authorization=\"NONE\",\n http_method=\"GET\",\n resource_id=example_resource.id,\n rest_api=example.id)\nexample_integration = aws.apigateway.Integration(\"example\",\n http_method=example_method.http_method,\n resource_id=example_resource.id,\n rest_api=example.id,\n type=\"MOCK\")\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps([\n example_resource.id,\n example_method.id,\n example_integration.id,\n ])).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example.id,\n stage_name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Name = \"example\",\n });\n\n var exampleResource = new Aws.ApiGateway.Resource(\"example\", new()\n {\n ParentId = example.RootResourceId,\n PathPart = \"example\",\n RestApi = example.Id,\n });\n\n var exampleMethod = new Aws.ApiGateway.Method(\"example\", new()\n {\n Authorization = \"NONE\",\n HttpMethod = \"GET\",\n ResourceId = exampleResource.Id,\n RestApi = example.Id,\n });\n\n var exampleIntegration = new Aws.ApiGateway.Integration(\"example\", new()\n {\n HttpMethod = exampleMethod.HttpMethod,\n ResourceId = exampleResource.Id,\n RestApi = example.Id,\n Type = \"MOCK\",\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = example.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(new[]\n {\n exampleResource.Id,\n exampleMethod.Id,\n exampleIntegration.Id,\n })),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = example.Id,\n StageName = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleResource, err := apigateway.NewResource(ctx, \"example\", \u0026apigateway.ResourceArgs{\n\t\t\tParentId: example.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"example\"),\n\t\t\tRestApi: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMethod, err := apigateway.NewMethod(ctx, \"example\", \u0026apigateway.MethodArgs{\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tResourceId: exampleResource.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleIntegration, err := apigateway.NewIntegration(ctx, \"example\", \u0026apigateway.IntegrationArgs{\n\t\t\tHttpMethod: exampleMethod.HttpMethod,\n\t\t\tResourceId: exampleResource.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: example.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: pulumi.All(exampleResource.ID(), exampleMethod.ID(), exampleIntegration.ID()).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\texampleResourceId := _args[0].(string)\n\t\t\t\t\t\texampleMethodId := _args[1].(string)\n\t\t\t\t\t\texampleIntegrationId := _args[2].(string)\n\t\t\t\t\t\tvar _zero string\n\t\t\t\t\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\t\t\t\texampleResourceId,\n\t\t\t\t\t\t\texampleMethodId,\n\t\t\t\t\t\t\texampleIntegrationId,\n\t\t\t\t\t\t})\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\t\t\treturn json0, nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RestApi(\"example\", RestApiArgs.builder() \n .name(\"example\")\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder() \n .parentId(example.rootResourceId())\n .pathPart(\"example\")\n .restApi(example.id())\n .build());\n\n var exampleMethod = new Method(\"exampleMethod\", MethodArgs.builder() \n .authorization(\"NONE\")\n .httpMethod(\"GET\")\n .resourceId(exampleResource.id())\n .restApi(example.id())\n .build());\n\n var exampleIntegration = new Integration(\"exampleIntegration\", IntegrationArgs.builder() \n .httpMethod(exampleMethod.httpMethod())\n .resourceId(exampleResource.id())\n .restApi(example.id())\n .type(\"MOCK\")\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(example.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(example.id())\n .stageName(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:RestApi\n properties:\n name: example\n exampleResource:\n type: aws:apigateway:Resource\n name: example\n properties:\n parentId: ${example.rootResourceId}\n pathPart: example\n restApi: ${example.id}\n exampleMethod:\n type: aws:apigateway:Method\n name: example\n properties:\n authorization: NONE\n httpMethod: GET\n resourceId: ${exampleResource.id}\n restApi: ${example.id}\n exampleIntegration:\n type: aws:apigateway:Integration\n name: example\n properties:\n httpMethod: ${exampleMethod.httpMethod}\n resourceId: ${exampleResource.id}\n restApi: ${example.id}\n type: MOCK\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${example.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON:\n - ${exampleResource.id}\n - ${exampleMethod.id}\n - ${exampleIntegration.id}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${example.id}\n stageName: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_rest_api` using the REST API ID. For example:\n\n```sh\n$ pulumi import aws:apigateway/restApi:RestApi example 12345abcde\n```\n~\u003e __NOTE:__ Resource import does not currently support the `body` attribute.\n\n", + "description": "Manages an API Gateway REST API. The REST API can be configured via [importing an OpenAPI specification](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html) in the `body` argument (with other arguments serving as overrides) or via other provider resources to manage the resources (`aws.apigateway.Resource` resource), methods (`aws.apigateway.Method` resource), integrations (`aws.apigateway.Integration` resource), etc. of the REST API. Once the REST API is configured, the `aws.apigateway.Deployment` resource can be used along with the `aws.apigateway.Stage` resource to publish the REST API.\n\n\u003e **Note:** Amazon API Gateway Version 1 resources are used for creating and deploying REST APIs. To create and deploy WebSocket and HTTP APIs, use Amazon API Gateway Version 2 resources.\n\n!\u003e **WARN:** When importing Open API Specifications with the `body` argument, by default the API Gateway REST API will be replaced with the Open API Specification thus removing any existing methods, resources, integrations, or endpoints. Endpoint mutations are asynchronous operations, and race conditions with DNS are possible. To overcome this limitation, use the `put_rest_api_mode` attribute and set it to `merge`.\n\n## Example Usage\n\n### OpenAPI Specification\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new aws.apigateway.RestApi(\"example\", {\n body: JSON.stringify({\n openapi: \"3.0.1\",\n info: {\n title: \"example\",\n version: \"1.0\",\n },\n paths: {\n \"/path1\": {\n get: {\n \"x-amazon-apigateway-integration\": {\n httpMethod: \"GET\",\n payloadFormatVersion: \"1.0\",\n type: \"HTTP_PROXY\",\n uri: \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name: \"example\",\n endpointConfiguration: {\n types: \"REGIONAL\",\n },\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: example.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify(example.body),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: example.id,\n stageName: \"example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.apigateway.RestApi(\"example\",\n body=json.dumps({\n \"openapi\": \"3.0.1\",\n \"info\": {\n \"title\": \"example\",\n \"version\": \"1.0\",\n },\n \"paths\": {\n \"/path1\": {\n \"get\": {\n \"x-amazon-apigateway-integration\": {\n \"httpMethod\": \"GET\",\n \"payloadFormatVersion\": \"1.0\",\n \"type\": \"HTTP_PROXY\",\n \"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name=\"example\",\n endpoint_configuration=aws.apigateway.RestApiEndpointConfigurationArgs(\n types=\"REGIONAL\",\n ))\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps(example.body)).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example.id,\n stage_name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Body = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"openapi\"] = \"3.0.1\",\n [\"info\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"title\"] = \"example\",\n [\"version\"] = \"1.0\",\n },\n [\"paths\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"/path1\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"get\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"x-amazon-apigateway-integration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"httpMethod\"] = \"GET\",\n [\"payloadFormatVersion\"] = \"1.0\",\n [\"type\"] = \"HTTP_PROXY\",\n [\"uri\"] = \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n Name = \"example\",\n EndpointConfiguration = new Aws.ApiGateway.Inputs.RestApiEndpointConfigurationArgs\n {\n Types = \"REGIONAL\",\n },\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = example.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(example.Body)),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = example.Id,\n StageName = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"openapi\": \"3.0.1\",\n\t\t\t\"info\": map[string]interface{}{\n\t\t\t\t\"title\": \"example\",\n\t\t\t\t\"version\": \"1.0\",\n\t\t\t},\n\t\t\t\"paths\": map[string]interface{}{\n\t\t\t\t\"/path1\": map[string]interface{}{\n\t\t\t\t\t\"get\": map[string]interface{}{\n\t\t\t\t\t\t\"x-amazon-apigateway-integration\": map[string]interface{}{\n\t\t\t\t\t\t\t\"httpMethod\": \"GET\",\n\t\t\t\t\t\t\t\"payloadFormatVersion\": \"1.0\",\n\t\t\t\t\t\t\t\"type\": \"HTTP_PROXY\",\n\t\t\t\t\t\t\t\"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tBody: pulumi.String(json0),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tEndpointConfiguration: \u0026apigateway.RestApiEndpointConfigurationArgs{\n\t\t\t\tTypes: pulumi.String(\"REGIONAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: example.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: example.Body.ApplyT(func(body *string) (pulumi.String, error) {\n\t\t\t\t\t\tvar _zero pulumi.String\n\t\t\t\t\t\ttmpJSON1, err := json.Marshal(body)\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson1 := string(tmpJSON1)\n\t\t\t\t\t\treturn pulumi.String(json1), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.inputs.RestApiEndpointConfigurationArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RestApi(\"example\", RestApiArgs.builder() \n .body(serializeJson(\n jsonObject(\n jsonProperty(\"openapi\", \"3.0.1\"),\n jsonProperty(\"info\", jsonObject(\n jsonProperty(\"title\", \"example\"),\n jsonProperty(\"version\", \"1.0\")\n )),\n jsonProperty(\"paths\", jsonObject(\n jsonProperty(\"/path1\", jsonObject(\n jsonProperty(\"get\", jsonObject(\n jsonProperty(\"x-amazon-apigateway-integration\", jsonObject(\n jsonProperty(\"httpMethod\", \"GET\"),\n jsonProperty(\"payloadFormatVersion\", \"1.0\"),\n jsonProperty(\"type\", \"HTTP_PROXY\"),\n jsonProperty(\"uri\", \"https://ip-ranges.amazonaws.com/ip-ranges.json\")\n ))\n ))\n ))\n ))\n )))\n .name(\"example\")\n .endpointConfiguration(RestApiEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(example.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(example.id())\n .stageName(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:RestApi\n properties:\n body:\n fn::toJSON:\n openapi: 3.0.1\n info:\n title: example\n version: '1.0'\n paths:\n /path1:\n get:\n x-amazon-apigateway-integration:\n httpMethod: GET\n payloadFormatVersion: '1.0'\n type: HTTP_PROXY\n uri: https://ip-ranges.amazonaws.com/ip-ranges.json\n name: example\n endpointConfiguration:\n types: REGIONAL\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${example.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON: ${example.body}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${example.id}\n stageName: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenAPI Specification with Private Endpoints\n\nUsing `put_rest_api_mode` = `merge` when importing the OpenAPI Specification, the AWS control plane will not delete all existing literal properties that are not explicitly set in the OpenAPI definition. Impacted API Gateway properties: ApiKeySourceType, BinaryMediaTypes, Description, EndpointConfiguration, MinimumCompressionSize, Name, Policy).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst current = aws.getRegion({});\nconst example = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst exampleDefaultSecurityGroup = new aws.ec2.DefaultSecurityGroup(\"example\", {vpcId: example.id});\nconst exampleSubnet = new aws.ec2.Subnet(\"example\", {\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n cidrBlock: example.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: 0,\n })).apply(invoke =\u003e invoke.result),\n vpcId: example.id,\n});\nconst exampleVpcEndpoint: aws.ec2.VpcEndpoint[] = [];\nfor (const range = {value: 0}; range.value \u003c 3; range.value++) {\n exampleVpcEndpoint.push(new aws.ec2.VpcEndpoint(`example-${range.value}`, {\n privateDnsEnabled: false,\n securityGroupIds: [exampleDefaultSecurityGroup.id],\n serviceName: current.then(current =\u003e `com.amazonaws.${current.name}.execute-api`),\n subnetIds: [exampleSubnet.id],\n vpcEndpointType: \"Interface\",\n vpcId: example.id,\n }));\n}\nconst exampleRestApi = new aws.apigateway.RestApi(\"example\", {\n body: JSON.stringify({\n openapi: \"3.0.1\",\n info: {\n title: \"example\",\n version: \"1.0\",\n },\n paths: {\n \"/path1\": {\n get: {\n \"x-amazon-apigateway-integration\": {\n httpMethod: \"GET\",\n payloadFormatVersion: \"1.0\",\n type: \"HTTP_PROXY\",\n uri: \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name: \"example\",\n putRestApiMode: \"merge\",\n endpointConfiguration: {\n types: \"PRIVATE\",\n vpcEndpointIds: [\n exampleVpcEndpoint[0].id,\n exampleVpcEndpoint[1].id,\n exampleVpcEndpoint[2].id,\n ],\n },\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: exampleRestApi.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify(exampleRestApi.body),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: exampleRestApi.id,\n stageName: \"example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ncurrent = aws.get_region()\nexample = aws.ec2.Vpc(\"example\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\nexample_default_security_group = aws.ec2.DefaultSecurityGroup(\"example\", vpc_id=example.id)\nexample_subnet = aws.ec2.Subnet(\"example\",\n availability_zone=available.names[0],\n cidr_block=example.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=0)).apply(lambda invoke: invoke.result),\n vpc_id=example.id)\nexample_vpc_endpoint = []\nfor range in [{\"value\": i} for i in range(0, 3)]:\n example_vpc_endpoint.append(aws.ec2.VpcEndpoint(f\"example-{range['value']}\",\n private_dns_enabled=False,\n security_group_ids=[example_default_security_group.id],\n service_name=f\"com.amazonaws.{current.name}.execute-api\",\n subnet_ids=[example_subnet.id],\n vpc_endpoint_type=\"Interface\",\n vpc_id=example.id))\nexample_rest_api = aws.apigateway.RestApi(\"example\",\n body=json.dumps({\n \"openapi\": \"3.0.1\",\n \"info\": {\n \"title\": \"example\",\n \"version\": \"1.0\",\n },\n \"paths\": {\n \"/path1\": {\n \"get\": {\n \"x-amazon-apigateway-integration\": {\n \"httpMethod\": \"GET\",\n \"payloadFormatVersion\": \"1.0\",\n \"type\": \"HTTP_PROXY\",\n \"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name=\"example\",\n put_rest_api_mode=\"merge\",\n endpoint_configuration=aws.apigateway.RestApiEndpointConfigurationArgs(\n types=\"PRIVATE\",\n vpc_endpoint_ids=[\n example_vpc_endpoint[0].id,\n example_vpc_endpoint[1].id,\n example_vpc_endpoint[2].id,\n ],\n ))\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example_rest_api.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps(example_rest_api.body)).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example_rest_api.id,\n stage_name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n\n var exampleDefaultSecurityGroup = new Aws.Ec2.DefaultSecurityGroup(\"example\", new()\n {\n VpcId = example.Id,\n });\n\n var exampleSubnet = new Aws.Ec2.Subnet(\"example\", new()\n {\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n CidrBlock = example.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = 0,\n })).Apply(invoke =\u003e invoke.Result),\n VpcId = example.Id,\n });\n\n var exampleVpcEndpoint = new List\u003cAws.Ec2.VpcEndpoint\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 3; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleVpcEndpoint.Add(new Aws.Ec2.VpcEndpoint($\"example-{range.Value}\", new()\n {\n PrivateDnsEnabled = false,\n SecurityGroupIds = new[]\n {\n exampleDefaultSecurityGroup.Id,\n },\n ServiceName = $\"com.amazonaws.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.execute-api\",\n SubnetIds = new[]\n {\n exampleSubnet.Id,\n },\n VpcEndpointType = \"Interface\",\n VpcId = example.Id,\n }));\n }\n var exampleRestApi = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Body = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"openapi\"] = \"3.0.1\",\n [\"info\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"title\"] = \"example\",\n [\"version\"] = \"1.0\",\n },\n [\"paths\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"/path1\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"get\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"x-amazon-apigateway-integration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"httpMethod\"] = \"GET\",\n [\"payloadFormatVersion\"] = \"1.0\",\n [\"type\"] = \"HTTP_PROXY\",\n [\"uri\"] = \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n Name = \"example\",\n PutRestApiMode = \"merge\",\n EndpointConfiguration = new Aws.ApiGateway.Inputs.RestApiEndpointConfigurationArgs\n {\n Types = \"PRIVATE\",\n VpcEndpointIds = new[]\n {\n exampleVpcEndpoint[0].Id,\n exampleVpcEndpoint[1].Id,\n exampleVpcEndpoint[2].Id,\n },\n },\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = exampleRestApi.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(exampleRestApi.Body)),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = exampleRestApi.Id,\n StageName = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDefaultSecurityGroup, err := ec2.NewDefaultSecurityGroup(ctx, \"example\", \u0026ec2.DefaultSecurityGroupArgs{\n\t\t\tVpcId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t\tCidrBlock: example.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\n\t\t\t\treturn std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\n\t\t\t\t\tInput: cidrBlock,\n\t\t\t\t\tNewbits: 8,\n\t\t\t\t\tNetnum: 0,\n\t\t\t\t}, nil), nil\n\t\t\t}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tVpcId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar exampleVpcEndpoint []*ec2.VpcEndpoint\n\t\tfor index := 0; index \u003c 3; index++ {\n\t\t\tkey0 := index\n\t\t\t_ := index\n\t\t\t__res, err := ec2.NewVpcEndpoint(ctx, fmt.Sprintf(\"example-%v\", key0), \u0026ec2.VpcEndpointArgs{\n\t\t\t\tPrivateDnsEnabled: pulumi.Bool(false),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\texampleDefaultSecurityGroup.ID(),\n\t\t\t\t},\n\t\t\t\tServiceName: pulumi.String(fmt.Sprintf(\"com.amazonaws.%v.execute-api\", current.Name)),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleSubnet.ID(),\n\t\t\t\t},\n\t\t\t\tVpcEndpointType: pulumi.String(\"Interface\"),\n\t\t\t\tVpcId: example.ID(),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\texampleVpcEndpoint = append(exampleVpcEndpoint, __res)\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"openapi\": \"3.0.1\",\n\t\t\t\"info\": map[string]interface{}{\n\t\t\t\t\"title\": \"example\",\n\t\t\t\t\"version\": \"1.0\",\n\t\t\t},\n\t\t\t\"paths\": map[string]interface{}{\n\t\t\t\t\"/path1\": map[string]interface{}{\n\t\t\t\t\t\"get\": map[string]interface{}{\n\t\t\t\t\t\t\"x-amazon-apigateway-integration\": map[string]interface{}{\n\t\t\t\t\t\t\t\"httpMethod\": \"GET\",\n\t\t\t\t\t\t\t\"payloadFormatVersion\": \"1.0\",\n\t\t\t\t\t\t\t\"type\": \"HTTP_PROXY\",\n\t\t\t\t\t\t\t\"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleRestApi, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tBody: pulumi.String(json0),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tPutRestApiMode: pulumi.String(\"merge\"),\n\t\t\tEndpointConfiguration: \u0026apigateway.RestApiEndpointConfigurationArgs{\n\t\t\t\tTypes: pulumi.String(\"PRIVATE\"),\n\t\t\t\tVpcEndpointIds: pulumi.StringArray{\n\t\t\t\t\texampleVpcEndpoint[0].ID(),\n\t\t\t\t\texampleVpcEndpoint[1].ID(),\n\t\t\t\t\texampleVpcEndpoint[2].ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: exampleRestApi.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: exampleRestApi.Body.ApplyT(func(body *string) (pulumi.String, error) {\n\t\t\t\t\t\tvar _zero pulumi.String\n\t\t\t\t\t\ttmpJSON1, err := json.Marshal(body)\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson1 := string(tmpJSON1)\n\t\t\t\t\t\treturn pulumi.String(json1), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: exampleRestApi.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.DefaultSecurityGroup;\nimport com.pulumi.aws.ec2.DefaultSecurityGroupArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.inputs.RestApiEndpointConfigurationArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n final var current = AwsFunctions.getRegion();\n\n var example = new Vpc(\"example\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build());\n\n var exampleDefaultSecurityGroup = new DefaultSecurityGroup(\"exampleDefaultSecurityGroup\", DefaultSecurityGroupArgs.builder() \n .vpcId(example.id())\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder() \n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .cidrBlock(example.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .vpcId(example.id())\n .build());\n\n for (var i = 0; i \u003c 3; i++) {\n new VpcEndpoint(\"exampleVpcEndpoint-\" + i, VpcEndpointArgs.builder() \n .privateDnsEnabled(false)\n .securityGroupIds(exampleDefaultSecurityGroup.id())\n .serviceName(String.format(\"com.amazonaws.%s.execute-api\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .subnetIds(exampleSubnet.id())\n .vpcEndpointType(\"Interface\")\n .vpcId(example.id())\n .build());\n\n \n}\n var exampleRestApi = new RestApi(\"exampleRestApi\", RestApiArgs.builder() \n .body(serializeJson(\n jsonObject(\n jsonProperty(\"openapi\", \"3.0.1\"),\n jsonProperty(\"info\", jsonObject(\n jsonProperty(\"title\", \"example\"),\n jsonProperty(\"version\", \"1.0\")\n )),\n jsonProperty(\"paths\", jsonObject(\n jsonProperty(\"/path1\", jsonObject(\n jsonProperty(\"get\", jsonObject(\n jsonProperty(\"x-amazon-apigateway-integration\", jsonObject(\n jsonProperty(\"httpMethod\", \"GET\"),\n jsonProperty(\"payloadFormatVersion\", \"1.0\"),\n jsonProperty(\"type\", \"HTTP_PROXY\"),\n jsonProperty(\"uri\", \"https://ip-ranges.amazonaws.com/ip-ranges.json\")\n ))\n ))\n ))\n ))\n )))\n .name(\"example\")\n .putRestApiMode(\"merge\")\n .endpointConfiguration(RestApiEndpointConfigurationArgs.builder()\n .types(\"PRIVATE\")\n .vpcEndpointIds( \n exampleVpcEndpoint[0].id(),\n exampleVpcEndpoint[1].id(),\n exampleVpcEndpoint[2].id())\n .build())\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(exampleRestApi.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(exampleRestApi.id())\n .stageName(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n exampleDefaultSecurityGroup:\n type: aws:ec2:DefaultSecurityGroup\n name: example\n properties:\n vpcId: ${example.id}\n exampleSubnet:\n type: aws:ec2:Subnet\n name: example\n properties:\n availabilityZone: ${available.names[0]}\n cidrBlock:\n fn::invoke:\n Function: std:cidrsubnet\n Arguments:\n input: ${example.cidrBlock}\n newbits: 8\n netnum: 0\n Return: result\n vpcId: ${example.id}\n exampleVpcEndpoint:\n type: aws:ec2:VpcEndpoint\n name: example\n properties:\n privateDnsEnabled: false\n securityGroupIds:\n - ${exampleDefaultSecurityGroup.id}\n serviceName: com.amazonaws.${current.name}.execute-api\n subnetIds:\n - ${exampleSubnet.id}\n vpcEndpointType: Interface\n vpcId: ${example.id}\n options: {}\n exampleRestApi:\n type: aws:apigateway:RestApi\n name: example\n properties:\n body:\n fn::toJSON:\n openapi: 3.0.1\n info:\n title: example\n version: '1.0'\n paths:\n /path1:\n get:\n x-amazon-apigateway-integration:\n httpMethod: GET\n payloadFormatVersion: '1.0'\n type: HTTP_PROXY\n uri: https://ip-ranges.amazonaws.com/ip-ranges.json\n name: example\n putRestApiMode: merge\n endpointConfiguration:\n types: PRIVATE\n vpcEndpointIds:\n - ${exampleVpcEndpoint[0].id}\n - ${exampleVpcEndpoint[1].id}\n - ${exampleVpcEndpoint[2].id}\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${exampleRestApi.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON: ${exampleRestApi.body}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${exampleRestApi.id}\n stageName: example\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Resources\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new aws.apigateway.RestApi(\"example\", {name: \"example\"});\nconst exampleResource = new aws.apigateway.Resource(\"example\", {\n parentId: example.rootResourceId,\n pathPart: \"example\",\n restApi: example.id,\n});\nconst exampleMethod = new aws.apigateway.Method(\"example\", {\n authorization: \"NONE\",\n httpMethod: \"GET\",\n resourceId: exampleResource.id,\n restApi: example.id,\n});\nconst exampleIntegration = new aws.apigateway.Integration(\"example\", {\n httpMethod: exampleMethod.httpMethod,\n resourceId: exampleResource.id,\n restApi: example.id,\n type: \"MOCK\",\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: example.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify([\n exampleResource.id,\n exampleMethod.id,\n exampleIntegration.id,\n ]),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: example.id,\n stageName: \"example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.apigateway.RestApi(\"example\", name=\"example\")\nexample_resource = aws.apigateway.Resource(\"example\",\n parent_id=example.root_resource_id,\n path_part=\"example\",\n rest_api=example.id)\nexample_method = aws.apigateway.Method(\"example\",\n authorization=\"NONE\",\n http_method=\"GET\",\n resource_id=example_resource.id,\n rest_api=example.id)\nexample_integration = aws.apigateway.Integration(\"example\",\n http_method=example_method.http_method,\n resource_id=example_resource.id,\n rest_api=example.id,\n type=\"MOCK\")\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps([\n example_resource.id,\n example_method.id,\n example_integration.id,\n ])).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example.id,\n stage_name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Name = \"example\",\n });\n\n var exampleResource = new Aws.ApiGateway.Resource(\"example\", new()\n {\n ParentId = example.RootResourceId,\n PathPart = \"example\",\n RestApi = example.Id,\n });\n\n var exampleMethod = new Aws.ApiGateway.Method(\"example\", new()\n {\n Authorization = \"NONE\",\n HttpMethod = \"GET\",\n ResourceId = exampleResource.Id,\n RestApi = example.Id,\n });\n\n var exampleIntegration = new Aws.ApiGateway.Integration(\"example\", new()\n {\n HttpMethod = exampleMethod.HttpMethod,\n ResourceId = exampleResource.Id,\n RestApi = example.Id,\n Type = \"MOCK\",\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = example.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(new[]\n {\n exampleResource.Id,\n exampleMethod.Id,\n exampleIntegration.Id,\n })),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = example.Id,\n StageName = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleResource, err := apigateway.NewResource(ctx, \"example\", \u0026apigateway.ResourceArgs{\n\t\t\tParentId: example.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"example\"),\n\t\t\tRestApi: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMethod, err := apigateway.NewMethod(ctx, \"example\", \u0026apigateway.MethodArgs{\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tResourceId: exampleResource.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleIntegration, err := apigateway.NewIntegration(ctx, \"example\", \u0026apigateway.IntegrationArgs{\n\t\t\tHttpMethod: exampleMethod.HttpMethod,\n\t\t\tResourceId: exampleResource.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: example.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: pulumi.All(exampleResource.ID(), exampleMethod.ID(), exampleIntegration.ID()).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\t\texampleResourceId := _args[0].(string)\n\t\t\t\t\t\texampleMethodId := _args[1].(string)\n\t\t\t\t\t\texampleIntegrationId := _args[2].(string)\n\t\t\t\t\t\tvar _zero string\n\t\t\t\t\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\t\t\t\texampleResourceId,\n\t\t\t\t\t\t\texampleMethodId,\n\t\t\t\t\t\t\texampleIntegrationId,\n\t\t\t\t\t\t})\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\t\t\treturn json0, nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RestApi(\"example\", RestApiArgs.builder() \n .name(\"example\")\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder() \n .parentId(example.rootResourceId())\n .pathPart(\"example\")\n .restApi(example.id())\n .build());\n\n var exampleMethod = new Method(\"exampleMethod\", MethodArgs.builder() \n .authorization(\"NONE\")\n .httpMethod(\"GET\")\n .resourceId(exampleResource.id())\n .restApi(example.id())\n .build());\n\n var exampleIntegration = new Integration(\"exampleIntegration\", IntegrationArgs.builder() \n .httpMethod(exampleMethod.httpMethod())\n .resourceId(exampleResource.id())\n .restApi(example.id())\n .type(\"MOCK\")\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(example.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(example.id())\n .stageName(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigateway:RestApi\n properties:\n name: example\n exampleResource:\n type: aws:apigateway:Resource\n name: example\n properties:\n parentId: ${example.rootResourceId}\n pathPart: example\n restApi: ${example.id}\n exampleMethod:\n type: aws:apigateway:Method\n name: example\n properties:\n authorization: NONE\n httpMethod: GET\n resourceId: ${exampleResource.id}\n restApi: ${example.id}\n exampleIntegration:\n type: aws:apigateway:Integration\n name: example\n properties:\n httpMethod: ${exampleMethod.httpMethod}\n resourceId: ${exampleResource.id}\n restApi: ${example.id}\n type: MOCK\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${example.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON:\n - ${exampleResource.id}\n - ${exampleMethod.id}\n - ${exampleIntegration.id}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${example.id}\n stageName: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_rest_api` using the REST API ID. For example:\n\n```sh\n$ pulumi import aws:apigateway/restApi:RestApi example 12345abcde\n```\n~\u003e __NOTE:__ Resource import does not currently support the `body` attribute.\n\n", "properties": { "apiKeySource": { "type": "string", @@ -161014,7 +161014,7 @@ } }, "aws:apigatewayv2/domainName:DomainName": { - "description": "Manages an Amazon API Gateway Version 2 domain name.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\n\u003e **Note:** This resource establishes ownership of and the TLS settings for\na particular domain name. An API stage can be associated with the domain name using the `aws.apigatewayv2.ApiMapping` resource.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.DomainName(\"example\", {\n domainName: \"ws-api.example.com\",\n domainNameConfiguration: {\n certificateArn: exampleAwsAcmCertificate.arn,\n endpointType: \"REGIONAL\",\n securityPolicy: \"TLS_1_2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.DomainName(\"example\",\n domain_name=\"ws-api.example.com\",\n domain_name_configuration=aws.apigatewayv2.DomainNameDomainNameConfigurationArgs(\n certificate_arn=example_aws_acm_certificate[\"arn\"],\n endpoint_type=\"REGIONAL\",\n security_policy=\"TLS_1_2\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.DomainName(\"example\", new()\n {\n Domain = \"ws-api.example.com\",\n DomainNameConfiguration = new Aws.ApiGatewayV2.Inputs.DomainNameDomainNameConfigurationArgs\n {\n CertificateArn = exampleAwsAcmCertificate.Arn,\n EndpointType = \"REGIONAL\",\n SecurityPolicy = \"TLS_1_2\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewDomainName(ctx, \"example\", \u0026apigatewayv2.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"ws-api.example.com\"),\n\t\t\tDomainNameConfiguration: \u0026apigatewayv2.DomainNameDomainNameConfigurationArgs{\n\t\t\t\tCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),\n\t\t\t\tEndpointType: pulumi.String(\"REGIONAL\"),\n\t\t\t\tSecurityPolicy: pulumi.String(\"TLS_1_2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.DomainName;\nimport com.pulumi.aws.apigatewayv2.DomainNameArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.DomainNameDomainNameConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .domainName(\"ws-api.example.com\")\n .domainNameConfiguration(DomainNameDomainNameConfigurationArgs.builder()\n .certificateArn(exampleAwsAcmCertificate.arn())\n .endpointType(\"REGIONAL\")\n .securityPolicy(\"TLS_1_2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:DomainName\n properties:\n domainName: ws-api.example.com\n domainNameConfiguration:\n certificateArn: ${exampleAwsAcmCertificate.arn}\n endpointType: REGIONAL\n securityPolicy: TLS_1_2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Associated Route 53 Resource Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.DomainName(\"example\", {\n domainName: \"http-api.example.com\",\n domainNameConfiguration: {\n certificateArn: exampleAwsAcmCertificate.arn,\n endpointType: \"REGIONAL\",\n securityPolicy: \"TLS_1_2\",\n },\n});\nconst exampleRecord = new aws.route53.Record(\"example\", {\n name: example.domainName,\n type: \"A\",\n zoneId: exampleAwsRoute53Zone.zoneId,\n aliases: [{\n name: example.domainNameConfiguration.apply(domainNameConfiguration =\u003e domainNameConfiguration.targetDomainName),\n zoneId: example.domainNameConfiguration.apply(domainNameConfiguration =\u003e domainNameConfiguration.hostedZoneId),\n evaluateTargetHealth: false,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.DomainName(\"example\",\n domain_name=\"http-api.example.com\",\n domain_name_configuration=aws.apigatewayv2.DomainNameDomainNameConfigurationArgs(\n certificate_arn=example_aws_acm_certificate[\"arn\"],\n endpoint_type=\"REGIONAL\",\n security_policy=\"TLS_1_2\",\n ))\nexample_record = aws.route53.Record(\"example\",\n name=example.domain_name,\n type=\"A\",\n zone_id=example_aws_route53_zone[\"zoneId\"],\n aliases=[aws.route53.RecordAliasArgs(\n name=example.domain_name_configuration.target_domain_name,\n zone_id=example.domain_name_configuration.hosted_zone_id,\n evaluate_target_health=False,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.DomainName(\"example\", new()\n {\n Domain = \"http-api.example.com\",\n DomainNameConfiguration = new Aws.ApiGatewayV2.Inputs.DomainNameDomainNameConfigurationArgs\n {\n CertificateArn = exampleAwsAcmCertificate.Arn,\n EndpointType = \"REGIONAL\",\n SecurityPolicy = \"TLS_1_2\",\n },\n });\n\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n Name = example.Domain,\n Type = \"A\",\n ZoneId = exampleAwsRoute53Zone.ZoneId,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = example.DomainNameConfiguration.Apply(domainNameConfiguration =\u003e domainNameConfiguration.TargetDomainName),\n ZoneId = example.DomainNameConfiguration.Apply(domainNameConfiguration =\u003e domainNameConfiguration.HostedZoneId),\n EvaluateTargetHealth = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigatewayv2.NewDomainName(ctx, \"example\", \u0026apigatewayv2.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"http-api.example.com\"),\n\t\t\tDomainNameConfiguration: \u0026apigatewayv2.DomainNameDomainNameConfigurationArgs{\n\t\t\t\tCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),\n\t\t\t\tEndpointType: pulumi.String(\"REGIONAL\"),\n\t\t\t\tSecurityPolicy: pulumi.String(\"TLS_1_2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tName: example.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.ZoneId),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: example.DomainNameConfiguration.ApplyT(func(domainNameConfiguration apigatewayv2.DomainNameDomainNameConfiguration) (*string, error) {\n\t\t\t\t\t\treturn \u0026domainNameConfiguration.TargetDomainName, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\tZoneId: example.DomainNameConfiguration.ApplyT(func(domainNameConfiguration apigatewayv2.DomainNameDomainNameConfiguration) (*string, error) {\n\t\t\t\t\t\treturn \u0026domainNameConfiguration.HostedZoneId, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.DomainName;\nimport com.pulumi.aws.apigatewayv2.DomainNameArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.DomainNameDomainNameConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .domainName(\"http-api.example.com\")\n .domainNameConfiguration(DomainNameDomainNameConfigurationArgs.builder()\n .certificateArn(exampleAwsAcmCertificate.arn())\n .endpointType(\"REGIONAL\")\n .securityPolicy(\"TLS_1_2\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(example.domainName())\n .type(\"A\")\n .zoneId(exampleAwsRoute53Zone.zoneId())\n .aliases(RecordAliasArgs.builder()\n .name(example.domainNameConfiguration().applyValue(domainNameConfiguration -\u003e domainNameConfiguration.targetDomainName()))\n .zoneId(example.domainNameConfiguration().applyValue(domainNameConfiguration -\u003e domainNameConfiguration.hostedZoneId()))\n .evaluateTargetHealth(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:DomainName\n properties:\n domainName: http-api.example.com\n domainNameConfiguration:\n certificateArn: ${exampleAwsAcmCertificate.arn}\n endpointType: REGIONAL\n securityPolicy: TLS_1_2\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n name: ${example.domainName}\n type: A\n zoneId: ${exampleAwsRoute53Zone.zoneId}\n aliases:\n - name: ${example.domainNameConfiguration.targetDomainName}\n zoneId: ${example.domainNameConfiguration.hostedZoneId}\n evaluateTargetHealth: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_apigatewayv2_domain_name` using the domain name. For example:\n\n```sh\n$ pulumi import aws:apigatewayv2/domainName:DomainName example ws-api.example.com\n```\n", + "description": "Manages an Amazon API Gateway Version 2 domain name.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\n\u003e **Note:** This resource establishes ownership of and the TLS settings for\na particular domain name. An API stage can be associated with the domain name using the `aws.apigatewayv2.ApiMapping` resource.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.DomainName(\"example\", {\n domainName: \"ws-api.example.com\",\n domainNameConfiguration: {\n certificateArn: exampleAwsAcmCertificate.arn,\n endpointType: \"REGIONAL\",\n securityPolicy: \"TLS_1_2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.DomainName(\"example\",\n domain_name=\"ws-api.example.com\",\n domain_name_configuration=aws.apigatewayv2.DomainNameDomainNameConfigurationArgs(\n certificate_arn=example_aws_acm_certificate[\"arn\"],\n endpoint_type=\"REGIONAL\",\n security_policy=\"TLS_1_2\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.DomainName(\"example\", new()\n {\n Domain = \"ws-api.example.com\",\n DomainNameConfiguration = new Aws.ApiGatewayV2.Inputs.DomainNameDomainNameConfigurationArgs\n {\n CertificateArn = exampleAwsAcmCertificate.Arn,\n EndpointType = \"REGIONAL\",\n SecurityPolicy = \"TLS_1_2\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewDomainName(ctx, \"example\", \u0026apigatewayv2.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"ws-api.example.com\"),\n\t\t\tDomainNameConfiguration: \u0026apigatewayv2.DomainNameDomainNameConfigurationArgs{\n\t\t\t\tCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),\n\t\t\t\tEndpointType: pulumi.String(\"REGIONAL\"),\n\t\t\t\tSecurityPolicy: pulumi.String(\"TLS_1_2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.DomainName;\nimport com.pulumi.aws.apigatewayv2.DomainNameArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.DomainNameDomainNameConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .domainName(\"ws-api.example.com\")\n .domainNameConfiguration(DomainNameDomainNameConfigurationArgs.builder()\n .certificateArn(exampleAwsAcmCertificate.arn())\n .endpointType(\"REGIONAL\")\n .securityPolicy(\"TLS_1_2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:DomainName\n properties:\n domainName: ws-api.example.com\n domainNameConfiguration:\n certificateArn: ${exampleAwsAcmCertificate.arn}\n endpointType: REGIONAL\n securityPolicy: TLS_1_2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Associated Route 53 Resource Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.DomainName(\"example\", {\n domainName: \"http-api.example.com\",\n domainNameConfiguration: {\n certificateArn: exampleAwsAcmCertificate.arn,\n endpointType: \"REGIONAL\",\n securityPolicy: \"TLS_1_2\",\n },\n});\nconst exampleRecord = new aws.route53.Record(\"example\", {\n name: example.domainName,\n type: aws.route53.RecordType.A,\n zoneId: exampleAwsRoute53Zone.zoneId,\n aliases: [{\n name: example.domainNameConfiguration.apply(domainNameConfiguration =\u003e domainNameConfiguration.targetDomainName),\n zoneId: example.domainNameConfiguration.apply(domainNameConfiguration =\u003e domainNameConfiguration.hostedZoneId),\n evaluateTargetHealth: false,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.DomainName(\"example\",\n domain_name=\"http-api.example.com\",\n domain_name_configuration=aws.apigatewayv2.DomainNameDomainNameConfigurationArgs(\n certificate_arn=example_aws_acm_certificate[\"arn\"],\n endpoint_type=\"REGIONAL\",\n security_policy=\"TLS_1_2\",\n ))\nexample_record = aws.route53.Record(\"example\",\n name=example.domain_name,\n type=aws.route53.RecordType.A,\n zone_id=example_aws_route53_zone[\"zoneId\"],\n aliases=[aws.route53.RecordAliasArgs(\n name=example.domain_name_configuration.target_domain_name,\n zone_id=example.domain_name_configuration.hosted_zone_id,\n evaluate_target_health=False,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.DomainName(\"example\", new()\n {\n Domain = \"http-api.example.com\",\n DomainNameConfiguration = new Aws.ApiGatewayV2.Inputs.DomainNameDomainNameConfigurationArgs\n {\n CertificateArn = exampleAwsAcmCertificate.Arn,\n EndpointType = \"REGIONAL\",\n SecurityPolicy = \"TLS_1_2\",\n },\n });\n\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n Name = example.Domain,\n Type = Aws.Route53.RecordType.A,\n ZoneId = exampleAwsRoute53Zone.ZoneId,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = example.DomainNameConfiguration.Apply(domainNameConfiguration =\u003e domainNameConfiguration.TargetDomainName),\n ZoneId = example.DomainNameConfiguration.Apply(domainNameConfiguration =\u003e domainNameConfiguration.HostedZoneId),\n EvaluateTargetHealth = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := apigatewayv2.NewDomainName(ctx, \"example\", \u0026apigatewayv2.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"http-api.example.com\"),\n\t\t\tDomainNameConfiguration: \u0026apigatewayv2.DomainNameDomainNameConfigurationArgs{\n\t\t\t\tCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),\n\t\t\t\tEndpointType: pulumi.String(\"REGIONAL\"),\n\t\t\t\tSecurityPolicy: pulumi.String(\"TLS_1_2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tName: example.DomainName,\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.ZoneId),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: example.DomainNameConfiguration.ApplyT(func(domainNameConfiguration apigatewayv2.DomainNameDomainNameConfiguration) (*string, error) {\n\t\t\t\t\t\treturn \u0026domainNameConfiguration.TargetDomainName, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\tZoneId: example.DomainNameConfiguration.ApplyT(func(domainNameConfiguration apigatewayv2.DomainNameDomainNameConfiguration) (*string, error) {\n\t\t\t\t\t\treturn \u0026domainNameConfiguration.HostedZoneId, nil\n\t\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.DomainName;\nimport com.pulumi.aws.apigatewayv2.DomainNameArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.DomainNameDomainNameConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainName(\"example\", DomainNameArgs.builder() \n .domainName(\"http-api.example.com\")\n .domainNameConfiguration(DomainNameDomainNameConfigurationArgs.builder()\n .certificateArn(exampleAwsAcmCertificate.arn())\n .endpointType(\"REGIONAL\")\n .securityPolicy(\"TLS_1_2\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(example.domainName())\n .type(\"A\")\n .zoneId(exampleAwsRoute53Zone.zoneId())\n .aliases(RecordAliasArgs.builder()\n .name(example.domainNameConfiguration().applyValue(domainNameConfiguration -\u003e domainNameConfiguration.targetDomainName()))\n .zoneId(example.domainNameConfiguration().applyValue(domainNameConfiguration -\u003e domainNameConfiguration.hostedZoneId()))\n .evaluateTargetHealth(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:DomainName\n properties:\n domainName: http-api.example.com\n domainNameConfiguration:\n certificateArn: ${exampleAwsAcmCertificate.arn}\n endpointType: REGIONAL\n securityPolicy: TLS_1_2\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n name: ${example.domainName}\n type: A\n zoneId: ${exampleAwsRoute53Zone.zoneId}\n aliases:\n - name: ${example.domainNameConfiguration.targetDomainName}\n zoneId: ${example.domainNameConfiguration.hostedZoneId}\n evaluateTargetHealth: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_apigatewayv2_domain_name` using the domain name. For example:\n\n```sh\n$ pulumi import aws:apigatewayv2/domainName:DomainName example ws-api.example.com\n```\n", "properties": { "apiMappingSelectionExpression": { "type": "string", @@ -161144,7 +161144,7 @@ } }, "aws:apigatewayv2/integration:Integration": { - "description": "Manages an Amazon API Gateway Version 2 integration.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n integrationType: \"MOCK\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n integration_type=\"MOCK\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n IntegrationType = \"MOCK\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tIntegrationType: pulumi.String(\"MOCK\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Integration(\"example\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .integrationType(\"MOCK\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:Integration\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n integrationType: MOCK\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.Function(\"example\", {\n code: new pulumi.asset.FileArchive(\"example.zip\"),\n name: \"Example\",\n role: exampleAwsIamRole.arn,\n handler: \"index.handler\",\n runtime: \"nodejs16.x\",\n});\nconst exampleIntegration = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n integrationType: \"AWS_PROXY\",\n connectionType: \"INTERNET\",\n contentHandlingStrategy: \"CONVERT_TO_TEXT\",\n description: \"Lambda example\",\n integrationMethod: \"POST\",\n integrationUri: example.invokeArn,\n passthroughBehavior: \"WHEN_NO_MATCH\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.Function(\"example\",\n code=pulumi.FileArchive(\"example.zip\"),\n name=\"Example\",\n role=example_aws_iam_role[\"arn\"],\n handler=\"index.handler\",\n runtime=\"nodejs16.x\")\nexample_integration = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n integration_type=\"AWS_PROXY\",\n connection_type=\"INTERNET\",\n content_handling_strategy=\"CONVERT_TO_TEXT\",\n description=\"Lambda example\",\n integration_method=\"POST\",\n integration_uri=example.invoke_arn,\n passthrough_behavior=\"WHEN_NO_MATCH\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n Code = new FileArchive(\"example.zip\"),\n Name = \"Example\",\n Role = exampleAwsIamRole.Arn,\n Handler = \"index.handler\",\n Runtime = \"nodejs16.x\",\n });\n\n var exampleIntegration = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n IntegrationType = \"AWS_PROXY\",\n ConnectionType = \"INTERNET\",\n ContentHandlingStrategy = \"CONVERT_TO_TEXT\",\n Description = \"Lambda example\",\n IntegrationMethod = \"POST\",\n IntegrationUri = example.InvokeArn,\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"example.zip\"),\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t\tRole: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tHandler: pulumi.String(\"index.handler\"),\n\t\t\tRuntime: pulumi.String(\"nodejs16.x\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tIntegrationType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tConnectionType: pulumi.String(\"INTERNET\"),\n\t\t\tContentHandlingStrategy: pulumi.String(\"CONVERT_TO_TEXT\"),\n\t\t\tDescription: pulumi.String(\"Lambda example\"),\n\t\t\tIntegrationMethod: pulumi.String(\"POST\"),\n\t\t\tIntegrationUri: example.InvokeArn,\n\t\t\tPassthroughBehavior: pulumi.String(\"WHEN_NO_MATCH\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Function(\"example\", FunctionArgs.builder() \n .code(new FileArchive(\"example.zip\"))\n .name(\"Example\")\n .role(exampleAwsIamRole.arn())\n .handler(\"index.handler\")\n .runtime(\"nodejs16.x\")\n .build());\n\n var exampleIntegration = new Integration(\"exampleIntegration\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .integrationType(\"AWS_PROXY\")\n .connectionType(\"INTERNET\")\n .contentHandlingStrategy(\"CONVERT_TO_TEXT\")\n .description(\"Lambda example\")\n .integrationMethod(\"POST\")\n .integrationUri(example.invokeArn())\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: example.zip\n name: Example\n role: ${exampleAwsIamRole.arn}\n handler: index.handler\n runtime: nodejs16.x\n exampleIntegration:\n type: aws:apigatewayv2:Integration\n name: example\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n integrationType: AWS_PROXY\n connectionType: INTERNET\n contentHandlingStrategy: CONVERT_TO_TEXT\n description: Lambda example\n integrationMethod: POST\n integrationUri: ${example.invokeArn}\n passthroughBehavior: WHEN_NO_MATCH\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### AWS Service Integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n credentialsArn: exampleAwsIamRole.arn,\n description: \"SQS example\",\n integrationType: \"AWS_PROXY\",\n integrationSubtype: \"SQS-SendMessage\",\n requestParameters: {\n QueueUrl: \"$request.header.queueUrl\",\n MessageBody: \"$request.body.message\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n credentials_arn=example_aws_iam_role[\"arn\"],\n description=\"SQS example\",\n integration_type=\"AWS_PROXY\",\n integration_subtype=\"SQS-SendMessage\",\n request_parameters={\n \"QueueUrl\": \"$request.header.queueUrl\",\n \"MessageBody\": \"$request.body.message\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n CredentialsArn = exampleAwsIamRole.Arn,\n Description = \"SQS example\",\n IntegrationType = \"AWS_PROXY\",\n IntegrationSubtype = \"SQS-SendMessage\",\n RequestParameters = \n {\n { \"QueueUrl\", \"$request.header.queueUrl\" },\n { \"MessageBody\", \"$request.body.message\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tCredentialsArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tDescription: pulumi.String(\"SQS example\"),\n\t\t\tIntegrationType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tIntegrationSubtype: pulumi.String(\"SQS-SendMessage\"),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"QueueUrl\": pulumi.String(\"$request.header.queueUrl\"),\n\t\t\t\t\"MessageBody\": pulumi.String(\"$request.body.message\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Integration(\"example\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .credentialsArn(exampleAwsIamRole.arn())\n .description(\"SQS example\")\n .integrationType(\"AWS_PROXY\")\n .integrationSubtype(\"SQS-SendMessage\")\n .requestParameters(Map.ofEntries(\n Map.entry(\"QueueUrl\", \"$request.header.queueUrl\"),\n Map.entry(\"MessageBody\", \"$request.body.message\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:Integration\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n credentialsArn: ${exampleAwsIamRole.arn}\n description: SQS example\n integrationType: AWS_PROXY\n integrationSubtype: SQS-SendMessage\n requestParameters:\n QueueUrl: $request.header.queueUrl\n MessageBody: $request.body.message\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private Integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n credentialsArn: exampleAwsIamRole.arn,\n description: \"Example with a load balancer\",\n integrationType: \"HTTP_PROXY\",\n integrationUri: exampleAwsLbListener.arn,\n integrationMethod: \"ANY\",\n connectionType: \"VPC_LINK\",\n connectionId: exampleAwsApigatewayv2VpcLink.id,\n tlsConfig: {\n serverNameToVerify: \"example.com\",\n },\n requestParameters: {\n \"append:header.authforintegration\": \"$context.authorizer.authorizerResponse\",\n \"overwrite:path\": \"staticValueForIntegration\",\n },\n responseParameters: [\n {\n statusCode: \"403\",\n mappings: {\n \"append:header.auth\": \"$context.authorizer.authorizerResponse\",\n },\n },\n {\n statusCode: \"200\",\n mappings: {\n \"overwrite:statuscode\": \"204\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n credentials_arn=example_aws_iam_role[\"arn\"],\n description=\"Example with a load balancer\",\n integration_type=\"HTTP_PROXY\",\n integration_uri=example_aws_lb_listener[\"arn\"],\n integration_method=\"ANY\",\n connection_type=\"VPC_LINK\",\n connection_id=example_aws_apigatewayv2_vpc_link[\"id\"],\n tls_config=aws.apigatewayv2.IntegrationTlsConfigArgs(\n server_name_to_verify=\"example.com\",\n ),\n request_parameters={\n \"append:header.authforintegration\": \"$context.authorizer.authorizerResponse\",\n \"overwrite:path\": \"staticValueForIntegration\",\n },\n response_parameters=[\n aws.apigatewayv2.IntegrationResponseParameterArgs(\n status_code=\"403\",\n mappings={\n \"append:header.auth\": \"$context.authorizer.authorizerResponse\",\n },\n ),\n aws.apigatewayv2.IntegrationResponseParameterArgs(\n status_code=\"200\",\n mappings={\n \"overwrite:statuscode\": \"204\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n CredentialsArn = exampleAwsIamRole.Arn,\n Description = \"Example with a load balancer\",\n IntegrationType = \"HTTP_PROXY\",\n IntegrationUri = exampleAwsLbListener.Arn,\n IntegrationMethod = \"ANY\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = exampleAwsApigatewayv2VpcLink.Id,\n TlsConfig = new Aws.ApiGatewayV2.Inputs.IntegrationTlsConfigArgs\n {\n ServerNameToVerify = \"example.com\",\n },\n RequestParameters = \n {\n { \"append:header.authforintegration\", \"$context.authorizer.authorizerResponse\" },\n { \"overwrite:path\", \"staticValueForIntegration\" },\n },\n ResponseParameters = new[]\n {\n new Aws.ApiGatewayV2.Inputs.IntegrationResponseParameterArgs\n {\n StatusCode = \"403\",\n Mappings = \n {\n { \"append:header.auth\", \"$context.authorizer.authorizerResponse\" },\n },\n },\n new Aws.ApiGatewayV2.Inputs.IntegrationResponseParameterArgs\n {\n StatusCode = \"200\",\n Mappings = \n {\n { \"overwrite:statuscode\", \"204\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tCredentialsArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tDescription: pulumi.String(\"Example with a load balancer\"),\n\t\t\tIntegrationType: pulumi.String(\"HTTP_PROXY\"),\n\t\t\tIntegrationUri: pulumi.Any(exampleAwsLbListener.Arn),\n\t\t\tIntegrationMethod: pulumi.String(\"ANY\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: pulumi.Any(exampleAwsApigatewayv2VpcLink.Id),\n\t\t\tTlsConfig: \u0026apigatewayv2.IntegrationTlsConfigArgs{\n\t\t\t\tServerNameToVerify: pulumi.String(\"example.com\"),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"append:header.authforintegration\": pulumi.String(\"$context.authorizer.authorizerResponse\"),\n\t\t\t\t\"overwrite:path\": pulumi.String(\"staticValueForIntegration\"),\n\t\t\t},\n\t\t\tResponseParameters: apigatewayv2.IntegrationResponseParameterArray{\n\t\t\t\t\u0026apigatewayv2.IntegrationResponseParameterArgs{\n\t\t\t\t\tStatusCode: pulumi.String(\"403\"),\n\t\t\t\t\tMappings: pulumi.StringMap{\n\t\t\t\t\t\t\"append:header.auth\": pulumi.String(\"$context.authorizer.authorizerResponse\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026apigatewayv2.IntegrationResponseParameterArgs{\n\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\tMappings: pulumi.StringMap{\n\t\t\t\t\t\t\"overwrite:statuscode\": pulumi.String(\"204\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.IntegrationTlsConfigArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.IntegrationResponseParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Integration(\"example\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .credentialsArn(exampleAwsIamRole.arn())\n .description(\"Example with a load balancer\")\n .integrationType(\"HTTP_PROXY\")\n .integrationUri(exampleAwsLbListener.arn())\n .integrationMethod(\"ANY\")\n .connectionType(\"VPC_LINK\")\n .connectionId(exampleAwsApigatewayv2VpcLink.id())\n .tlsConfig(IntegrationTlsConfigArgs.builder()\n .serverNameToVerify(\"example.com\")\n .build())\n .requestParameters(Map.ofEntries(\n Map.entry(\"append:header.authforintegration\", \"$context.authorizer.authorizerResponse\"),\n Map.entry(\"overwrite:path\", \"staticValueForIntegration\")\n ))\n .responseParameters( \n IntegrationResponseParameterArgs.builder()\n .statusCode(403)\n .mappings(Map.of(\"append:header.auth\", \"$context.authorizer.authorizerResponse\"))\n .build(),\n IntegrationResponseParameterArgs.builder()\n .statusCode(200)\n .mappings(Map.of(\"overwrite:statuscode\", \"204\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:Integration\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n credentialsArn: ${exampleAwsIamRole.arn}\n description: Example with a load balancer\n integrationType: HTTP_PROXY\n integrationUri: ${exampleAwsLbListener.arn}\n integrationMethod: ANY\n connectionType: VPC_LINK\n connectionId: ${exampleAwsApigatewayv2VpcLink.id}\n tlsConfig:\n serverNameToVerify: example.com\n requestParameters:\n append:header.authforintegration: $context.authorizer.authorizerResponse\n overwrite:path: staticValueForIntegration\n responseParameters:\n - statusCode: 403\n mappings:\n append:header.auth: $context.authorizer.authorizerResponse\n - statusCode: 200\n mappings:\n overwrite:statuscode: '204'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_apigatewayv2_integration` using the API identifier and integration identifier. For example:\n\n```sh\n$ pulumi import aws:apigatewayv2/integration:Integration example aabbccddee/1122334\n```\n-\u003e __Note:__ The API Gateway managed integration created as part of [_quick_create_](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-basic-concept.html#apigateway-definition-quick-create) cannot be imported.\n\n", + "description": "Manages an Amazon API Gateway Version 2 integration.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n integrationType: \"MOCK\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n integration_type=\"MOCK\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n IntegrationType = \"MOCK\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tIntegrationType: pulumi.String(\"MOCK\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Integration(\"example\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .integrationType(\"MOCK\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:Integration\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n integrationType: MOCK\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.Function(\"example\", {\n code: new pulumi.asset.FileArchive(\"example.zip\"),\n name: \"Example\",\n role: exampleAwsIamRole.arn,\n handler: \"index.handler\",\n runtime: aws.lambda.Runtime.NodeJS16dX,\n});\nconst exampleIntegration = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n integrationType: \"AWS_PROXY\",\n connectionType: \"INTERNET\",\n contentHandlingStrategy: \"CONVERT_TO_TEXT\",\n description: \"Lambda example\",\n integrationMethod: \"POST\",\n integrationUri: example.invokeArn,\n passthroughBehavior: \"WHEN_NO_MATCH\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.Function(\"example\",\n code=pulumi.FileArchive(\"example.zip\"),\n name=\"Example\",\n role=example_aws_iam_role[\"arn\"],\n handler=\"index.handler\",\n runtime=aws.lambda_.Runtime.NODE_JS16D_X)\nexample_integration = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n integration_type=\"AWS_PROXY\",\n connection_type=\"INTERNET\",\n content_handling_strategy=\"CONVERT_TO_TEXT\",\n description=\"Lambda example\",\n integration_method=\"POST\",\n integration_uri=example.invoke_arn,\n passthrough_behavior=\"WHEN_NO_MATCH\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n Code = new FileArchive(\"example.zip\"),\n Name = \"Example\",\n Role = exampleAwsIamRole.Arn,\n Handler = \"index.handler\",\n Runtime = Aws.Lambda.Runtime.NodeJS16dX,\n });\n\n var exampleIntegration = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n IntegrationType = \"AWS_PROXY\",\n ConnectionType = \"INTERNET\",\n ContentHandlingStrategy = \"CONVERT_TO_TEXT\",\n Description = \"Lambda example\",\n IntegrationMethod = \"POST\",\n IntegrationUri = example.InvokeArn,\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"example.zip\"),\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t\tRole: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tHandler: pulumi.String(\"index.handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeNodeJS16dX),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tIntegrationType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tConnectionType: pulumi.String(\"INTERNET\"),\n\t\t\tContentHandlingStrategy: pulumi.String(\"CONVERT_TO_TEXT\"),\n\t\t\tDescription: pulumi.String(\"Lambda example\"),\n\t\t\tIntegrationMethod: pulumi.String(\"POST\"),\n\t\t\tIntegrationUri: example.InvokeArn,\n\t\t\tPassthroughBehavior: pulumi.String(\"WHEN_NO_MATCH\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Function(\"example\", FunctionArgs.builder() \n .code(new FileArchive(\"example.zip\"))\n .name(\"Example\")\n .role(exampleAwsIamRole.arn())\n .handler(\"index.handler\")\n .runtime(\"nodejs16.x\")\n .build());\n\n var exampleIntegration = new Integration(\"exampleIntegration\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .integrationType(\"AWS_PROXY\")\n .connectionType(\"INTERNET\")\n .contentHandlingStrategy(\"CONVERT_TO_TEXT\")\n .description(\"Lambda example\")\n .integrationMethod(\"POST\")\n .integrationUri(example.invokeArn())\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: example.zip\n name: Example\n role: ${exampleAwsIamRole.arn}\n handler: index.handler\n runtime: nodejs16.x\n exampleIntegration:\n type: aws:apigatewayv2:Integration\n name: example\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n integrationType: AWS_PROXY\n connectionType: INTERNET\n contentHandlingStrategy: CONVERT_TO_TEXT\n description: Lambda example\n integrationMethod: POST\n integrationUri: ${example.invokeArn}\n passthroughBehavior: WHEN_NO_MATCH\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### AWS Service Integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n credentialsArn: exampleAwsIamRole.arn,\n description: \"SQS example\",\n integrationType: \"AWS_PROXY\",\n integrationSubtype: \"SQS-SendMessage\",\n requestParameters: {\n QueueUrl: \"$request.header.queueUrl\",\n MessageBody: \"$request.body.message\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n credentials_arn=example_aws_iam_role[\"arn\"],\n description=\"SQS example\",\n integration_type=\"AWS_PROXY\",\n integration_subtype=\"SQS-SendMessage\",\n request_parameters={\n \"QueueUrl\": \"$request.header.queueUrl\",\n \"MessageBody\": \"$request.body.message\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n CredentialsArn = exampleAwsIamRole.Arn,\n Description = \"SQS example\",\n IntegrationType = \"AWS_PROXY\",\n IntegrationSubtype = \"SQS-SendMessage\",\n RequestParameters = \n {\n { \"QueueUrl\", \"$request.header.queueUrl\" },\n { \"MessageBody\", \"$request.body.message\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tCredentialsArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tDescription: pulumi.String(\"SQS example\"),\n\t\t\tIntegrationType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tIntegrationSubtype: pulumi.String(\"SQS-SendMessage\"),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"QueueUrl\": pulumi.String(\"$request.header.queueUrl\"),\n\t\t\t\t\"MessageBody\": pulumi.String(\"$request.body.message\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Integration(\"example\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .credentialsArn(exampleAwsIamRole.arn())\n .description(\"SQS example\")\n .integrationType(\"AWS_PROXY\")\n .integrationSubtype(\"SQS-SendMessage\")\n .requestParameters(Map.ofEntries(\n Map.entry(\"QueueUrl\", \"$request.header.queueUrl\"),\n Map.entry(\"MessageBody\", \"$request.body.message\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:Integration\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n credentialsArn: ${exampleAwsIamRole.arn}\n description: SQS example\n integrationType: AWS_PROXY\n integrationSubtype: SQS-SendMessage\n requestParameters:\n QueueUrl: $request.header.queueUrl\n MessageBody: $request.body.message\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private Integration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: exampleAwsApigatewayv2Api.id,\n credentialsArn: exampleAwsIamRole.arn,\n description: \"Example with a load balancer\",\n integrationType: \"HTTP_PROXY\",\n integrationUri: exampleAwsLbListener.arn,\n integrationMethod: \"ANY\",\n connectionType: \"VPC_LINK\",\n connectionId: exampleAwsApigatewayv2VpcLink.id,\n tlsConfig: {\n serverNameToVerify: \"example.com\",\n },\n requestParameters: {\n \"append:header.authforintegration\": \"$context.authorizer.authorizerResponse\",\n \"overwrite:path\": \"staticValueForIntegration\",\n },\n responseParameters: [\n {\n statusCode: \"403\",\n mappings: {\n \"append:header.auth\": \"$context.authorizer.authorizerResponse\",\n },\n },\n {\n statusCode: \"200\",\n mappings: {\n \"overwrite:statuscode\": \"204\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=example_aws_apigatewayv2_api[\"id\"],\n credentials_arn=example_aws_iam_role[\"arn\"],\n description=\"Example with a load balancer\",\n integration_type=\"HTTP_PROXY\",\n integration_uri=example_aws_lb_listener[\"arn\"],\n integration_method=\"ANY\",\n connection_type=\"VPC_LINK\",\n connection_id=example_aws_apigatewayv2_vpc_link[\"id\"],\n tls_config=aws.apigatewayv2.IntegrationTlsConfigArgs(\n server_name_to_verify=\"example.com\",\n ),\n request_parameters={\n \"append:header.authforintegration\": \"$context.authorizer.authorizerResponse\",\n \"overwrite:path\": \"staticValueForIntegration\",\n },\n response_parameters=[\n aws.apigatewayv2.IntegrationResponseParameterArgs(\n status_code=\"403\",\n mappings={\n \"append:header.auth\": \"$context.authorizer.authorizerResponse\",\n },\n ),\n aws.apigatewayv2.IntegrationResponseParameterArgs(\n status_code=\"200\",\n mappings={\n \"overwrite:statuscode\": \"204\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new()\n {\n ApiId = exampleAwsApigatewayv2Api.Id,\n CredentialsArn = exampleAwsIamRole.Arn,\n Description = \"Example with a load balancer\",\n IntegrationType = \"HTTP_PROXY\",\n IntegrationUri = exampleAwsLbListener.Arn,\n IntegrationMethod = \"ANY\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = exampleAwsApigatewayv2VpcLink.Id,\n TlsConfig = new Aws.ApiGatewayV2.Inputs.IntegrationTlsConfigArgs\n {\n ServerNameToVerify = \"example.com\",\n },\n RequestParameters = \n {\n { \"append:header.authforintegration\", \"$context.authorizer.authorizerResponse\" },\n { \"overwrite:path\", \"staticValueForIntegration\" },\n },\n ResponseParameters = new[]\n {\n new Aws.ApiGatewayV2.Inputs.IntegrationResponseParameterArgs\n {\n StatusCode = \"403\",\n Mappings = \n {\n { \"append:header.auth\", \"$context.authorizer.authorizerResponse\" },\n },\n },\n new Aws.ApiGatewayV2.Inputs.IntegrationResponseParameterArgs\n {\n StatusCode = \"200\",\n Mappings = \n {\n { \"overwrite:statuscode\", \"204\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", \u0026apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),\n\t\t\tCredentialsArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tDescription: pulumi.String(\"Example with a load balancer\"),\n\t\t\tIntegrationType: pulumi.String(\"HTTP_PROXY\"),\n\t\t\tIntegrationUri: pulumi.Any(exampleAwsLbListener.Arn),\n\t\t\tIntegrationMethod: pulumi.String(\"ANY\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: pulumi.Any(exampleAwsApigatewayv2VpcLink.Id),\n\t\t\tTlsConfig: \u0026apigatewayv2.IntegrationTlsConfigArgs{\n\t\t\t\tServerNameToVerify: pulumi.String(\"example.com\"),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"append:header.authforintegration\": pulumi.String(\"$context.authorizer.authorizerResponse\"),\n\t\t\t\t\"overwrite:path\": pulumi.String(\"staticValueForIntegration\"),\n\t\t\t},\n\t\t\tResponseParameters: apigatewayv2.IntegrationResponseParameterArray{\n\t\t\t\t\u0026apigatewayv2.IntegrationResponseParameterArgs{\n\t\t\t\t\tStatusCode: pulumi.String(\"403\"),\n\t\t\t\t\tMappings: pulumi.StringMap{\n\t\t\t\t\t\t\"append:header.auth\": pulumi.String(\"$context.authorizer.authorizerResponse\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026apigatewayv2.IntegrationResponseParameterArgs{\n\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\tMappings: pulumi.StringMap{\n\t\t\t\t\t\t\"overwrite:statuscode\": pulumi.String(\"204\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigatewayv2.Integration;\nimport com.pulumi.aws.apigatewayv2.IntegrationArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.IntegrationTlsConfigArgs;\nimport com.pulumi.aws.apigatewayv2.inputs.IntegrationResponseParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Integration(\"example\", IntegrationArgs.builder() \n .apiId(exampleAwsApigatewayv2Api.id())\n .credentialsArn(exampleAwsIamRole.arn())\n .description(\"Example with a load balancer\")\n .integrationType(\"HTTP_PROXY\")\n .integrationUri(exampleAwsLbListener.arn())\n .integrationMethod(\"ANY\")\n .connectionType(\"VPC_LINK\")\n .connectionId(exampleAwsApigatewayv2VpcLink.id())\n .tlsConfig(IntegrationTlsConfigArgs.builder()\n .serverNameToVerify(\"example.com\")\n .build())\n .requestParameters(Map.ofEntries(\n Map.entry(\"append:header.authforintegration\", \"$context.authorizer.authorizerResponse\"),\n Map.entry(\"overwrite:path\", \"staticValueForIntegration\")\n ))\n .responseParameters( \n IntegrationResponseParameterArgs.builder()\n .statusCode(403)\n .mappings(Map.of(\"append:header.auth\", \"$context.authorizer.authorizerResponse\"))\n .build(),\n IntegrationResponseParameterArgs.builder()\n .statusCode(200)\n .mappings(Map.of(\"overwrite:statuscode\", \"204\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:apigatewayv2:Integration\n properties:\n apiId: ${exampleAwsApigatewayv2Api.id}\n credentialsArn: ${exampleAwsIamRole.arn}\n description: Example with a load balancer\n integrationType: HTTP_PROXY\n integrationUri: ${exampleAwsLbListener.arn}\n integrationMethod: ANY\n connectionType: VPC_LINK\n connectionId: ${exampleAwsApigatewayv2VpcLink.id}\n tlsConfig:\n serverNameToVerify: example.com\n requestParameters:\n append:header.authforintegration: $context.authorizer.authorizerResponse\n overwrite:path: staticValueForIntegration\n responseParameters:\n - statusCode: 403\n mappings:\n append:header.auth: $context.authorizer.authorizerResponse\n - statusCode: 200\n mappings:\n overwrite:statuscode: '204'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_apigatewayv2_integration` using the API identifier and integration identifier. For example:\n\n```sh\n$ pulumi import aws:apigatewayv2/integration:Integration example aabbccddee/1122334\n```\n-\u003e __Note:__ The API Gateway managed integration created as part of [_quick_create_](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-basic-concept.html#apigateway-definition-quick-create) cannot be imported.\n\n", "properties": { "apiId": { "type": "string", @@ -163609,7 +163609,7 @@ } }, "aws:appconfig/extension:Extension": { - "description": "Provides an AppConfig Extension resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTopic = new aws.sns.Topic(\"test\", {name: \"test\"});\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"appconfig.amazonaws.com\"],\n }],\n }],\n});\nconst testRole = new aws.iam.Role(\"test\", {\n name: \"test\",\n assumeRolePolicy: test.then(test =\u003e test.json),\n});\nconst testExtension = new aws.appconfig.Extension(\"test\", {\n name: \"test\",\n description: \"test description\",\n actionPoints: [{\n point: \"ON_DEPLOYMENT_COMPLETE\",\n actions: [{\n name: \"test\",\n roleArn: testRole.arn,\n uri: testTopic.arn,\n }],\n }],\n tags: {\n Type: \"AppConfig Extension\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_topic = aws.sns.Topic(\"test\", name=\"test\")\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appconfig.amazonaws.com\"],\n )],\n)])\ntest_role = aws.iam.Role(\"test\",\n name=\"test\",\n assume_role_policy=test.json)\ntest_extension = aws.appconfig.Extension(\"test\",\n name=\"test\",\n description=\"test description\",\n action_points=[aws.appconfig.ExtensionActionPointArgs(\n point=\"ON_DEPLOYMENT_COMPLETE\",\n actions=[aws.appconfig.ExtensionActionPointActionArgs(\n name=\"test\",\n role_arn=test_role.arn,\n uri=test_topic.arn,\n )],\n )],\n tags={\n \"Type\": \"AppConfig Extension\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testTopic = new Aws.Sns.Topic(\"test\", new()\n {\n Name = \"test\",\n });\n\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appconfig.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test\", new()\n {\n Name = \"test\",\n AssumeRolePolicy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testExtension = new Aws.AppConfig.Extension(\"test\", new()\n {\n Name = \"test\",\n Description = \"test description\",\n ActionPoints = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointArgs\n {\n Point = \"ON_DEPLOYMENT_COMPLETE\",\n Actions = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointActionArgs\n {\n Name = \"test\",\n RoleArn = testRole.Arn,\n Uri = testTopic.Arn,\n },\n },\n },\n },\n Tags = \n {\n { \"Type\", \"AppConfig Extension\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTopic, err := sns.NewTopic(ctx, \"test\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appconfig.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(test.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appconfig.NewExtension(ctx, \"test\", \u0026appconfig.ExtensionArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"test description\"),\n\t\t\tActionPoints: appconfig.ExtensionActionPointArray{\n\t\t\t\t\u0026appconfig.ExtensionActionPointArgs{\n\t\t\t\t\tPoint: pulumi.String(\"ON_DEPLOYMENT_COMPLETE\"),\n\t\t\t\t\tActions: appconfig.ExtensionActionPointActionArray{\n\t\t\t\t\t\t\u0026appconfig.ExtensionActionPointActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"test\"),\n\t\t\t\t\t\t\tRoleArn: testRole.Arn,\n\t\t\t\t\t\t\tUri: testTopic.Arn,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Extension\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.appconfig.Extension;\nimport com.pulumi.aws.appconfig.ExtensionArgs;\nimport com.pulumi.aws.appconfig.inputs.ExtensionActionPointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testTopic = new Topic(\"testTopic\", TopicArgs.builder() \n .name(\"test\")\n .build());\n\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appconfig.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test\")\n .assumeRolePolicy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testExtension = new Extension(\"testExtension\", ExtensionArgs.builder() \n .name(\"test\")\n .description(\"test description\")\n .actionPoints(ExtensionActionPointArgs.builder()\n .point(\"ON_DEPLOYMENT_COMPLETE\")\n .actions(ExtensionActionPointActionArgs.builder()\n .name(\"test\")\n .roleArn(testRole.arn())\n .uri(testTopic.arn())\n .build())\n .build())\n .tags(Map.of(\"Type\", \"AppConfig Extension\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testTopic:\n type: aws:sns:Topic\n name: test\n properties:\n name: test\n testRole:\n type: aws:iam:Role\n name: test\n properties:\n name: test\n assumeRolePolicy: ${test.json}\n testExtension:\n type: aws:appconfig:Extension\n name: test\n properties:\n name: test\n description: test description\n actionPoints:\n - point: ON_DEPLOYMENT_COMPLETE\n actions:\n - name: test\n roleArn: ${testRole.arn}\n uri: ${testTopic.arn}\n tags:\n Type: AppConfig Extension\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - appconfig.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AppConfig Extensions using their extension ID. For example:\n\n```sh\n$ pulumi import aws:appconfig/extension:Extension example 71rxuzt\n```\n", + "description": "Provides an AppConfig Extension resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTopic = new aws.sns.Topic(\"test\", {name: \"test\"});\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"appconfig.amazonaws.com\"],\n }],\n }],\n});\nconst testRole = new aws.iam.Role(\"test\", {\n name: \"test\",\n assumeRolePolicy: test.then(test =\u003e test.json),\n});\nconst testExtension = new aws.appconfig.Extension(\"test\", {\n name: \"test\",\n description: \"test description\",\n actionPoints: [{\n point: \"ON_DEPLOYMENT_COMPLETE\",\n actions: [{\n name: \"test\",\n roleArn: testRole.arn,\n uri: testTopic.arn,\n }],\n }],\n tags: {\n Type: \"AppConfig Extension\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_topic = aws.sns.Topic(\"test\", name=\"test\")\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appconfig.amazonaws.com\"],\n )],\n)])\ntest_role = aws.iam.Role(\"test\",\n name=\"test\",\n assume_role_policy=test.json)\ntest_extension = aws.appconfig.Extension(\"test\",\n name=\"test\",\n description=\"test description\",\n action_points=[aws.appconfig.ExtensionActionPointArgs(\n point=\"ON_DEPLOYMENT_COMPLETE\",\n actions=[aws.appconfig.ExtensionActionPointActionArgs(\n name=\"test\",\n role_arn=test_role.arn,\n uri=test_topic.arn,\n )],\n )],\n tags={\n \"Type\": \"AppConfig Extension\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testTopic = new Aws.Sns.Topic(\"test\", new()\n {\n Name = \"test\",\n });\n\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appconfig.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test\", new()\n {\n Name = \"test\",\n AssumeRolePolicy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testExtension = new Aws.AppConfig.Extension(\"test\", new()\n {\n Name = \"test\",\n Description = \"test description\",\n ActionPoints = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointArgs\n {\n Point = \"ON_DEPLOYMENT_COMPLETE\",\n Actions = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointActionArgs\n {\n Name = \"test\",\n RoleArn = testRole.Arn,\n Uri = testTopic.Arn,\n },\n },\n },\n },\n Tags = \n {\n { \"Type\", \"AppConfig Extension\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTopic, err := sns.NewTopic(ctx, \"test\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appconfig.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tAssumeRolePolicy: pulumi.String(test.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appconfig.NewExtension(ctx, \"test\", \u0026appconfig.ExtensionArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"test description\"),\n\t\t\tActionPoints: appconfig.ExtensionActionPointArray{\n\t\t\t\t\u0026appconfig.ExtensionActionPointArgs{\n\t\t\t\t\tPoint: pulumi.String(\"ON_DEPLOYMENT_COMPLETE\"),\n\t\t\t\t\tActions: appconfig.ExtensionActionPointActionArray{\n\t\t\t\t\t\t\u0026appconfig.ExtensionActionPointActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"test\"),\n\t\t\t\t\t\t\tRoleArn: testRole.Arn,\n\t\t\t\t\t\t\tUri: testTopic.Arn,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Extension\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.appconfig.Extension;\nimport com.pulumi.aws.appconfig.ExtensionArgs;\nimport com.pulumi.aws.appconfig.inputs.ExtensionActionPointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testTopic = new Topic(\"testTopic\", TopicArgs.builder() \n .name(\"test\")\n .build());\n\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appconfig.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test\")\n .assumeRolePolicy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testExtension = new Extension(\"testExtension\", ExtensionArgs.builder() \n .name(\"test\")\n .description(\"test description\")\n .actionPoints(ExtensionActionPointArgs.builder()\n .point(\"ON_DEPLOYMENT_COMPLETE\")\n .actions(ExtensionActionPointActionArgs.builder()\n .name(\"test\")\n .roleArn(testRole.arn())\n .uri(testTopic.arn())\n .build())\n .build())\n .tags(Map.of(\"Type\", \"AppConfig Extension\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testTopic:\n type: aws:sns:Topic\n name: test\n properties:\n name: test\n testRole:\n type: aws:iam:Role\n name: test\n properties:\n name: test\n assumeRolePolicy: ${test.json}\n testExtension:\n type: aws:appconfig:Extension\n name: test\n properties:\n name: test\n description: test description\n actionPoints:\n - point: ON_DEPLOYMENT_COMPLETE\n actions:\n - name: test\n roleArn: ${testRole.arn}\n uri: ${testTopic.arn}\n tags:\n Type: AppConfig Extension\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - appconfig.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AppConfig Extensions using their extension ID. For example:\n\n```sh\n$ pulumi import aws:appconfig/extension:Extension example 71rxuzt\n```\n", "properties": { "actionPoints": { "type": "array", @@ -163753,7 +163753,7 @@ } }, "aws:appconfig/extensionAssociation:ExtensionAssociation": { - "description": "Associates an AppConfig Extension with a Resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTopic = new aws.sns.Topic(\"test\", {name: \"test\"});\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"appconfig.amazonaws.com\"],\n }],\n }],\n});\nconst testRole = new aws.iam.Role(\"test\", {\n name: \"test\",\n assumeRolePolicy: test.then(test =\u003e test.json),\n});\nconst testExtension = new aws.appconfig.Extension(\"test\", {\n name: \"test\",\n description: \"test description\",\n actionPoints: [{\n point: \"ON_DEPLOYMENT_COMPLETE\",\n actions: [{\n name: \"test\",\n roleArn: testRole.arn,\n uri: testTopic.arn,\n }],\n }],\n tags: {\n Type: \"AppConfig Extension\",\n },\n});\nconst testApplication = new aws.appconfig.Application(\"test\", {name: \"test\"});\nconst testExtensionAssociation = new aws.appconfig.ExtensionAssociation(\"test\", {\n extensionArn: testExtension.arn,\n resourceArn: testApplication.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_topic = aws.sns.Topic(\"test\", name=\"test\")\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appconfig.amazonaws.com\"],\n )],\n)])\ntest_role = aws.iam.Role(\"test\",\n name=\"test\",\n assume_role_policy=test.json)\ntest_extension = aws.appconfig.Extension(\"test\",\n name=\"test\",\n description=\"test description\",\n action_points=[aws.appconfig.ExtensionActionPointArgs(\n point=\"ON_DEPLOYMENT_COMPLETE\",\n actions=[aws.appconfig.ExtensionActionPointActionArgs(\n name=\"test\",\n role_arn=test_role.arn,\n uri=test_topic.arn,\n )],\n )],\n tags={\n \"Type\": \"AppConfig Extension\",\n })\ntest_application = aws.appconfig.Application(\"test\", name=\"test\")\ntest_extension_association = aws.appconfig.ExtensionAssociation(\"test\",\n extension_arn=test_extension.arn,\n resource_arn=test_application.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testTopic = new Aws.Sns.Topic(\"test\", new()\n {\n Name = \"test\",\n });\n\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appconfig.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test\", new()\n {\n Name = \"test\",\n AssumeRolePolicy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testExtension = new Aws.AppConfig.Extension(\"test\", new()\n {\n Name = \"test\",\n Description = \"test description\",\n ActionPoints = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointArgs\n {\n Point = \"ON_DEPLOYMENT_COMPLETE\",\n Actions = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointActionArgs\n {\n Name = \"test\",\n RoleArn = testRole.Arn,\n Uri = testTopic.Arn,\n },\n },\n },\n },\n Tags = \n {\n { \"Type\", \"AppConfig Extension\" },\n },\n });\n\n var testApplication = new Aws.AppConfig.Application(\"test\", new()\n {\n Name = \"test\",\n });\n\n var testExtensionAssociation = new Aws.AppConfig.ExtensionAssociation(\"test\", new()\n {\n ExtensionArn = testExtension.Arn,\n ResourceArn = testApplication.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTopic, err := sns.NewTopic(ctx, \"test\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appconfig.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(test.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestExtension, err := appconfig.NewExtension(ctx, \"test\", \u0026appconfig.ExtensionArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"test description\"),\n\t\t\tActionPoints: appconfig.ExtensionActionPointArray{\n\t\t\t\t\u0026appconfig.ExtensionActionPointArgs{\n\t\t\t\t\tPoint: pulumi.String(\"ON_DEPLOYMENT_COMPLETE\"),\n\t\t\t\t\tActions: appconfig.ExtensionActionPointActionArray{\n\t\t\t\t\t\t\u0026appconfig.ExtensionActionPointActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"test\"),\n\t\t\t\t\t\t\tRoleArn: testRole.Arn,\n\t\t\t\t\t\t\tUri: testTopic.Arn,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Extension\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestApplication, err := appconfig.NewApplication(ctx, \"test\", \u0026appconfig.ApplicationArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appconfig.NewExtensionAssociation(ctx, \"test\", \u0026appconfig.ExtensionAssociationArgs{\n\t\t\tExtensionArn: testExtension.Arn,\n\t\t\tResourceArn: testApplication.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.appconfig.Extension;\nimport com.pulumi.aws.appconfig.ExtensionArgs;\nimport com.pulumi.aws.appconfig.inputs.ExtensionActionPointArgs;\nimport com.pulumi.aws.appconfig.Application;\nimport com.pulumi.aws.appconfig.ApplicationArgs;\nimport com.pulumi.aws.appconfig.ExtensionAssociation;\nimport com.pulumi.aws.appconfig.ExtensionAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testTopic = new Topic(\"testTopic\", TopicArgs.builder() \n .name(\"test\")\n .build());\n\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appconfig.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test\")\n .assumeRolePolicy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testExtension = new Extension(\"testExtension\", ExtensionArgs.builder() \n .name(\"test\")\n .description(\"test description\")\n .actionPoints(ExtensionActionPointArgs.builder()\n .point(\"ON_DEPLOYMENT_COMPLETE\")\n .actions(ExtensionActionPointActionArgs.builder()\n .name(\"test\")\n .roleArn(testRole.arn())\n .uri(testTopic.arn())\n .build())\n .build())\n .tags(Map.of(\"Type\", \"AppConfig Extension\"))\n .build());\n\n var testApplication = new Application(\"testApplication\", ApplicationArgs.builder() \n .name(\"test\")\n .build());\n\n var testExtensionAssociation = new ExtensionAssociation(\"testExtensionAssociation\", ExtensionAssociationArgs.builder() \n .extensionArn(testExtension.arn())\n .resourceArn(testApplication.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testTopic:\n type: aws:sns:Topic\n name: test\n properties:\n name: test\n testRole:\n type: aws:iam:Role\n name: test\n properties:\n name: test\n assumeRolePolicy: ${test.json}\n testExtension:\n type: aws:appconfig:Extension\n name: test\n properties:\n name: test\n description: test description\n actionPoints:\n - point: ON_DEPLOYMENT_COMPLETE\n actions:\n - name: test\n roleArn: ${testRole.arn}\n uri: ${testTopic.arn}\n tags:\n Type: AppConfig Extension\n testApplication:\n type: aws:appconfig:Application\n name: test\n properties:\n name: test\n testExtensionAssociation:\n type: aws:appconfig:ExtensionAssociation\n name: test\n properties:\n extensionArn: ${testExtension.arn}\n resourceArn: ${testApplication.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - appconfig.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AppConfig Extension Associations using their extension association ID. For example:\n\n```sh\n$ pulumi import aws:appconfig/extensionAssociation:ExtensionAssociation example 71rxuzt\n```\n", + "description": "Associates an AppConfig Extension with a Resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTopic = new aws.sns.Topic(\"test\", {name: \"test\"});\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"appconfig.amazonaws.com\"],\n }],\n }],\n});\nconst testRole = new aws.iam.Role(\"test\", {\n name: \"test\",\n assumeRolePolicy: test.then(test =\u003e test.json),\n});\nconst testExtension = new aws.appconfig.Extension(\"test\", {\n name: \"test\",\n description: \"test description\",\n actionPoints: [{\n point: \"ON_DEPLOYMENT_COMPLETE\",\n actions: [{\n name: \"test\",\n roleArn: testRole.arn,\n uri: testTopic.arn,\n }],\n }],\n tags: {\n Type: \"AppConfig Extension\",\n },\n});\nconst testApplication = new aws.appconfig.Application(\"test\", {name: \"test\"});\nconst testExtensionAssociation = new aws.appconfig.ExtensionAssociation(\"test\", {\n extensionArn: testExtension.arn,\n resourceArn: testApplication.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_topic = aws.sns.Topic(\"test\", name=\"test\")\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appconfig.amazonaws.com\"],\n )],\n)])\ntest_role = aws.iam.Role(\"test\",\n name=\"test\",\n assume_role_policy=test.json)\ntest_extension = aws.appconfig.Extension(\"test\",\n name=\"test\",\n description=\"test description\",\n action_points=[aws.appconfig.ExtensionActionPointArgs(\n point=\"ON_DEPLOYMENT_COMPLETE\",\n actions=[aws.appconfig.ExtensionActionPointActionArgs(\n name=\"test\",\n role_arn=test_role.arn,\n uri=test_topic.arn,\n )],\n )],\n tags={\n \"Type\": \"AppConfig Extension\",\n })\ntest_application = aws.appconfig.Application(\"test\", name=\"test\")\ntest_extension_association = aws.appconfig.ExtensionAssociation(\"test\",\n extension_arn=test_extension.arn,\n resource_arn=test_application.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testTopic = new Aws.Sns.Topic(\"test\", new()\n {\n Name = \"test\",\n });\n\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appconfig.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test\", new()\n {\n Name = \"test\",\n AssumeRolePolicy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testExtension = new Aws.AppConfig.Extension(\"test\", new()\n {\n Name = \"test\",\n Description = \"test description\",\n ActionPoints = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointArgs\n {\n Point = \"ON_DEPLOYMENT_COMPLETE\",\n Actions = new[]\n {\n new Aws.AppConfig.Inputs.ExtensionActionPointActionArgs\n {\n Name = \"test\",\n RoleArn = testRole.Arn,\n Uri = testTopic.Arn,\n },\n },\n },\n },\n Tags = \n {\n { \"Type\", \"AppConfig Extension\" },\n },\n });\n\n var testApplication = new Aws.AppConfig.Application(\"test\", new()\n {\n Name = \"test\",\n });\n\n var testExtensionAssociation = new Aws.AppConfig.ExtensionAssociation(\"test\", new()\n {\n ExtensionArn = testExtension.Arn,\n ResourceArn = testApplication.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTopic, err := sns.NewTopic(ctx, \"test\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appconfig.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tAssumeRolePolicy: pulumi.String(test.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestExtension, err := appconfig.NewExtension(ctx, \"test\", \u0026appconfig.ExtensionArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDescription: pulumi.String(\"test description\"),\n\t\t\tActionPoints: appconfig.ExtensionActionPointArray{\n\t\t\t\t\u0026appconfig.ExtensionActionPointArgs{\n\t\t\t\t\tPoint: pulumi.String(\"ON_DEPLOYMENT_COMPLETE\"),\n\t\t\t\t\tActions: appconfig.ExtensionActionPointActionArray{\n\t\t\t\t\t\t\u0026appconfig.ExtensionActionPointActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"test\"),\n\t\t\t\t\t\t\tRoleArn: testRole.Arn,\n\t\t\t\t\t\t\tUri: testTopic.Arn,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Extension\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestApplication, err := appconfig.NewApplication(ctx, \"test\", \u0026appconfig.ApplicationArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appconfig.NewExtensionAssociation(ctx, \"test\", \u0026appconfig.ExtensionAssociationArgs{\n\t\t\tExtensionArn: testExtension.Arn,\n\t\t\tResourceArn: testApplication.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.appconfig.Extension;\nimport com.pulumi.aws.appconfig.ExtensionArgs;\nimport com.pulumi.aws.appconfig.inputs.ExtensionActionPointArgs;\nimport com.pulumi.aws.appconfig.Application;\nimport com.pulumi.aws.appconfig.ApplicationArgs;\nimport com.pulumi.aws.appconfig.ExtensionAssociation;\nimport com.pulumi.aws.appconfig.ExtensionAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testTopic = new Topic(\"testTopic\", TopicArgs.builder() \n .name(\"test\")\n .build());\n\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appconfig.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test\")\n .assumeRolePolicy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testExtension = new Extension(\"testExtension\", ExtensionArgs.builder() \n .name(\"test\")\n .description(\"test description\")\n .actionPoints(ExtensionActionPointArgs.builder()\n .point(\"ON_DEPLOYMENT_COMPLETE\")\n .actions(ExtensionActionPointActionArgs.builder()\n .name(\"test\")\n .roleArn(testRole.arn())\n .uri(testTopic.arn())\n .build())\n .build())\n .tags(Map.of(\"Type\", \"AppConfig Extension\"))\n .build());\n\n var testApplication = new Application(\"testApplication\", ApplicationArgs.builder() \n .name(\"test\")\n .build());\n\n var testExtensionAssociation = new ExtensionAssociation(\"testExtensionAssociation\", ExtensionAssociationArgs.builder() \n .extensionArn(testExtension.arn())\n .resourceArn(testApplication.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testTopic:\n type: aws:sns:Topic\n name: test\n properties:\n name: test\n testRole:\n type: aws:iam:Role\n name: test\n properties:\n name: test\n assumeRolePolicy: ${test.json}\n testExtension:\n type: aws:appconfig:Extension\n name: test\n properties:\n name: test\n description: test description\n actionPoints:\n - point: ON_DEPLOYMENT_COMPLETE\n actions:\n - name: test\n roleArn: ${testRole.arn}\n uri: ${testTopic.arn}\n tags:\n Type: AppConfig Extension\n testApplication:\n type: aws:appconfig:Application\n name: test\n properties:\n name: test\n testExtensionAssociation:\n type: aws:appconfig:ExtensionAssociation\n name: test\n properties:\n extensionArn: ${testExtension.arn}\n resourceArn: ${testApplication.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - appconfig.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AppConfig Extension Associations using their extension association ID. For example:\n\n```sh\n$ pulumi import aws:appconfig/extensionAssociation:ExtensionAssociation example 71rxuzt\n```\n", "properties": { "arn": { "type": "string", @@ -164077,7 +164077,7 @@ } }, "aws:appflow/flow:Flow": { - "description": "Provides an AppFlow flow resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSourceBucketV2 = new aws.s3.BucketV2(\"example_source\", {bucket: \"example-source\"});\nconst exampleSource = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowAppFlowSourceActions\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"appflow.amazonaws.com\"],\n }],\n actions: [\n \"s3:ListBucket\",\n \"s3:GetObject\",\n ],\n resources: [\n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\",\n ],\n }],\n});\nconst exampleSourceBucketPolicy = new aws.s3.BucketPolicy(\"example_source\", {\n bucket: exampleSourceBucketV2.id,\n policy: exampleSource.then(exampleSource =\u003e exampleSource.json),\n});\nconst example = new aws.s3.BucketObjectv2(\"example\", {\n bucket: exampleSourceBucketV2.id,\n key: \"example_source.csv\",\n source: new pulumi.asset.FileAsset(\"example_source.csv\"),\n});\nconst exampleDestinationBucketV2 = new aws.s3.BucketV2(\"example_destination\", {bucket: \"example-destination\"});\nconst exampleDestination = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowAppFlowDestinationActions\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"appflow.amazonaws.com\"],\n }],\n actions: [\n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\",\n ],\n resources: [\n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\",\n ],\n }],\n});\nconst exampleDestinationBucketPolicy = new aws.s3.BucketPolicy(\"example_destination\", {\n bucket: exampleDestinationBucketV2.id,\n policy: exampleDestination.then(exampleDestination =\u003e exampleDestination.json),\n});\nconst exampleFlow = new aws.appflow.Flow(\"example\", {\n name: \"example\",\n sourceFlowConfig: {\n connectorType: \"S3\",\n sourceConnectorProperties: {\n s3: {\n bucketName: exampleSourceBucketPolicy.bucket,\n bucketPrefix: \"example\",\n },\n },\n },\n destinationFlowConfigs: [{\n connectorType: \"S3\",\n destinationConnectorProperties: {\n s3: {\n bucketName: exampleDestinationBucketPolicy.bucket,\n s3OutputFormatConfig: {\n prefixConfig: {\n prefixType: \"PATH\",\n },\n },\n },\n },\n }],\n tasks: [{\n sourceFields: [\"exampleField\"],\n destinationField: \"exampleField\",\n taskType: \"Map\",\n connectorOperators: [{\n s3: \"NO_OP\",\n }],\n }],\n triggerConfig: {\n triggerType: \"OnDemand\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_source_bucket_v2 = aws.s3.BucketV2(\"example_source\", bucket=\"example-source\")\nexample_source = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowAppFlowSourceActions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appflow.amazonaws.com\"],\n )],\n actions=[\n \"s3:ListBucket\",\n \"s3:GetObject\",\n ],\n resources=[\n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\",\n ],\n)])\nexample_source_bucket_policy = aws.s3.BucketPolicy(\"example_source\",\n bucket=example_source_bucket_v2.id,\n policy=example_source.json)\nexample = aws.s3.BucketObjectv2(\"example\",\n bucket=example_source_bucket_v2.id,\n key=\"example_source.csv\",\n source=pulumi.FileAsset(\"example_source.csv\"))\nexample_destination_bucket_v2 = aws.s3.BucketV2(\"example_destination\", bucket=\"example-destination\")\nexample_destination = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowAppFlowDestinationActions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appflow.amazonaws.com\"],\n )],\n actions=[\n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\",\n ],\n resources=[\n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\",\n ],\n)])\nexample_destination_bucket_policy = aws.s3.BucketPolicy(\"example_destination\",\n bucket=example_destination_bucket_v2.id,\n policy=example_destination.json)\nexample_flow = aws.appflow.Flow(\"example\",\n name=\"example\",\n source_flow_config=aws.appflow.FlowSourceFlowConfigArgs(\n connector_type=\"S3\",\n source_connector_properties=aws.appflow.FlowSourceFlowConfigSourceConnectorPropertiesArgs(\n s3=aws.appflow.FlowSourceFlowConfigSourceConnectorPropertiesS3Args(\n bucket_name=example_source_bucket_policy.bucket,\n bucket_prefix=\"example\",\n ),\n ),\n ),\n destination_flow_configs=[aws.appflow.FlowDestinationFlowConfigArgs(\n connector_type=\"S3\",\n destination_connector_properties=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs(\n s3=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args(\n bucket_name=example_destination_bucket_policy.bucket,\n s3_output_format_config=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs(\n prefix_config=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs(\n prefix_type=\"PATH\",\n ),\n ),\n ),\n ),\n )],\n tasks=[aws.appflow.FlowTaskArgs(\n source_fields=[\"exampleField\"],\n destination_field=\"exampleField\",\n task_type=\"Map\",\n connector_operators=[aws.appflow.FlowTaskConnectorOperatorArgs(\n s3=\"NO_OP\",\n )],\n )],\n trigger_config=aws.appflow.FlowTriggerConfigArgs(\n trigger_type=\"OnDemand\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSourceBucketV2 = new Aws.S3.BucketV2(\"example_source\", new()\n {\n Bucket = \"example-source\",\n });\n\n var exampleSource = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowAppFlowSourceActions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appflow.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:ListBucket\",\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\",\n },\n },\n },\n });\n\n var exampleSourceBucketPolicy = new Aws.S3.BucketPolicy(\"example_source\", new()\n {\n Bucket = exampleSourceBucketV2.Id,\n Policy = exampleSource.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.S3.BucketObjectv2(\"example\", new()\n {\n Bucket = exampleSourceBucketV2.Id,\n Key = \"example_source.csv\",\n Source = new FileAsset(\"example_source.csv\"),\n });\n\n var exampleDestinationBucketV2 = new Aws.S3.BucketV2(\"example_destination\", new()\n {\n Bucket = \"example-destination\",\n });\n\n var exampleDestination = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowAppFlowDestinationActions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appflow.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\",\n },\n },\n },\n });\n\n var exampleDestinationBucketPolicy = new Aws.S3.BucketPolicy(\"example_destination\", new()\n {\n Bucket = exampleDestinationBucketV2.Id,\n Policy = exampleDestination.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleFlow = new Aws.AppFlow.Flow(\"example\", new()\n {\n Name = \"example\",\n SourceFlowConfig = new Aws.AppFlow.Inputs.FlowSourceFlowConfigArgs\n {\n ConnectorType = \"S3\",\n SourceConnectorProperties = new Aws.AppFlow.Inputs.FlowSourceFlowConfigSourceConnectorPropertiesArgs\n {\n S3 = new Aws.AppFlow.Inputs.FlowSourceFlowConfigSourceConnectorPropertiesS3Args\n {\n BucketName = exampleSourceBucketPolicy.Bucket,\n BucketPrefix = \"example\",\n },\n },\n },\n DestinationFlowConfigs = new[]\n {\n new Aws.AppFlow.Inputs.FlowDestinationFlowConfigArgs\n {\n ConnectorType = \"S3\",\n DestinationConnectorProperties = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs\n {\n S3 = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args\n {\n BucketName = exampleDestinationBucketPolicy.Bucket,\n S3OutputFormatConfig = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs\n {\n PrefixConfig = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs\n {\n PrefixType = \"PATH\",\n },\n },\n },\n },\n },\n },\n Tasks = new[]\n {\n new Aws.AppFlow.Inputs.FlowTaskArgs\n {\n SourceFields = new[]\n {\n \"exampleField\",\n },\n DestinationField = \"exampleField\",\n TaskType = \"Map\",\n ConnectorOperators = new[]\n {\n new Aws.AppFlow.Inputs.FlowTaskConnectorOperatorArgs\n {\n S3 = \"NO_OP\",\n },\n },\n },\n },\n TriggerConfig = new Aws.AppFlow.Inputs.FlowTriggerConfigArgs\n {\n TriggerType = \"OnDemand\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appflow\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSourceBucketV2, err := s3.NewBucketV2(ctx, \"example_source\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-source\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowAppFlowSourceActions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appflow.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::example-source\",\n\t\t\t\t\t\t\"arn:aws:s3:::example-source/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSourceBucketPolicy, err := s3.NewBucketPolicy(ctx, \"example_source\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: exampleSourceBucketV2.ID(),\n\t\t\tPolicy: *pulumi.String(exampleSource.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObjectv2(ctx, \"example\", \u0026s3.BucketObjectv2Args{\n\t\t\tBucket: exampleSourceBucketV2.ID(),\n\t\t\tKey: pulumi.String(\"example_source.csv\"),\n\t\t\tSource: pulumi.NewFileAsset(\"example_source.csv\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDestinationBucketV2, err := s3.NewBucketV2(ctx, \"example_destination\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-destination\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDestination, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowAppFlowDestinationActions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appflow.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\t\t\"s3:AbortMultipartUpload\",\n\t\t\t\t\t\t\"s3:ListMultipartUploadParts\",\n\t\t\t\t\t\t\"s3:ListBucketMultipartUploads\",\n\t\t\t\t\t\t\"s3:GetBucketAcl\",\n\t\t\t\t\t\t\"s3:PutObjectAcl\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::example-destination\",\n\t\t\t\t\t\t\"arn:aws:s3:::example-destination/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDestinationBucketPolicy, err := s3.NewBucketPolicy(ctx, \"example_destination\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: exampleDestinationBucketV2.ID(),\n\t\t\tPolicy: *pulumi.String(exampleDestination.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appflow.NewFlow(ctx, \"example\", \u0026appflow.FlowArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tSourceFlowConfig: \u0026appflow.FlowSourceFlowConfigArgs{\n\t\t\t\tConnectorType: pulumi.String(\"S3\"),\n\t\t\t\tSourceConnectorProperties: \u0026appflow.FlowSourceFlowConfigSourceConnectorPropertiesArgs{\n\t\t\t\t\tS3: \u0026appflow.FlowSourceFlowConfigSourceConnectorPropertiesS3Args{\n\t\t\t\t\t\tBucketName: exampleSourceBucketPolicy.Bucket,\n\t\t\t\t\t\tBucketPrefix: pulumi.String(\"example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationFlowConfigs: appflow.FlowDestinationFlowConfigArray{\n\t\t\t\t\u0026appflow.FlowDestinationFlowConfigArgs{\n\t\t\t\t\tConnectorType: pulumi.String(\"S3\"),\n\t\t\t\t\tDestinationConnectorProperties: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs{\n\t\t\t\t\t\tS3: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args{\n\t\t\t\t\t\t\tBucketName: exampleDestinationBucketPolicy.Bucket,\n\t\t\t\t\t\t\tS3OutputFormatConfig: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs{\n\t\t\t\t\t\t\t\tPrefixConfig: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs{\n\t\t\t\t\t\t\t\t\tPrefixType: pulumi.String(\"PATH\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTasks: appflow.FlowTaskArray{\n\t\t\t\t\u0026appflow.FlowTaskArgs{\n\t\t\t\t\tSourceFields: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"exampleField\"),\n\t\t\t\t\t},\n\t\t\t\t\tDestinationField: pulumi.String(\"exampleField\"),\n\t\t\t\t\tTaskType: pulumi.String(\"Map\"),\n\t\t\t\t\tConnectorOperators: appflow.FlowTaskConnectorOperatorArray{\n\t\t\t\t\t\t\u0026appflow.FlowTaskConnectorOperatorArgs{\n\t\t\t\t\t\t\tS3: pulumi.String(\"NO_OP\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTriggerConfig: \u0026appflow.FlowTriggerConfigArgs{\n\t\t\t\tTriggerType: pulumi.String(\"OnDemand\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.s3.BucketObjectv2;\nimport com.pulumi.aws.s3.BucketObjectv2Args;\nimport com.pulumi.aws.appflow.Flow;\nimport com.pulumi.aws.appflow.FlowArgs;\nimport com.pulumi.aws.appflow.inputs.FlowSourceFlowConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowSourceFlowConfigSourceConnectorPropertiesArgs;\nimport com.pulumi.aws.appflow.inputs.FlowSourceFlowConfigSourceConnectorPropertiesS3Args;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowTaskArgs;\nimport com.pulumi.aws.appflow.inputs.FlowTriggerConfigArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSourceBucketV2 = new BucketV2(\"exampleSourceBucketV2\", BucketV2Args.builder() \n .bucket(\"example-source\")\n .build());\n\n final var exampleSource = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowAppFlowSourceActions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appflow.amazonaws.com\")\n .build())\n .actions( \n \"s3:ListBucket\",\n \"s3:GetObject\")\n .resources( \n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\")\n .build())\n .build());\n\n var exampleSourceBucketPolicy = new BucketPolicy(\"exampleSourceBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(exampleSourceBucketV2.id())\n .policy(exampleSource.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new BucketObjectv2(\"example\", BucketObjectv2Args.builder() \n .bucket(exampleSourceBucketV2.id())\n .key(\"example_source.csv\")\n .source(new FileAsset(\"example_source.csv\"))\n .build());\n\n var exampleDestinationBucketV2 = new BucketV2(\"exampleDestinationBucketV2\", BucketV2Args.builder() \n .bucket(\"example-destination\")\n .build());\n\n final var exampleDestination = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowAppFlowDestinationActions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appflow.amazonaws.com\")\n .build())\n .actions( \n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\")\n .resources( \n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\")\n .build())\n .build());\n\n var exampleDestinationBucketPolicy = new BucketPolicy(\"exampleDestinationBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(exampleDestinationBucketV2.id())\n .policy(exampleDestination.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleFlow = new Flow(\"exampleFlow\", FlowArgs.builder() \n .name(\"example\")\n .sourceFlowConfig(FlowSourceFlowConfigArgs.builder()\n .connectorType(\"S3\")\n .sourceConnectorProperties(FlowSourceFlowConfigSourceConnectorPropertiesArgs.builder()\n .s3(FlowSourceFlowConfigSourceConnectorPropertiesS3Args.builder()\n .bucketName(exampleSourceBucketPolicy.bucket())\n .bucketPrefix(\"example\")\n .build())\n .build())\n .build())\n .destinationFlowConfigs(FlowDestinationFlowConfigArgs.builder()\n .connectorType(\"S3\")\n .destinationConnectorProperties(FlowDestinationFlowConfigDestinationConnectorPropertiesArgs.builder()\n .s3(FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args.builder()\n .bucketName(exampleDestinationBucketPolicy.bucket())\n .s3OutputFormatConfig(FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs.builder()\n .prefixConfig(FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs.builder()\n .prefixType(\"PATH\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .tasks(FlowTaskArgs.builder()\n .sourceFields(\"exampleField\")\n .destinationField(\"exampleField\")\n .taskType(\"Map\")\n .connectorOperators(FlowTaskConnectorOperatorArgs.builder()\n .s3(\"NO_OP\")\n .build())\n .build())\n .triggerConfig(FlowTriggerConfigArgs.builder()\n .triggerType(\"OnDemand\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSourceBucketV2:\n type: aws:s3:BucketV2\n name: example_source\n properties:\n bucket: example-source\n exampleSourceBucketPolicy:\n type: aws:s3:BucketPolicy\n name: example_source\n properties:\n bucket: ${exampleSourceBucketV2.id}\n policy: ${exampleSource.json}\n example:\n type: aws:s3:BucketObjectv2\n properties:\n bucket: ${exampleSourceBucketV2.id}\n key: example_source.csv\n source:\n fn::FileAsset: example_source.csv\n exampleDestinationBucketV2:\n type: aws:s3:BucketV2\n name: example_destination\n properties:\n bucket: example-destination\n exampleDestinationBucketPolicy:\n type: aws:s3:BucketPolicy\n name: example_destination\n properties:\n bucket: ${exampleDestinationBucketV2.id}\n policy: ${exampleDestination.json}\n exampleFlow:\n type: aws:appflow:Flow\n name: example\n properties:\n name: example\n sourceFlowConfig:\n connectorType: S3\n sourceConnectorProperties:\n s3:\n bucketName: ${exampleSourceBucketPolicy.bucket}\n bucketPrefix: example\n destinationFlowConfigs:\n - connectorType: S3\n destinationConnectorProperties:\n s3:\n bucketName: ${exampleDestinationBucketPolicy.bucket}\n s3OutputFormatConfig:\n prefixConfig:\n prefixType: PATH\n tasks:\n - sourceFields:\n - exampleField\n destinationField: exampleField\n taskType: Map\n connectorOperators:\n - s3: NO_OP\n triggerConfig:\n triggerType: OnDemand\nvariables:\n exampleSource:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowAppFlowSourceActions\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - appflow.amazonaws.com\n actions:\n - s3:ListBucket\n - s3:GetObject\n resources:\n - arn:aws:s3:::example-source\n - arn:aws:s3:::example-source/*\n exampleDestination:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowAppFlowDestinationActions\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - appflow.amazonaws.com\n actions:\n - s3:PutObject\n - s3:AbortMultipartUpload\n - s3:ListMultipartUploadParts\n - s3:ListBucketMultipartUploads\n - s3:GetBucketAcl\n - s3:PutObjectAcl\n resources:\n - arn:aws:s3:::example-destination\n - arn:aws:s3:::example-destination/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AppFlow flows using the `arn`. For example:\n\n```sh\n$ pulumi import aws:appflow/flow:Flow example arn:aws:appflow:us-west-2:123456789012:flow/example-flow\n```\n", + "description": "Provides an AppFlow flow resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSourceBucketV2 = new aws.s3.BucketV2(\"example_source\", {bucket: \"example-source\"});\nconst exampleSource = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowAppFlowSourceActions\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"appflow.amazonaws.com\"],\n }],\n actions: [\n \"s3:ListBucket\",\n \"s3:GetObject\",\n ],\n resources: [\n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\",\n ],\n }],\n});\nconst exampleSourceBucketPolicy = new aws.s3.BucketPolicy(\"example_source\", {\n bucket: exampleSourceBucketV2.id,\n policy: exampleSource.then(exampleSource =\u003e exampleSource.json),\n});\nconst example = new aws.s3.BucketObjectv2(\"example\", {\n bucket: exampleSourceBucketV2.id,\n key: \"example_source.csv\",\n source: new pulumi.asset.FileAsset(\"example_source.csv\"),\n});\nconst exampleDestinationBucketV2 = new aws.s3.BucketV2(\"example_destination\", {bucket: \"example-destination\"});\nconst exampleDestination = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowAppFlowDestinationActions\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"appflow.amazonaws.com\"],\n }],\n actions: [\n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\",\n ],\n resources: [\n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\",\n ],\n }],\n});\nconst exampleDestinationBucketPolicy = new aws.s3.BucketPolicy(\"example_destination\", {\n bucket: exampleDestinationBucketV2.id,\n policy: exampleDestination.then(exampleDestination =\u003e exampleDestination.json),\n});\nconst exampleFlow = new aws.appflow.Flow(\"example\", {\n name: \"example\",\n sourceFlowConfig: {\n connectorType: \"S3\",\n sourceConnectorProperties: {\n s3: {\n bucketName: exampleSourceBucketPolicy.bucket,\n bucketPrefix: \"example\",\n },\n },\n },\n destinationFlowConfigs: [{\n connectorType: \"S3\",\n destinationConnectorProperties: {\n s3: {\n bucketName: exampleDestinationBucketPolicy.bucket,\n s3OutputFormatConfig: {\n prefixConfig: {\n prefixType: \"PATH\",\n },\n },\n },\n },\n }],\n tasks: [{\n sourceFields: [\"exampleField\"],\n destinationField: \"exampleField\",\n taskType: \"Map\",\n connectorOperators: [{\n s3: \"NO_OP\",\n }],\n }],\n triggerConfig: {\n triggerType: \"OnDemand\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_source_bucket_v2 = aws.s3.BucketV2(\"example_source\", bucket=\"example-source\")\nexample_source = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowAppFlowSourceActions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appflow.amazonaws.com\"],\n )],\n actions=[\n \"s3:ListBucket\",\n \"s3:GetObject\",\n ],\n resources=[\n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\",\n ],\n)])\nexample_source_bucket_policy = aws.s3.BucketPolicy(\"example_source\",\n bucket=example_source_bucket_v2.id,\n policy=example_source.json)\nexample = aws.s3.BucketObjectv2(\"example\",\n bucket=example_source_bucket_v2.id,\n key=\"example_source.csv\",\n source=pulumi.FileAsset(\"example_source.csv\"))\nexample_destination_bucket_v2 = aws.s3.BucketV2(\"example_destination\", bucket=\"example-destination\")\nexample_destination = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowAppFlowDestinationActions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appflow.amazonaws.com\"],\n )],\n actions=[\n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\",\n ],\n resources=[\n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\",\n ],\n)])\nexample_destination_bucket_policy = aws.s3.BucketPolicy(\"example_destination\",\n bucket=example_destination_bucket_v2.id,\n policy=example_destination.json)\nexample_flow = aws.appflow.Flow(\"example\",\n name=\"example\",\n source_flow_config=aws.appflow.FlowSourceFlowConfigArgs(\n connector_type=\"S3\",\n source_connector_properties=aws.appflow.FlowSourceFlowConfigSourceConnectorPropertiesArgs(\n s3=aws.appflow.FlowSourceFlowConfigSourceConnectorPropertiesS3Args(\n bucket_name=example_source_bucket_policy.bucket,\n bucket_prefix=\"example\",\n ),\n ),\n ),\n destination_flow_configs=[aws.appflow.FlowDestinationFlowConfigArgs(\n connector_type=\"S3\",\n destination_connector_properties=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs(\n s3=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args(\n bucket_name=example_destination_bucket_policy.bucket,\n s3_output_format_config=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs(\n prefix_config=aws.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs(\n prefix_type=\"PATH\",\n ),\n ),\n ),\n ),\n )],\n tasks=[aws.appflow.FlowTaskArgs(\n source_fields=[\"exampleField\"],\n destination_field=\"exampleField\",\n task_type=\"Map\",\n connector_operators=[aws.appflow.FlowTaskConnectorOperatorArgs(\n s3=\"NO_OP\",\n )],\n )],\n trigger_config=aws.appflow.FlowTriggerConfigArgs(\n trigger_type=\"OnDemand\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSourceBucketV2 = new Aws.S3.BucketV2(\"example_source\", new()\n {\n Bucket = \"example-source\",\n });\n\n var exampleSource = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowAppFlowSourceActions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appflow.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:ListBucket\",\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\",\n },\n },\n },\n });\n\n var exampleSourceBucketPolicy = new Aws.S3.BucketPolicy(\"example_source\", new()\n {\n Bucket = exampleSourceBucketV2.Id,\n Policy = exampleSource.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.S3.BucketObjectv2(\"example\", new()\n {\n Bucket = exampleSourceBucketV2.Id,\n Key = \"example_source.csv\",\n Source = new FileAsset(\"example_source.csv\"),\n });\n\n var exampleDestinationBucketV2 = new Aws.S3.BucketV2(\"example_destination\", new()\n {\n Bucket = \"example-destination\",\n });\n\n var exampleDestination = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowAppFlowDestinationActions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appflow.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\",\n },\n },\n },\n });\n\n var exampleDestinationBucketPolicy = new Aws.S3.BucketPolicy(\"example_destination\", new()\n {\n Bucket = exampleDestinationBucketV2.Id,\n Policy = exampleDestination.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleFlow = new Aws.AppFlow.Flow(\"example\", new()\n {\n Name = \"example\",\n SourceFlowConfig = new Aws.AppFlow.Inputs.FlowSourceFlowConfigArgs\n {\n ConnectorType = \"S3\",\n SourceConnectorProperties = new Aws.AppFlow.Inputs.FlowSourceFlowConfigSourceConnectorPropertiesArgs\n {\n S3 = new Aws.AppFlow.Inputs.FlowSourceFlowConfigSourceConnectorPropertiesS3Args\n {\n BucketName = exampleSourceBucketPolicy.Bucket,\n BucketPrefix = \"example\",\n },\n },\n },\n DestinationFlowConfigs = new[]\n {\n new Aws.AppFlow.Inputs.FlowDestinationFlowConfigArgs\n {\n ConnectorType = \"S3\",\n DestinationConnectorProperties = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs\n {\n S3 = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args\n {\n BucketName = exampleDestinationBucketPolicy.Bucket,\n S3OutputFormatConfig = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs\n {\n PrefixConfig = new Aws.AppFlow.Inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs\n {\n PrefixType = \"PATH\",\n },\n },\n },\n },\n },\n },\n Tasks = new[]\n {\n new Aws.AppFlow.Inputs.FlowTaskArgs\n {\n SourceFields = new[]\n {\n \"exampleField\",\n },\n DestinationField = \"exampleField\",\n TaskType = \"Map\",\n ConnectorOperators = new[]\n {\n new Aws.AppFlow.Inputs.FlowTaskConnectorOperatorArgs\n {\n S3 = \"NO_OP\",\n },\n },\n },\n },\n TriggerConfig = new Aws.AppFlow.Inputs.FlowTriggerConfigArgs\n {\n TriggerType = \"OnDemand\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appflow\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSourceBucketV2, err := s3.NewBucketV2(ctx, \"example_source\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-source\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowAppFlowSourceActions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appflow.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::example-source\",\n\t\t\t\t\t\t\"arn:aws:s3:::example-source/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSourceBucketPolicy, err := s3.NewBucketPolicy(ctx, \"example_source\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: exampleSourceBucketV2.ID(),\n\t\t\tPolicy: pulumi.String(exampleSource.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObjectv2(ctx, \"example\", \u0026s3.BucketObjectv2Args{\n\t\t\tBucket: exampleSourceBucketV2.ID(),\n\t\t\tKey: pulumi.String(\"example_source.csv\"),\n\t\t\tSource: pulumi.NewFileAsset(\"example_source.csv\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDestinationBucketV2, err := s3.NewBucketV2(ctx, \"example_destination\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-destination\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDestination, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowAppFlowDestinationActions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appflow.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\t\t\"s3:AbortMultipartUpload\",\n\t\t\t\t\t\t\"s3:ListMultipartUploadParts\",\n\t\t\t\t\t\t\"s3:ListBucketMultipartUploads\",\n\t\t\t\t\t\t\"s3:GetBucketAcl\",\n\t\t\t\t\t\t\"s3:PutObjectAcl\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::example-destination\",\n\t\t\t\t\t\t\"arn:aws:s3:::example-destination/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDestinationBucketPolicy, err := s3.NewBucketPolicy(ctx, \"example_destination\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: exampleDestinationBucketV2.ID(),\n\t\t\tPolicy: pulumi.String(exampleDestination.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appflow.NewFlow(ctx, \"example\", \u0026appflow.FlowArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tSourceFlowConfig: \u0026appflow.FlowSourceFlowConfigArgs{\n\t\t\t\tConnectorType: pulumi.String(\"S3\"),\n\t\t\t\tSourceConnectorProperties: \u0026appflow.FlowSourceFlowConfigSourceConnectorPropertiesArgs{\n\t\t\t\t\tS3: \u0026appflow.FlowSourceFlowConfigSourceConnectorPropertiesS3Args{\n\t\t\t\t\t\tBucketName: exampleSourceBucketPolicy.Bucket,\n\t\t\t\t\t\tBucketPrefix: pulumi.String(\"example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestinationFlowConfigs: appflow.FlowDestinationFlowConfigArray{\n\t\t\t\t\u0026appflow.FlowDestinationFlowConfigArgs{\n\t\t\t\t\tConnectorType: pulumi.String(\"S3\"),\n\t\t\t\t\tDestinationConnectorProperties: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs{\n\t\t\t\t\t\tS3: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args{\n\t\t\t\t\t\t\tBucketName: exampleDestinationBucketPolicy.Bucket,\n\t\t\t\t\t\t\tS3OutputFormatConfig: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs{\n\t\t\t\t\t\t\t\tPrefixConfig: \u0026appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs{\n\t\t\t\t\t\t\t\t\tPrefixType: pulumi.String(\"PATH\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTasks: appflow.FlowTaskArray{\n\t\t\t\t\u0026appflow.FlowTaskArgs{\n\t\t\t\t\tSourceFields: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"exampleField\"),\n\t\t\t\t\t},\n\t\t\t\t\tDestinationField: pulumi.String(\"exampleField\"),\n\t\t\t\t\tTaskType: pulumi.String(\"Map\"),\n\t\t\t\t\tConnectorOperators: appflow.FlowTaskConnectorOperatorArray{\n\t\t\t\t\t\t\u0026appflow.FlowTaskConnectorOperatorArgs{\n\t\t\t\t\t\t\tS3: pulumi.String(\"NO_OP\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTriggerConfig: \u0026appflow.FlowTriggerConfigArgs{\n\t\t\t\tTriggerType: pulumi.String(\"OnDemand\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.s3.BucketObjectv2;\nimport com.pulumi.aws.s3.BucketObjectv2Args;\nimport com.pulumi.aws.appflow.Flow;\nimport com.pulumi.aws.appflow.FlowArgs;\nimport com.pulumi.aws.appflow.inputs.FlowSourceFlowConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowSourceFlowConfigSourceConnectorPropertiesArgs;\nimport com.pulumi.aws.appflow.inputs.FlowSourceFlowConfigSourceConnectorPropertiesS3Args;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesArgs;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs;\nimport com.pulumi.aws.appflow.inputs.FlowTaskArgs;\nimport com.pulumi.aws.appflow.inputs.FlowTriggerConfigArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSourceBucketV2 = new BucketV2(\"exampleSourceBucketV2\", BucketV2Args.builder() \n .bucket(\"example-source\")\n .build());\n\n final var exampleSource = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowAppFlowSourceActions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appflow.amazonaws.com\")\n .build())\n .actions( \n \"s3:ListBucket\",\n \"s3:GetObject\")\n .resources( \n \"arn:aws:s3:::example-source\",\n \"arn:aws:s3:::example-source/*\")\n .build())\n .build());\n\n var exampleSourceBucketPolicy = new BucketPolicy(\"exampleSourceBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(exampleSourceBucketV2.id())\n .policy(exampleSource.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new BucketObjectv2(\"example\", BucketObjectv2Args.builder() \n .bucket(exampleSourceBucketV2.id())\n .key(\"example_source.csv\")\n .source(new FileAsset(\"example_source.csv\"))\n .build());\n\n var exampleDestinationBucketV2 = new BucketV2(\"exampleDestinationBucketV2\", BucketV2Args.builder() \n .bucket(\"example-destination\")\n .build());\n\n final var exampleDestination = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowAppFlowDestinationActions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appflow.amazonaws.com\")\n .build())\n .actions( \n \"s3:PutObject\",\n \"s3:AbortMultipartUpload\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:GetBucketAcl\",\n \"s3:PutObjectAcl\")\n .resources( \n \"arn:aws:s3:::example-destination\",\n \"arn:aws:s3:::example-destination/*\")\n .build())\n .build());\n\n var exampleDestinationBucketPolicy = new BucketPolicy(\"exampleDestinationBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(exampleDestinationBucketV2.id())\n .policy(exampleDestination.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleFlow = new Flow(\"exampleFlow\", FlowArgs.builder() \n .name(\"example\")\n .sourceFlowConfig(FlowSourceFlowConfigArgs.builder()\n .connectorType(\"S3\")\n .sourceConnectorProperties(FlowSourceFlowConfigSourceConnectorPropertiesArgs.builder()\n .s3(FlowSourceFlowConfigSourceConnectorPropertiesS3Args.builder()\n .bucketName(exampleSourceBucketPolicy.bucket())\n .bucketPrefix(\"example\")\n .build())\n .build())\n .build())\n .destinationFlowConfigs(FlowDestinationFlowConfigArgs.builder()\n .connectorType(\"S3\")\n .destinationConnectorProperties(FlowDestinationFlowConfigDestinationConnectorPropertiesArgs.builder()\n .s3(FlowDestinationFlowConfigDestinationConnectorPropertiesS3Args.builder()\n .bucketName(exampleDestinationBucketPolicy.bucket())\n .s3OutputFormatConfig(FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigArgs.builder()\n .prefixConfig(FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfigArgs.builder()\n .prefixType(\"PATH\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .tasks(FlowTaskArgs.builder()\n .sourceFields(\"exampleField\")\n .destinationField(\"exampleField\")\n .taskType(\"Map\")\n .connectorOperators(FlowTaskConnectorOperatorArgs.builder()\n .s3(\"NO_OP\")\n .build())\n .build())\n .triggerConfig(FlowTriggerConfigArgs.builder()\n .triggerType(\"OnDemand\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSourceBucketV2:\n type: aws:s3:BucketV2\n name: example_source\n properties:\n bucket: example-source\n exampleSourceBucketPolicy:\n type: aws:s3:BucketPolicy\n name: example_source\n properties:\n bucket: ${exampleSourceBucketV2.id}\n policy: ${exampleSource.json}\n example:\n type: aws:s3:BucketObjectv2\n properties:\n bucket: ${exampleSourceBucketV2.id}\n key: example_source.csv\n source:\n fn::FileAsset: example_source.csv\n exampleDestinationBucketV2:\n type: aws:s3:BucketV2\n name: example_destination\n properties:\n bucket: example-destination\n exampleDestinationBucketPolicy:\n type: aws:s3:BucketPolicy\n name: example_destination\n properties:\n bucket: ${exampleDestinationBucketV2.id}\n policy: ${exampleDestination.json}\n exampleFlow:\n type: aws:appflow:Flow\n name: example\n properties:\n name: example\n sourceFlowConfig:\n connectorType: S3\n sourceConnectorProperties:\n s3:\n bucketName: ${exampleSourceBucketPolicy.bucket}\n bucketPrefix: example\n destinationFlowConfigs:\n - connectorType: S3\n destinationConnectorProperties:\n s3:\n bucketName: ${exampleDestinationBucketPolicy.bucket}\n s3OutputFormatConfig:\n prefixConfig:\n prefixType: PATH\n tasks:\n - sourceFields:\n - exampleField\n destinationField: exampleField\n taskType: Map\n connectorOperators:\n - s3: NO_OP\n triggerConfig:\n triggerType: OnDemand\nvariables:\n exampleSource:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowAppFlowSourceActions\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - appflow.amazonaws.com\n actions:\n - s3:ListBucket\n - s3:GetObject\n resources:\n - arn:aws:s3:::example-source\n - arn:aws:s3:::example-source/*\n exampleDestination:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowAppFlowDestinationActions\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - appflow.amazonaws.com\n actions:\n - s3:PutObject\n - s3:AbortMultipartUpload\n - s3:ListMultipartUploadParts\n - s3:ListBucketMultipartUploads\n - s3:GetBucketAcl\n - s3:PutObjectAcl\n resources:\n - arn:aws:s3:::example-destination\n - arn:aws:s3:::example-destination/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AppFlow flows using the `arn`. For example:\n\n```sh\n$ pulumi import aws:appflow/flow:Flow example arn:aws:appflow:us-west-2:123456789012:flow/example-flow\n```\n", "properties": { "arn": { "type": "string", @@ -167969,7 +167969,7 @@ } }, "aws:appsync/dataSource:DataSource": { - "description": "Provides an AppSync Data Source.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTable = new aws.dynamodb.Table(\"example\", {\n name: \"example\",\n readCapacity: 1,\n writeCapacity: 1,\n hashKey: \"UserId\",\n attributes: [{\n name: \"UserId\",\n type: \"S\",\n }],\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"appsync.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"dynamodb:*\"],\n resources: [exampleTable.arn],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"example\",\n role: exampleRole.id,\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"example\", {\n authenticationType: \"API_KEY\",\n name: \"my_appsync_example\",\n});\nconst exampleDataSource = new aws.appsync.DataSource(\"example\", {\n apiId: exampleGraphQLApi.id,\n name: \"my_appsync_example\",\n serviceRoleArn: exampleRole.arn,\n type: \"AMAZON_DYNAMODB\",\n dynamodbConfig: {\n tableName: exampleTable.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_table = aws.dynamodb.Table(\"example\",\n name=\"example\",\n read_capacity=1,\n write_capacity=1,\n hash_key=\"UserId\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"UserId\",\n type=\"S\",\n )])\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appsync.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"dynamodb:*\"],\n resources=[example_table.arn],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"example\",\n role=example_role.id,\n policy=example.json)\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"example\",\n authentication_type=\"API_KEY\",\n name=\"my_appsync_example\")\nexample_data_source = aws.appsync.DataSource(\"example\",\n api_id=example_graph_ql_api.id,\n name=\"my_appsync_example\",\n service_role_arn=example_role.arn,\n type=\"AMAZON_DYNAMODB\",\n dynamodb_config=aws.appsync.DataSourceDynamodbConfigArgs(\n table_name=example_table.name,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleTable = new Aws.DynamoDB.Table(\"example\", new()\n {\n Name = \"example\",\n ReadCapacity = 1,\n WriteCapacity = 1,\n HashKey = \"UserId\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"UserId\",\n Type = \"S\",\n },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appsync.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"dynamodb:*\",\n },\n Resources = new[]\n {\n exampleTable.Arn,\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"example\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"example\", new()\n {\n AuthenticationType = \"API_KEY\",\n Name = \"my_appsync_example\",\n });\n\n var exampleDataSource = new Aws.AppSync.DataSource(\"example\", new()\n {\n ApiId = exampleGraphQLApi.Id,\n Name = \"my_appsync_example\",\n ServiceRoleArn = exampleRole.Arn,\n Type = \"AMAZON_DYNAMODB\",\n DynamodbConfig = new Aws.AppSync.Inputs.DataSourceDynamodbConfigArgs\n {\n TableName = exampleTable.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleTable, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tReadCapacity: pulumi.Int(1),\n\t\t\tWriteCapacity: pulumi.Int(1),\n\t\t\tHashKey: pulumi.String(\"UserId\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"UserId\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appsync.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"dynamodb:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleTable.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026example.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"example\", \u0026appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t\tName: pulumi.String(\"my_appsync_example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewDataSource(ctx, \"example\", \u0026appsync.DataSourceArgs{\n\t\t\tApiId: exampleGraphQLApi.ID(),\n\t\t\tName: pulumi.String(\"my_appsync_example\"),\n\t\t\tServiceRoleArn: exampleRole.Arn,\n\t\t\tType: pulumi.String(\"AMAZON_DYNAMODB\"),\n\t\t\tDynamodbConfig: \u0026appsync.DataSourceDynamodbConfigArgs{\n\t\t\t\tTableName: exampleTable.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.appsync.GraphQLApi;\nimport com.pulumi.aws.appsync.GraphQLApiArgs;\nimport com.pulumi.aws.appsync.DataSource;\nimport com.pulumi.aws.appsync.DataSourceArgs;\nimport com.pulumi.aws.appsync.inputs.DataSourceDynamodbConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleTable = new Table(\"exampleTable\", TableArgs.builder() \n .name(\"example\")\n .readCapacity(1)\n .writeCapacity(1)\n .hashKey(\"UserId\")\n .attributes(TableAttributeArgs.builder()\n .name(\"UserId\")\n .type(\"S\")\n .build())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appsync.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"dynamodb:*\")\n .resources(exampleTable.arn())\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"example\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleGraphQLApi = new GraphQLApi(\"exampleGraphQLApi\", GraphQLApiArgs.builder() \n .authenticationType(\"API_KEY\")\n .name(\"my_appsync_example\")\n .build());\n\n var exampleDataSource = new DataSource(\"exampleDataSource\", DataSourceArgs.builder() \n .apiId(exampleGraphQLApi.id())\n .name(\"my_appsync_example\")\n .serviceRoleArn(exampleRole.arn())\n .type(\"AMAZON_DYNAMODB\")\n .dynamodbConfig(DataSourceDynamodbConfigArgs.builder()\n .tableName(exampleTable.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTable:\n type: aws:dynamodb:Table\n name: example\n properties:\n name: example\n readCapacity: 1\n writeCapacity: 1\n hashKey: UserId\n attributes:\n - name: UserId\n type: S\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: example\n role: ${exampleRole.id}\n policy: ${example.json}\n exampleGraphQLApi:\n type: aws:appsync:GraphQLApi\n name: example\n properties:\n authenticationType: API_KEY\n name: my_appsync_example\n exampleDataSource:\n type: aws:appsync:DataSource\n name: example\n properties:\n apiId: ${exampleGraphQLApi.id}\n name: my_appsync_example\n serviceRoleArn: ${exampleRole.arn}\n type: AMAZON_DYNAMODB\n dynamodbConfig:\n tableName: ${exampleTable.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - appsync.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - dynamodb:*\n resources:\n - ${exampleTable.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_appsync_datasource` using the `api_id`, a hyphen, and `name`. For example:\n\n```sh\n$ pulumi import aws:appsync/dataSource:DataSource example abcdef123456-example\n```\n", + "description": "Provides an AppSync Data Source.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTable = new aws.dynamodb.Table(\"example\", {\n name: \"example\",\n readCapacity: 1,\n writeCapacity: 1,\n hashKey: \"UserId\",\n attributes: [{\n name: \"UserId\",\n type: \"S\",\n }],\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"appsync.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"dynamodb:*\"],\n resources: [exampleTable.arn],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"example\",\n role: exampleRole.id,\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"example\", {\n authenticationType: \"API_KEY\",\n name: \"my_appsync_example\",\n});\nconst exampleDataSource = new aws.appsync.DataSource(\"example\", {\n apiId: exampleGraphQLApi.id,\n name: \"my_appsync_example\",\n serviceRoleArn: exampleRole.arn,\n type: \"AMAZON_DYNAMODB\",\n dynamodbConfig: {\n tableName: exampleTable.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_table = aws.dynamodb.Table(\"example\",\n name=\"example\",\n read_capacity=1,\n write_capacity=1,\n hash_key=\"UserId\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"UserId\",\n type=\"S\",\n )])\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"appsync.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"dynamodb:*\"],\n resources=[example_table.arn],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"example\",\n role=example_role.id,\n policy=example.json)\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"example\",\n authentication_type=\"API_KEY\",\n name=\"my_appsync_example\")\nexample_data_source = aws.appsync.DataSource(\"example\",\n api_id=example_graph_ql_api.id,\n name=\"my_appsync_example\",\n service_role_arn=example_role.arn,\n type=\"AMAZON_DYNAMODB\",\n dynamodb_config=aws.appsync.DataSourceDynamodbConfigArgs(\n table_name=example_table.name,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleTable = new Aws.DynamoDB.Table(\"example\", new()\n {\n Name = \"example\",\n ReadCapacity = 1,\n WriteCapacity = 1,\n HashKey = \"UserId\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"UserId\",\n Type = \"S\",\n },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"appsync.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"dynamodb:*\",\n },\n Resources = new[]\n {\n exampleTable.Arn,\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"example\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"example\", new()\n {\n AuthenticationType = \"API_KEY\",\n Name = \"my_appsync_example\",\n });\n\n var exampleDataSource = new Aws.AppSync.DataSource(\"example\", new()\n {\n ApiId = exampleGraphQLApi.Id,\n Name = \"my_appsync_example\",\n ServiceRoleArn = exampleRole.Arn,\n Type = \"AMAZON_DYNAMODB\",\n DynamodbConfig = new Aws.AppSync.Inputs.DataSourceDynamodbConfigArgs\n {\n TableName = exampleTable.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleTable, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tReadCapacity: pulumi.Int(1),\n\t\t\tWriteCapacity: pulumi.Int(1),\n\t\t\tHashKey: pulumi.String(\"UserId\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"UserId\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"appsync.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"dynamodb:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleTable.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026example.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"example\", \u0026appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t\tName: pulumi.String(\"my_appsync_example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewDataSource(ctx, \"example\", \u0026appsync.DataSourceArgs{\n\t\t\tApiId: exampleGraphQLApi.ID(),\n\t\t\tName: pulumi.String(\"my_appsync_example\"),\n\t\t\tServiceRoleArn: exampleRole.Arn,\n\t\t\tType: pulumi.String(\"AMAZON_DYNAMODB\"),\n\t\t\tDynamodbConfig: \u0026appsync.DataSourceDynamodbConfigArgs{\n\t\t\t\tTableName: exampleTable.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.appsync.GraphQLApi;\nimport com.pulumi.aws.appsync.GraphQLApiArgs;\nimport com.pulumi.aws.appsync.DataSource;\nimport com.pulumi.aws.appsync.DataSourceArgs;\nimport com.pulumi.aws.appsync.inputs.DataSourceDynamodbConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleTable = new Table(\"exampleTable\", TableArgs.builder() \n .name(\"example\")\n .readCapacity(1)\n .writeCapacity(1)\n .hashKey(\"UserId\")\n .attributes(TableAttributeArgs.builder()\n .name(\"UserId\")\n .type(\"S\")\n .build())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"appsync.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"dynamodb:*\")\n .resources(exampleTable.arn())\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"example\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleGraphQLApi = new GraphQLApi(\"exampleGraphQLApi\", GraphQLApiArgs.builder() \n .authenticationType(\"API_KEY\")\n .name(\"my_appsync_example\")\n .build());\n\n var exampleDataSource = new DataSource(\"exampleDataSource\", DataSourceArgs.builder() \n .apiId(exampleGraphQLApi.id())\n .name(\"my_appsync_example\")\n .serviceRoleArn(exampleRole.arn())\n .type(\"AMAZON_DYNAMODB\")\n .dynamodbConfig(DataSourceDynamodbConfigArgs.builder()\n .tableName(exampleTable.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTable:\n type: aws:dynamodb:Table\n name: example\n properties:\n name: example\n readCapacity: 1\n writeCapacity: 1\n hashKey: UserId\n attributes:\n - name: UserId\n type: S\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: example\n role: ${exampleRole.id}\n policy: ${example.json}\n exampleGraphQLApi:\n type: aws:appsync:GraphQLApi\n name: example\n properties:\n authenticationType: API_KEY\n name: my_appsync_example\n exampleDataSource:\n type: aws:appsync:DataSource\n name: example\n properties:\n apiId: ${exampleGraphQLApi.id}\n name: my_appsync_example\n serviceRoleArn: ${exampleRole.arn}\n type: AMAZON_DYNAMODB\n dynamodbConfig:\n tableName: ${exampleTable.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - appsync.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - dynamodb:*\n resources:\n - ${exampleTable.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_appsync_datasource` using the `api_id`, a hyphen, and `name`. For example:\n\n```sh\n$ pulumi import aws:appsync/dataSource:DataSource example abcdef123456-example\n```\n", "properties": { "apiId": { "type": "string", @@ -170412,7 +170412,7 @@ } }, "aws:autoscaling/group:Group": { - "description": "Provides an Auto Scaling Group resource.\n\n\u003e **Note:** You must specify either `launch_configuration`, `launch_template`, or `mixed_instances_policy`.\n\n\u003e **NOTE on Auto Scaling Groups, Attachments and Traffic Source Attachments:** Pulumi provides standalone Attachment (for attaching Classic Load Balancers and Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target groups) and Traffic Source Attachment (for attaching Load Balancers and VPC Lattice target groups) resources and an Auto Scaling Group resource with `load_balancers`, `target_group_arns` and `traffic_source` attributes. Do not use the same traffic source in more than one of these resources. Doing so will cause a conflict of attachments. A `lifecycle` configuration block can be used to suppress differences if necessary.\n\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ec2.PlacementGroup(\"test\", {\n name: \"test\",\n strategy: \"cluster\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n name: \"foobar3-test\",\n maxSize: 5,\n minSize: 2,\n healthCheckGracePeriod: 300,\n healthCheckType: \"ELB\",\n desiredCapacity: 4,\n forceDelete: true,\n placementGroup: test.id,\n launchConfiguration: foobar.name,\n vpcZoneIdentifiers: [\n example1.id,\n example2.id,\n ],\n instanceMaintenancePolicy: {\n minHealthyPercentage: 90,\n maxHealthyPercentage: 120,\n },\n initialLifecycleHooks: [{\n name: \"foobar\",\n defaultResult: \"CONTINUE\",\n heartbeatTimeout: 2000,\n lifecycleTransition: \"autoscaling:EC2_INSTANCE_LAUNCHING\",\n notificationMetadata: JSON.stringify({\n foo: \"bar\",\n }),\n notificationTargetArn: \"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n roleArn: \"arn:aws:iam::123456789012:role/S3Access\",\n }],\n tags: [\n {\n key: \"foo\",\n value: \"bar\",\n propagateAtLaunch: true,\n },\n {\n key: \"lorem\",\n value: \"ipsum\",\n propagateAtLaunch: false,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest = aws.ec2.PlacementGroup(\"test\",\n name=\"test\",\n strategy=\"cluster\")\nbar = aws.autoscaling.Group(\"bar\",\n name=\"foobar3-test\",\n max_size=5,\n min_size=2,\n health_check_grace_period=300,\n health_check_type=\"ELB\",\n desired_capacity=4,\n force_delete=True,\n placement_group=test.id,\n launch_configuration=foobar[\"name\"],\n vpc_zone_identifiers=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n instance_maintenance_policy=aws.autoscaling.GroupInstanceMaintenancePolicyArgs(\n min_healthy_percentage=90,\n max_healthy_percentage=120,\n ),\n initial_lifecycle_hooks=[aws.autoscaling.GroupInitialLifecycleHookArgs(\n name=\"foobar\",\n default_result=\"CONTINUE\",\n heartbeat_timeout=2000,\n lifecycle_transition=\"autoscaling:EC2_INSTANCE_LAUNCHING\",\n notification_metadata=json.dumps({\n \"foo\": \"bar\",\n }),\n notification_target_arn=\"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n role_arn=\"arn:aws:iam::123456789012:role/S3Access\",\n )],\n tags=[\n aws.autoscaling.GroupTagArgs(\n key=\"foo\",\n value=\"bar\",\n propagate_at_launch=True,\n ),\n aws.autoscaling.GroupTagArgs(\n key=\"lorem\",\n value=\"ipsum\",\n propagate_at_launch=False,\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Ec2.PlacementGroup(\"test\", new()\n {\n Name = \"test\",\n Strategy = \"cluster\",\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n Name = \"foobar3-test\",\n MaxSize = 5,\n MinSize = 2,\n HealthCheckGracePeriod = 300,\n HealthCheckType = \"ELB\",\n DesiredCapacity = 4,\n ForceDelete = true,\n PlacementGroup = test.Id,\n LaunchConfiguration = foobar.Name,\n VpcZoneIdentifiers = new[]\n {\n example1.Id,\n example2.Id,\n },\n InstanceMaintenancePolicy = new Aws.AutoScaling.Inputs.GroupInstanceMaintenancePolicyArgs\n {\n MinHealthyPercentage = 90,\n MaxHealthyPercentage = 120,\n },\n InitialLifecycleHooks = new[]\n {\n new Aws.AutoScaling.Inputs.GroupInitialLifecycleHookArgs\n {\n Name = \"foobar\",\n DefaultResult = \"CONTINUE\",\n HeartbeatTimeout = 2000,\n LifecycleTransition = \"autoscaling:EC2_INSTANCE_LAUNCHING\",\n NotificationMetadata = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"foo\"] = \"bar\",\n }),\n NotificationTargetArn = \"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n RoleArn = \"arn:aws:iam::123456789012:role/S3Access\",\n },\n },\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"foo\",\n Value = \"bar\",\n PropagateAtLaunch = true,\n },\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"lorem\",\n Value = \"ipsum\",\n PropagateAtLaunch = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.NewPlacementGroup(ctx, \"test\", \u0026ec2.PlacementGroupArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tStrategy: pulumi.String(\"cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"foo\": \"bar\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tName: pulumi.String(\"foobar3-test\"),\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(2),\n\t\t\tHealthCheckGracePeriod: pulumi.Int(300),\n\t\t\tHealthCheckType: pulumi.String(\"ELB\"),\n\t\t\tDesiredCapacity: pulumi.Int(4),\n\t\t\tForceDelete: pulumi.Bool(true),\n\t\t\tPlacementGroup: test.ID(),\n\t\t\tLaunchConfiguration: pulumi.Any(foobar.Name),\n\t\t\tVpcZoneIdentifiers: pulumi.StringArray{\n\t\t\t\texample1.Id,\n\t\t\t\texample2.Id,\n\t\t\t},\n\t\t\tInstanceMaintenancePolicy: \u0026autoscaling.GroupInstanceMaintenancePolicyArgs{\n\t\t\t\tMinHealthyPercentage: pulumi.Int(90),\n\t\t\t\tMaxHealthyPercentage: pulumi.Int(120),\n\t\t\t},\n\t\t\tInitialLifecycleHooks: autoscaling.GroupInitialLifecycleHookArray{\n\t\t\t\t\u0026autoscaling.GroupInitialLifecycleHookArgs{\n\t\t\t\t\tName: pulumi.String(\"foobar\"),\n\t\t\t\t\tDefaultResult: pulumi.String(\"CONTINUE\"),\n\t\t\t\t\tHeartbeatTimeout: pulumi.Int(2000),\n\t\t\t\t\tLifecycleTransition: pulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCHING\"),\n\t\t\t\t\tNotificationMetadata: pulumi.String(json0),\n\t\t\t\t\tNotificationTargetArn: pulumi.String(\"arn:aws:sqs:us-east-1:444455556666:queue1*\"),\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::123456789012:role/S3Access\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"lorem\"),\n\t\t\t\t\tValue: pulumi.String(\"ipsum\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.PlacementGroup;\nimport com.pulumi.aws.ec2.PlacementGroupArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInstanceMaintenancePolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInitialLifecycleHookArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new PlacementGroup(\"test\", PlacementGroupArgs.builder() \n .name(\"test\")\n .strategy(\"cluster\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .name(\"foobar3-test\")\n .maxSize(5)\n .minSize(2)\n .healthCheckGracePeriod(300)\n .healthCheckType(\"ELB\")\n .desiredCapacity(4)\n .forceDelete(true)\n .placementGroup(test.id())\n .launchConfiguration(foobar.name())\n .vpcZoneIdentifiers( \n example1.id(),\n example2.id())\n .instanceMaintenancePolicy(GroupInstanceMaintenancePolicyArgs.builder()\n .minHealthyPercentage(90)\n .maxHealthyPercentage(120)\n .build())\n .initialLifecycleHooks(GroupInitialLifecycleHookArgs.builder()\n .name(\"foobar\")\n .defaultResult(\"CONTINUE\")\n .heartbeatTimeout(2000)\n .lifecycleTransition(\"autoscaling:EC2_INSTANCE_LAUNCHING\")\n .notificationMetadata(serializeJson(\n jsonObject(\n jsonProperty(\"foo\", \"bar\")\n )))\n .notificationTargetArn(\"arn:aws:sqs:us-east-1:444455556666:queue1*\")\n .roleArn(\"arn:aws:iam::123456789012:role/S3Access\")\n .build())\n .tags( \n GroupTagArgs.builder()\n .key(\"foo\")\n .value(\"bar\")\n .propagateAtLaunch(true)\n .build(),\n GroupTagArgs.builder()\n .key(\"lorem\")\n .value(\"ipsum\")\n .propagateAtLaunch(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:PlacementGroup\n properties:\n name: test\n strategy: cluster\n bar:\n type: aws:autoscaling:Group\n properties:\n name: foobar3-test\n maxSize: 5\n minSize: 2\n healthCheckGracePeriod: 300\n healthCheckType: ELB\n desiredCapacity: 4\n forceDelete: true\n placementGroup: ${test.id}\n launchConfiguration: ${foobar.name}\n vpcZoneIdentifiers:\n - ${example1.id}\n - ${example2.id}\n instanceMaintenancePolicy:\n minHealthyPercentage: 90\n maxHealthyPercentage: 120\n initialLifecycleHooks:\n - name: foobar\n defaultResult: CONTINUE\n heartbeatTimeout: 2000\n lifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING\n notificationMetadata:\n fn::toJSON:\n foo: bar\n notificationTargetArn: arn:aws:sqs:us-east-1:444455556666:queue1*\n roleArn: arn:aws:iam::123456789012:role/S3Access\n tags:\n - key: foo\n value: bar\n propagateAtLaunch: true\n - key: lorem\n value: ipsum\n propagateAtLaunch: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Latest Version Of Launch Template\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobar = new aws.ec2.LaunchTemplate(\"foobar\", {\n namePrefix: \"foobar\",\n imageId: \"ami-1a2b3c\",\n instanceType: \"t2.micro\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n launchTemplate: {\n id: foobar.id,\n version: \"$Latest\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar = aws.ec2.LaunchTemplate(\"foobar\",\n name_prefix=\"foobar\",\n image_id=\"ami-1a2b3c\",\n instance_type=\"t2.micro\")\nbar = aws.autoscaling.Group(\"bar\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n launch_template=aws.autoscaling.GroupLaunchTemplateArgs(\n id=foobar.id,\n version=\"$Latest\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foobar = new Aws.Ec2.LaunchTemplate(\"foobar\", new()\n {\n NamePrefix = \"foobar\",\n ImageId = \"ami-1a2b3c\",\n InstanceType = \"t2.micro\",\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupLaunchTemplateArgs\n {\n Id = foobar.Id,\n Version = \"$Latest\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobar, err := ec2.NewLaunchTemplate(ctx, \"foobar\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"foobar\"),\n\t\t\tImageId: pulumi.String(\"ami-1a2b3c\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tLaunchTemplate: \u0026autoscaling.GroupLaunchTemplateArgs{\n\t\t\t\tId: foobar.ID(),\n\t\t\t\tVersion: pulumi.String(\"$Latest\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foobar = new LaunchTemplate(\"foobar\", LaunchTemplateArgs.builder() \n .namePrefix(\"foobar\")\n .imageId(\"ami-1a2b3c\")\n .instanceType(\"t2.micro\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .launchTemplate(GroupLaunchTemplateArgs.builder()\n .id(foobar.id())\n .version(\"$Latest\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: foobar\n imageId: ami-1a2b3c\n instanceType: t2.micro\n bar:\n type: aws:autoscaling:Group\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n launchTemplate:\n id: ${foobar.id}\n version: $Latest\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c3.large\",\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c3.large\",\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c3.large\",\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c3.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides( \n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c4.large\")\n .weightedCapacity(\"3\")\n .build(),\n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c3.large\")\n .weightedCapacity(\"2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n mixedInstancesPolicy:\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceType: c4.large\n weightedCapacity: '3'\n - instanceType: c3.large\n weightedCapacity: '2'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy with Spot Instances and Capacity Rebalance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n capacityRebalance: true,\n desiredCapacity: 12,\n maxSize: 15,\n minSize: 12,\n vpcZoneIdentifiers: [\n example1.id,\n example2.id,\n ],\n mixedInstancesPolicy: {\n instancesDistribution: {\n onDemandBaseCapacity: 0,\n onDemandPercentageAboveBaseCapacity: 25,\n spotAllocationStrategy: \"capacity-optimized\",\n },\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c3.large\",\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n capacity_rebalance=True,\n desired_capacity=12,\n max_size=15,\n min_size=12,\n vpc_zone_identifiers=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n instances_distribution=aws.autoscaling.GroupMixedInstancesPolicyInstancesDistributionArgs(\n on_demand_base_capacity=0,\n on_demand_percentage_above_base_capacity=25,\n spot_allocation_strategy=\"capacity-optimized\",\n ),\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c3.large\",\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n CapacityRebalance = true,\n DesiredCapacity = 12,\n MaxSize = 15,\n MinSize = 12,\n VpcZoneIdentifiers = new[]\n {\n example1.Id,\n example2.Id,\n },\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n InstancesDistribution = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyInstancesDistributionArgs\n {\n OnDemandBaseCapacity = 0,\n OnDemandPercentageAboveBaseCapacity = 25,\n SpotAllocationStrategy = \"capacity-optimized\",\n },\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c3.large\",\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tCapacityRebalance: pulumi.Bool(true),\n\t\t\tDesiredCapacity: pulumi.Int(12),\n\t\t\tMaxSize: pulumi.Int(15),\n\t\t\tMinSize: pulumi.Int(12),\n\t\t\tVpcZoneIdentifiers: pulumi.StringArray{\n\t\t\t\texample1.Id,\n\t\t\t\texample2.Id,\n\t\t\t},\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tInstancesDistribution: \u0026autoscaling.GroupMixedInstancesPolicyInstancesDistributionArgs{\n\t\t\t\t\tOnDemandBaseCapacity: pulumi.Int(0),\n\t\t\t\t\tOnDemandPercentageAboveBaseCapacity: pulumi.Int(25),\n\t\t\t\t\tSpotAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t},\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c3.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyInstancesDistributionArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .capacityRebalance(true)\n .desiredCapacity(12)\n .maxSize(15)\n .minSize(12)\n .vpcZoneIdentifiers( \n example1.id(),\n example2.id())\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .instancesDistribution(GroupMixedInstancesPolicyInstancesDistributionArgs.builder()\n .onDemandBaseCapacity(0)\n .onDemandPercentageAboveBaseCapacity(25)\n .spotAllocationStrategy(\"capacity-optimized\")\n .build())\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides( \n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c4.large\")\n .weightedCapacity(\"3\")\n .build(),\n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c3.large\")\n .weightedCapacity(\"2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n capacityRebalance: true\n desiredCapacity: 12\n maxSize: 15\n minSize: 12\n vpcZoneIdentifiers:\n - ${example1.id}\n - ${example2.id}\n mixedInstancesPolicy:\n instancesDistribution:\n onDemandBaseCapacity: 0\n onDemandPercentageAboveBaseCapacity: 25\n spotAllocationStrategy: capacity-optimized\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceType: c4.large\n weightedCapacity: '3'\n - instanceType: c3.large\n weightedCapacity: '2'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy with Instance level LaunchTemplateSpecification Overrides\n\nWhen using a diverse instance set, some instance types might require a launch template with configuration values unique to that instance type such as a different AMI (Graviton2), architecture specific user data script, different EBS configuration, or different networking configuration.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst example2 = new aws.ec2.LaunchTemplate(\"example2\", {\n namePrefix: \"example2\",\n imageId: example2AwsAmi.id,\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c6g.large\",\n launchTemplateSpecification: {\n launchTemplateId: example2.id,\n },\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample2 = aws.ec2.LaunchTemplate(\"example2\",\n name_prefix=\"example2\",\n image_id=example2_aws_ami[\"id\"])\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c6g.large\",\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs(\n launch_template_id=example2.id,\n ),\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var example2 = new Aws.Ec2.LaunchTemplate(\"example2\", new()\n {\n NamePrefix = \"example2\",\n ImageId = example2AwsAmi.Id,\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c6g.large\",\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example2.Id,\n },\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample2, err := ec2.NewLaunchTemplate(ctx, \"example2\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example2\"),\n\t\t\tImageId: pulumi.Any(example2AwsAmi.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c6g.large\"),\n\t\t\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\t\t\tLaunchTemplateId: example2.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var example2 = new LaunchTemplate(\"example2\", LaunchTemplateArgs.builder() \n .namePrefix(\"example2\")\n .imageId(example2AwsAmi.id())\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides( \n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c4.large\")\n .weightedCapacity(\"3\")\n .build(),\n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c6g.large\")\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example2.id())\n .build())\n .weightedCapacity(\"2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n example2:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example2\n imageId: ${example2AwsAmi.id}\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n mixedInstancesPolicy:\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceType: c4.large\n weightedCapacity: '3'\n - instanceType: c6g.large\n launchTemplateSpecification:\n launchTemplateId: ${example2.id}\n weightedCapacity: '2'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy with Attribute-based Instance Type Selection\n\nAs an alternative to manually choosing instance types when creating a mixed instances group, you can specify a set of instance attributes that describe your compute requirements.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [{\n instanceRequirements: {\n memoryMib: {\n min: 1000,\n },\n vcpuCount: {\n min: 4,\n },\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_requirements=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs(\n memory_mib=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs(\n min=1000,\n ),\n vcpu_count=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs(\n min=4,\n ),\n ),\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceRequirements = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs\n {\n MemoryMib = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs\n {\n Min = 1000,\n },\n VcpuCount = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs\n {\n Min = 4,\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceRequirements: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs{\n\t\t\t\t\t\t\t\tMemoryMib: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs{\n\t\t\t\t\t\t\t\t\tMin: pulumi.Int(1000),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tVcpuCount: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs{\n\t\t\t\t\t\t\t\t\tMin: pulumi.Int(4),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides(GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceRequirements(GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs.builder()\n .memoryMib(GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs.builder()\n .min(1000)\n .build())\n .vcpuCount(GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs.builder()\n .min(4)\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n mixedInstancesPolicy:\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceRequirements:\n memoryMib:\n min: 1000\n vcpuCount:\n min: 4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Dynamic tagging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst extraTags = config.getObject(\"extraTags\") || [\n {\n key: \"Foo\",\n propagateAtLaunch: true,\n value: \"Bar\",\n },\n {\n key: \"Baz\",\n propagateAtLaunch: true,\n value: \"Bam\",\n },\n];\nconst test = new aws.autoscaling.Group(\"test\", {\n tags: [\n {\n key: \"explicit1\",\n value: \"value1\",\n propagateAtLaunch: true,\n },\n {\n key: \"explicit2\",\n value: \"value2\",\n propagateAtLaunch: true,\n },\n ],\n name: \"foobar3-test\",\n maxSize: 5,\n minSize: 2,\n launchConfiguration: foobar.name,\n vpcZoneIdentifiers: [\n example1.id,\n example2.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nextra_tags = config.get_object(\"extraTags\")\nif extra_tags is None:\n extra_tags = [\n {\n \"key\": \"Foo\",\n \"propagateAtLaunch\": True,\n \"value\": \"Bar\",\n },\n {\n \"key\": \"Baz\",\n \"propagateAtLaunch\": True,\n \"value\": \"Bam\",\n },\n ]\ntest = aws.autoscaling.Group(\"test\",\n tags=[\n aws.autoscaling.GroupTagArgs(\n key=\"explicit1\",\n value=\"value1\",\n propagate_at_launch=True,\n ),\n aws.autoscaling.GroupTagArgs(\n key=\"explicit2\",\n value=\"value2\",\n propagate_at_launch=True,\n ),\n ],\n name=\"foobar3-test\",\n max_size=5,\n min_size=2,\n launch_configuration=foobar[\"name\"],\n vpc_zone_identifiers=[\n example1[\"id\"],\n example2[\"id\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var extraTags = config.GetObject\u003cdynamic\u003e(\"extraTags\") ?? new[]\n {\n \n {\n { \"key\", \"Foo\" },\n { \"propagateAtLaunch\", true },\n { \"value\", \"Bar\" },\n },\n \n {\n { \"key\", \"Baz\" },\n { \"propagateAtLaunch\", true },\n { \"value\", \"Bam\" },\n },\n };\n var test = new Aws.AutoScaling.Group(\"test\", new()\n {\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"explicit1\",\n Value = \"value1\",\n PropagateAtLaunch = true,\n },\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"explicit2\",\n Value = \"value2\",\n PropagateAtLaunch = true,\n },\n },\n Name = \"foobar3-test\",\n MaxSize = 5,\n MinSize = 2,\n LaunchConfiguration = foobar.Name,\n VpcZoneIdentifiers = new[]\n {\n example1.Id,\n example2.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\textraTags := []map[string]interface{}{\n\t\t\tmap[string]interface{}{\n\t\t\t\t\"key\": \"Foo\",\n\t\t\t\t\"propagateAtLaunch\": true,\n\t\t\t\t\"value\": \"Bar\",\n\t\t\t},\n\t\t\tmap[string]interface{}{\n\t\t\t\t\"key\": \"Baz\",\n\t\t\t\t\"propagateAtLaunch\": true,\n\t\t\t\t\"value\": \"Bam\",\n\t\t\t},\n\t\t}\n\t\tif param := cfg.GetObject(\"extraTags\"); param != nil {\n\t\t\textraTags = param\n\t\t}\n\t\t_, err := autoscaling.NewGroup(ctx, \"test\", \u0026autoscaling.GroupArgs{\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"explicit1\"),\n\t\t\t\t\tValue: pulumi.String(\"value1\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"explicit2\"),\n\t\t\t\t\tValue: pulumi.String(\"value2\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"foobar3-test\"),\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(2),\n\t\t\tLaunchConfiguration: pulumi.Any(foobar.Name),\n\t\t\tVpcZoneIdentifiers: pulumi.StringArray{\n\t\t\t\texample1.Id,\n\t\t\t\texample2.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var extraTags = config.get(\"extraTags\").orElse( \n %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),\n %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n var test = new Group(\"test\", GroupArgs.builder() \n .tags( \n GroupTagArgs.builder()\n .key(\"explicit1\")\n .value(\"value1\")\n .propagateAtLaunch(true)\n .build(),\n GroupTagArgs.builder()\n .key(\"explicit2\")\n .value(\"value2\")\n .propagateAtLaunch(true)\n .build())\n .name(\"foobar3-test\")\n .maxSize(5)\n .minSize(2)\n .launchConfiguration(foobar.name())\n .vpcZoneIdentifiers( \n example1.id(),\n example2.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n extraTags:\n type: dynamic\n default:\n - key: Foo\n propagateAtLaunch: true\n value: Bar\n - key: Baz\n propagateAtLaunch: true\n value: Bam\nresources:\n test:\n type: aws:autoscaling:Group\n properties:\n tags:\n - key: explicit1\n value: value1\n propagateAtLaunch: true\n - key: explicit2\n value: value2\n propagateAtLaunch: true\n name: foobar3-test\n maxSize: 5\n minSize: 2\n launchConfiguration: ${foobar.name}\n vpcZoneIdentifiers:\n - ${example1.id}\n - ${example2.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Automatically refresh all instances after the group is updated\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-hvm-*-x86_64-gp2\"],\n }],\n});\nconst exampleLaunchTemplate = new aws.ec2.LaunchTemplate(\"example\", {\n imageId: example.then(example =\u003e example.id),\n instanceType: \"t3.nano\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 2,\n minSize: 1,\n launchTemplate: {\n id: exampleLaunchTemplate.id,\n version: exampleLaunchTemplate.latestVersion,\n },\n tags: [{\n key: \"Key\",\n value: \"Value\",\n propagateAtLaunch: true,\n }],\n instanceRefresh: {\n strategy: \"Rolling\",\n preferences: {\n minHealthyPercentage: 50,\n },\n triggers: [\"tag\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*-x86_64-gp2\"],\n )])\nexample_launch_template = aws.ec2.LaunchTemplate(\"example\",\n image_id=example.id,\n instance_type=\"t3.nano\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=2,\n min_size=1,\n launch_template=aws.autoscaling.GroupLaunchTemplateArgs(\n id=example_launch_template.id,\n version=example_launch_template.latest_version,\n ),\n tags=[aws.autoscaling.GroupTagArgs(\n key=\"Key\",\n value=\"Value\",\n propagate_at_launch=True,\n )],\n instance_refresh=aws.autoscaling.GroupInstanceRefreshArgs(\n strategy=\"Rolling\",\n preferences=aws.autoscaling.GroupInstanceRefreshPreferencesArgs(\n min_healthy_percentage=50,\n ),\n triggers=[\"tag\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-hvm-*-x86_64-gp2\",\n },\n },\n },\n });\n\n var exampleLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n ImageId = example.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t3.nano\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 2,\n MinSize = 1,\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupLaunchTemplateArgs\n {\n Id = exampleLaunchTemplate.Id,\n Version = exampleLaunchTemplate.LatestVersion,\n },\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"Key\",\n Value = \"Value\",\n PropagateAtLaunch = true,\n },\n },\n InstanceRefresh = new Aws.AutoScaling.Inputs.GroupInstanceRefreshArgs\n {\n Strategy = \"Rolling\",\n Preferences = new Aws.AutoScaling.Inputs.GroupInstanceRefreshPreferencesArgs\n {\n MinHealthyPercentage = 50,\n },\n Triggers = new[]\n {\n \"tag\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*-x86_64-gp2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tImageId: *pulumi.String(example.Id),\n\t\t\tInstanceType: pulumi.String(\"t3.nano\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(2),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tLaunchTemplate: \u0026autoscaling.GroupLaunchTemplateArgs{\n\t\t\t\tId: exampleLaunchTemplate.ID(),\n\t\t\t\tVersion: exampleLaunchTemplate.LatestVersion,\n\t\t\t},\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"Key\"),\n\t\t\t\t\tValue: pulumi.String(\"Value\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceRefresh: \u0026autoscaling.GroupInstanceRefreshArgs{\n\t\t\t\tStrategy: pulumi.String(\"Rolling\"),\n\t\t\t\tPreferences: \u0026autoscaling.GroupInstanceRefreshPreferencesArgs{\n\t\t\t\t\tMinHealthyPercentage: pulumi.Int(50),\n\t\t\t\t},\n\t\t\t\tTriggers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"tag\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInstanceRefreshArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInstanceRefreshPreferencesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-hvm-*-x86_64-gp2\")\n .build())\n .build());\n\n var exampleLaunchTemplate = new LaunchTemplate(\"exampleLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(example.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.nano\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(2)\n .minSize(1)\n .launchTemplate(GroupLaunchTemplateArgs.builder()\n .id(exampleLaunchTemplate.id())\n .version(exampleLaunchTemplate.latestVersion())\n .build())\n .tags(GroupTagArgs.builder()\n .key(\"Key\")\n .value(\"Value\")\n .propagateAtLaunch(true)\n .build())\n .instanceRefresh(GroupInstanceRefreshArgs.builder()\n .strategy(\"Rolling\")\n .preferences(GroupInstanceRefreshPreferencesArgs.builder()\n .minHealthyPercentage(50)\n .build())\n .triggers(\"tag\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 2\n minSize: 1\n launchTemplate:\n id: ${exampleLaunchTemplate.id}\n version: ${exampleLaunchTemplate.latestVersion}\n tags:\n - key: Key\n value: Value\n propagateAtLaunch: true\n instanceRefresh:\n strategy: Rolling\n preferences:\n minHealthyPercentage: 50\n triggers:\n - tag\n exampleLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n name: example\n properties:\n imageId: ${example.id}\n instanceType: t3.nano\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - amzn-ami-hvm-*-x86_64-gp2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Auto Scaling group with Warm Pool\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 5,\n minSize: 1,\n warmPool: {\n poolState: \"Hibernated\",\n minSize: 1,\n maxGroupPreparedCapacity: 10,\n instanceReusePolicy: {\n reuseOnScaleIn: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=5,\n min_size=1,\n warm_pool=aws.autoscaling.GroupWarmPoolArgs(\n pool_state=\"Hibernated\",\n min_size=1,\n max_group_prepared_capacity=10,\n instance_reuse_policy=aws.autoscaling.GroupWarmPoolInstanceReusePolicyArgs(\n reuse_on_scale_in=True,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 5,\n MinSize = 1,\n WarmPool = new Aws.AutoScaling.Inputs.GroupWarmPoolArgs\n {\n PoolState = \"Hibernated\",\n MinSize = 1,\n MaxGroupPreparedCapacity = 10,\n InstanceReusePolicy = new Aws.AutoScaling.Inputs.GroupWarmPoolInstanceReusePolicyArgs\n {\n ReuseOnScaleIn = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tWarmPool: \u0026autoscaling.GroupWarmPoolArgs{\n\t\t\t\tPoolState: pulumi.String(\"Hibernated\"),\n\t\t\t\tMinSize: pulumi.Int(1),\n\t\t\t\tMaxGroupPreparedCapacity: pulumi.Int(10),\n\t\t\t\tInstanceReusePolicy: \u0026autoscaling.GroupWarmPoolInstanceReusePolicyArgs{\n\t\t\t\t\tReuseOnScaleIn: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupWarmPoolArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupWarmPoolInstanceReusePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(5)\n .minSize(1)\n .warmPool(GroupWarmPoolArgs.builder()\n .poolState(\"Hibernated\")\n .minSize(1)\n .maxGroupPreparedCapacity(10)\n .instanceReusePolicy(GroupWarmPoolInstanceReusePolicyArgs.builder()\n .reuseOnScaleIn(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 5\n minSize: 1\n warmPool:\n poolState: Hibernated\n minSize: 1\n maxGroupPreparedCapacity: 10\n instanceReusePolicy:\n reuseOnScaleIn: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Auto Scaling group with Traffic Sources\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.autoscaling.Group(\"test\", {\n trafficSources: testAwsVpclatticeTargetGroup.map(__item =\u003e __item).map((v, k) =\u003e ({key: k, value: v})).map(entry =\u003e ({\n identifier: entry.value.arn,\n type: \"vpc-lattice\",\n })),\n vpcZoneIdentifiers: testAwsSubnet.id,\n maxSize: 1,\n minSize: 1,\n forceDelete: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.autoscaling.Group(\"test\",\n traffic_sources=[aws.autoscaling.GroupTrafficSourceArgs(\n identifier=entry[\"value\"][\"arn\"],\n type=\"vpc-lattice\",\n ) for entry in [{\"key\": k, \"value\": v} for k, v in [__item for __item in test_aws_vpclattice_target_group]]],\n vpc_zone_identifiers=test_aws_subnet[\"id\"],\n max_size=1,\n min_size=1,\n force_delete=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.AutoScaling.Group(\"test\", new()\n {\n TrafficSources = testAwsVpclatticeTargetGroup.Select(__item =\u003e __item).ToList().Select((v, k) =\u003e new { Key = k, Value = v }).Select(entry =\u003e \n {\n return new Aws.AutoScaling.Inputs.GroupTrafficSourceArgs\n {\n Identifier = entry.Value.Arn,\n Type = \"vpc-lattice\",\n };\n }).ToList(),\n VpcZoneIdentifiers = testAwsSubnet.Id,\n MaxSize = 1,\n MinSize = 1,\n ForceDelete = true,\n });\n\n});\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Waiting for Capacity\n\nA newly-created ASG is initially empty and begins to scale to `min_size` (or\n`desired_capacity`, if specified) by launching instances using the provided\nLaunch Configuration. These instances take time to launch and boot.\n\nOn ASG Update, changes to these values also take time to result in the target\nnumber of instances providing service.\n\nThis provider provides two mechanisms to help consistently manage ASG scale up\ntime across dependent resources.\n\n#### Waiting for ASG Capacity\n\nThe first is default behavior. This provider waits after ASG creation for\n`min_size` (or `desired_capacity`, if specified) healthy instances to show up\nin the ASG before continuing.\n\nIf `min_size` or `desired_capacity` are changed in a subsequent update,\nthis provider will also wait for the correct number of healthy instances before\ncontinuing.\n\nThis provider considers an instance \"healthy\" when the ASG reports `HealthStatus:\n\"Healthy\"` and `LifecycleState: \"InService\"`. See the [AWS AutoScaling\nDocs](https://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AutoScalingGroupLifecycle.html)\nfor more information on an ASG's lifecycle.\n\nThis provider will wait for healthy instances for up to\n`wait_for_capacity_timeout`. If ASG creation is taking more than a few minutes,\nit's worth investigating for scaling activity errors, which can be caused by\nproblems with the selected Launch Configuration.\n\nSetting `wait_for_capacity_timeout` to `\"0\"` disables ASG Capacity waiting.\n\n#### Waiting for ELB Capacity\n\nThe second mechanism is optional, and affects ASGs with attached ELBs specified\nvia the `load_balancers` attribute or with ALBs specified with `target_group_arns`.\n\nThe `min_elb_capacity` parameter causes the provider to wait for at least the\nrequested number of instances to show up `\"InService\"` in all attached ELBs\nduring ASG creation. It has no effect on ASG updates.\n\nIf `wait_for_elb_capacity` is set, the provider will wait for exactly that number\nof Instances to be `\"InService\"` in all attached ELBs on both creation and\nupdates.\n\nThese parameters can be used to ensure that service is being provided before\nthe provider moves on. If new instances don't pass the ELB's health checks for any\nreason, the apply will time out, and the ASG will be marked as\ntainted (i.e., marked to be destroyed in a follow up run).\n\nAs with ASG Capacity, the provider will wait for up to `wait_for_capacity_timeout`\nfor the proper number of instances to be healthy.\n\n#### Troubleshooting Capacity Waiting Timeouts\n\nIf ASG creation takes more than a few minutes, this could indicate one of a\nnumber of configuration problems. See the [AWS Docs on Load Balancer\nTroubleshooting](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-troubleshooting.html)\nfor more information.\n\n## Import\n\nUsing `pulumi import`, import Auto Scaling Groups using the `name`. For example:\n\n```sh\n$ pulumi import aws:autoscaling/group:Group web web-asg\n```\n", + "description": "Provides an Auto Scaling Group resource.\n\n\u003e **Note:** You must specify either `launch_configuration`, `launch_template`, or `mixed_instances_policy`.\n\n\u003e **NOTE on Auto Scaling Groups, Attachments and Traffic Source Attachments:** Pulumi provides standalone Attachment (for attaching Classic Load Balancers and Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target groups) and Traffic Source Attachment (for attaching Load Balancers and VPC Lattice target groups) resources and an Auto Scaling Group resource with `load_balancers`, `target_group_arns` and `traffic_source` attributes. Do not use the same traffic source in more than one of these resources. Doing so will cause a conflict of attachments. A `lifecycle` configuration block can be used to suppress differences if necessary.\n\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ec2.PlacementGroup(\"test\", {\n name: \"test\",\n strategy: aws.ec2.PlacementStrategy.Cluster,\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n name: \"foobar3-test\",\n maxSize: 5,\n minSize: 2,\n healthCheckGracePeriod: 300,\n healthCheckType: \"ELB\",\n desiredCapacity: 4,\n forceDelete: true,\n placementGroup: test.id,\n launchConfiguration: foobar.name,\n vpcZoneIdentifiers: [\n example1.id,\n example2.id,\n ],\n instanceMaintenancePolicy: {\n minHealthyPercentage: 90,\n maxHealthyPercentage: 120,\n },\n initialLifecycleHooks: [{\n name: \"foobar\",\n defaultResult: \"CONTINUE\",\n heartbeatTimeout: 2000,\n lifecycleTransition: \"autoscaling:EC2_INSTANCE_LAUNCHING\",\n notificationMetadata: JSON.stringify({\n foo: \"bar\",\n }),\n notificationTargetArn: \"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n roleArn: \"arn:aws:iam::123456789012:role/S3Access\",\n }],\n tags: [\n {\n key: \"foo\",\n value: \"bar\",\n propagateAtLaunch: true,\n },\n {\n key: \"lorem\",\n value: \"ipsum\",\n propagateAtLaunch: false,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest = aws.ec2.PlacementGroup(\"test\",\n name=\"test\",\n strategy=aws.ec2.PlacementStrategy.CLUSTER)\nbar = aws.autoscaling.Group(\"bar\",\n name=\"foobar3-test\",\n max_size=5,\n min_size=2,\n health_check_grace_period=300,\n health_check_type=\"ELB\",\n desired_capacity=4,\n force_delete=True,\n placement_group=test.id,\n launch_configuration=foobar[\"name\"],\n vpc_zone_identifiers=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n instance_maintenance_policy=aws.autoscaling.GroupInstanceMaintenancePolicyArgs(\n min_healthy_percentage=90,\n max_healthy_percentage=120,\n ),\n initial_lifecycle_hooks=[aws.autoscaling.GroupInitialLifecycleHookArgs(\n name=\"foobar\",\n default_result=\"CONTINUE\",\n heartbeat_timeout=2000,\n lifecycle_transition=\"autoscaling:EC2_INSTANCE_LAUNCHING\",\n notification_metadata=json.dumps({\n \"foo\": \"bar\",\n }),\n notification_target_arn=\"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n role_arn=\"arn:aws:iam::123456789012:role/S3Access\",\n )],\n tags=[\n aws.autoscaling.GroupTagArgs(\n key=\"foo\",\n value=\"bar\",\n propagate_at_launch=True,\n ),\n aws.autoscaling.GroupTagArgs(\n key=\"lorem\",\n value=\"ipsum\",\n propagate_at_launch=False,\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Ec2.PlacementGroup(\"test\", new()\n {\n Name = \"test\",\n Strategy = Aws.Ec2.PlacementStrategy.Cluster,\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n Name = \"foobar3-test\",\n MaxSize = 5,\n MinSize = 2,\n HealthCheckGracePeriod = 300,\n HealthCheckType = \"ELB\",\n DesiredCapacity = 4,\n ForceDelete = true,\n PlacementGroup = test.Id,\n LaunchConfiguration = foobar.Name,\n VpcZoneIdentifiers = new[]\n {\n example1.Id,\n example2.Id,\n },\n InstanceMaintenancePolicy = new Aws.AutoScaling.Inputs.GroupInstanceMaintenancePolicyArgs\n {\n MinHealthyPercentage = 90,\n MaxHealthyPercentage = 120,\n },\n InitialLifecycleHooks = new[]\n {\n new Aws.AutoScaling.Inputs.GroupInitialLifecycleHookArgs\n {\n Name = \"foobar\",\n DefaultResult = \"CONTINUE\",\n HeartbeatTimeout = 2000,\n LifecycleTransition = \"autoscaling:EC2_INSTANCE_LAUNCHING\",\n NotificationMetadata = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"foo\"] = \"bar\",\n }),\n NotificationTargetArn = \"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n RoleArn = \"arn:aws:iam::123456789012:role/S3Access\",\n },\n },\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"foo\",\n Value = \"bar\",\n PropagateAtLaunch = true,\n },\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"lorem\",\n Value = \"ipsum\",\n PropagateAtLaunch = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.NewPlacementGroup(ctx, \"test\", \u0026ec2.PlacementGroupArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tStrategy: pulumi.String(ec2.PlacementStrategyCluster),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"foo\": \"bar\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tName: pulumi.String(\"foobar3-test\"),\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(2),\n\t\t\tHealthCheckGracePeriod: pulumi.Int(300),\n\t\t\tHealthCheckType: pulumi.String(\"ELB\"),\n\t\t\tDesiredCapacity: pulumi.Int(4),\n\t\t\tForceDelete: pulumi.Bool(true),\n\t\t\tPlacementGroup: test.ID(),\n\t\t\tLaunchConfiguration: pulumi.Any(foobar.Name),\n\t\t\tVpcZoneIdentifiers: pulumi.StringArray{\n\t\t\t\texample1.Id,\n\t\t\t\texample2.Id,\n\t\t\t},\n\t\t\tInstanceMaintenancePolicy: \u0026autoscaling.GroupInstanceMaintenancePolicyArgs{\n\t\t\t\tMinHealthyPercentage: pulumi.Int(90),\n\t\t\t\tMaxHealthyPercentage: pulumi.Int(120),\n\t\t\t},\n\t\t\tInitialLifecycleHooks: autoscaling.GroupInitialLifecycleHookArray{\n\t\t\t\t\u0026autoscaling.GroupInitialLifecycleHookArgs{\n\t\t\t\t\tName: pulumi.String(\"foobar\"),\n\t\t\t\t\tDefaultResult: pulumi.String(\"CONTINUE\"),\n\t\t\t\t\tHeartbeatTimeout: pulumi.Int(2000),\n\t\t\t\t\tLifecycleTransition: pulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCHING\"),\n\t\t\t\t\tNotificationMetadata: pulumi.String(json0),\n\t\t\t\t\tNotificationTargetArn: pulumi.String(\"arn:aws:sqs:us-east-1:444455556666:queue1*\"),\n\t\t\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::123456789012:role/S3Access\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"lorem\"),\n\t\t\t\t\tValue: pulumi.String(\"ipsum\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.PlacementGroup;\nimport com.pulumi.aws.ec2.PlacementGroupArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInstanceMaintenancePolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInitialLifecycleHookArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new PlacementGroup(\"test\", PlacementGroupArgs.builder() \n .name(\"test\")\n .strategy(\"cluster\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .name(\"foobar3-test\")\n .maxSize(5)\n .minSize(2)\n .healthCheckGracePeriod(300)\n .healthCheckType(\"ELB\")\n .desiredCapacity(4)\n .forceDelete(true)\n .placementGroup(test.id())\n .launchConfiguration(foobar.name())\n .vpcZoneIdentifiers( \n example1.id(),\n example2.id())\n .instanceMaintenancePolicy(GroupInstanceMaintenancePolicyArgs.builder()\n .minHealthyPercentage(90)\n .maxHealthyPercentage(120)\n .build())\n .initialLifecycleHooks(GroupInitialLifecycleHookArgs.builder()\n .name(\"foobar\")\n .defaultResult(\"CONTINUE\")\n .heartbeatTimeout(2000)\n .lifecycleTransition(\"autoscaling:EC2_INSTANCE_LAUNCHING\")\n .notificationMetadata(serializeJson(\n jsonObject(\n jsonProperty(\"foo\", \"bar\")\n )))\n .notificationTargetArn(\"arn:aws:sqs:us-east-1:444455556666:queue1*\")\n .roleArn(\"arn:aws:iam::123456789012:role/S3Access\")\n .build())\n .tags( \n GroupTagArgs.builder()\n .key(\"foo\")\n .value(\"bar\")\n .propagateAtLaunch(true)\n .build(),\n GroupTagArgs.builder()\n .key(\"lorem\")\n .value(\"ipsum\")\n .propagateAtLaunch(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:PlacementGroup\n properties:\n name: test\n strategy: cluster\n bar:\n type: aws:autoscaling:Group\n properties:\n name: foobar3-test\n maxSize: 5\n minSize: 2\n healthCheckGracePeriod: 300\n healthCheckType: ELB\n desiredCapacity: 4\n forceDelete: true\n placementGroup: ${test.id}\n launchConfiguration: ${foobar.name}\n vpcZoneIdentifiers:\n - ${example1.id}\n - ${example2.id}\n instanceMaintenancePolicy:\n minHealthyPercentage: 90\n maxHealthyPercentage: 120\n initialLifecycleHooks:\n - name: foobar\n defaultResult: CONTINUE\n heartbeatTimeout: 2000\n lifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING\n notificationMetadata:\n fn::toJSON:\n foo: bar\n notificationTargetArn: arn:aws:sqs:us-east-1:444455556666:queue1*\n roleArn: arn:aws:iam::123456789012:role/S3Access\n tags:\n - key: foo\n value: bar\n propagateAtLaunch: true\n - key: lorem\n value: ipsum\n propagateAtLaunch: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Latest Version Of Launch Template\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobar = new aws.ec2.LaunchTemplate(\"foobar\", {\n namePrefix: \"foobar\",\n imageId: \"ami-1a2b3c\",\n instanceType: \"t2.micro\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n launchTemplate: {\n id: foobar.id,\n version: \"$Latest\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar = aws.ec2.LaunchTemplate(\"foobar\",\n name_prefix=\"foobar\",\n image_id=\"ami-1a2b3c\",\n instance_type=\"t2.micro\")\nbar = aws.autoscaling.Group(\"bar\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n launch_template=aws.autoscaling.GroupLaunchTemplateArgs(\n id=foobar.id,\n version=\"$Latest\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foobar = new Aws.Ec2.LaunchTemplate(\"foobar\", new()\n {\n NamePrefix = \"foobar\",\n ImageId = \"ami-1a2b3c\",\n InstanceType = \"t2.micro\",\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupLaunchTemplateArgs\n {\n Id = foobar.Id,\n Version = \"$Latest\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobar, err := ec2.NewLaunchTemplate(ctx, \"foobar\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"foobar\"),\n\t\t\tImageId: pulumi.String(\"ami-1a2b3c\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tLaunchTemplate: \u0026autoscaling.GroupLaunchTemplateArgs{\n\t\t\t\tId: foobar.ID(),\n\t\t\t\tVersion: pulumi.String(\"$Latest\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foobar = new LaunchTemplate(\"foobar\", LaunchTemplateArgs.builder() \n .namePrefix(\"foobar\")\n .imageId(\"ami-1a2b3c\")\n .instanceType(\"t2.micro\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .launchTemplate(GroupLaunchTemplateArgs.builder()\n .id(foobar.id())\n .version(\"$Latest\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foobar:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: foobar\n imageId: ami-1a2b3c\n instanceType: t2.micro\n bar:\n type: aws:autoscaling:Group\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n launchTemplate:\n id: ${foobar.id}\n version: $Latest\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c3.large\",\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c3.large\",\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c3.large\",\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c3.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides( \n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c4.large\")\n .weightedCapacity(\"3\")\n .build(),\n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c3.large\")\n .weightedCapacity(\"2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n mixedInstancesPolicy:\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceType: c4.large\n weightedCapacity: '3'\n - instanceType: c3.large\n weightedCapacity: '2'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy with Spot Instances and Capacity Rebalance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n capacityRebalance: true,\n desiredCapacity: 12,\n maxSize: 15,\n minSize: 12,\n vpcZoneIdentifiers: [\n example1.id,\n example2.id,\n ],\n mixedInstancesPolicy: {\n instancesDistribution: {\n onDemandBaseCapacity: 0,\n onDemandPercentageAboveBaseCapacity: 25,\n spotAllocationStrategy: \"capacity-optimized\",\n },\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c3.large\",\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n capacity_rebalance=True,\n desired_capacity=12,\n max_size=15,\n min_size=12,\n vpc_zone_identifiers=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n instances_distribution=aws.autoscaling.GroupMixedInstancesPolicyInstancesDistributionArgs(\n on_demand_base_capacity=0,\n on_demand_percentage_above_base_capacity=25,\n spot_allocation_strategy=\"capacity-optimized\",\n ),\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c3.large\",\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n CapacityRebalance = true,\n DesiredCapacity = 12,\n MaxSize = 15,\n MinSize = 12,\n VpcZoneIdentifiers = new[]\n {\n example1.Id,\n example2.Id,\n },\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n InstancesDistribution = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyInstancesDistributionArgs\n {\n OnDemandBaseCapacity = 0,\n OnDemandPercentageAboveBaseCapacity = 25,\n SpotAllocationStrategy = \"capacity-optimized\",\n },\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c3.large\",\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tCapacityRebalance: pulumi.Bool(true),\n\t\t\tDesiredCapacity: pulumi.Int(12),\n\t\t\tMaxSize: pulumi.Int(15),\n\t\t\tMinSize: pulumi.Int(12),\n\t\t\tVpcZoneIdentifiers: pulumi.StringArray{\n\t\t\t\texample1.Id,\n\t\t\t\texample2.Id,\n\t\t\t},\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tInstancesDistribution: \u0026autoscaling.GroupMixedInstancesPolicyInstancesDistributionArgs{\n\t\t\t\t\tOnDemandBaseCapacity: pulumi.Int(0),\n\t\t\t\t\tOnDemandPercentageAboveBaseCapacity: pulumi.Int(25),\n\t\t\t\t\tSpotAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t},\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c3.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyInstancesDistributionArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .capacityRebalance(true)\n .desiredCapacity(12)\n .maxSize(15)\n .minSize(12)\n .vpcZoneIdentifiers( \n example1.id(),\n example2.id())\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .instancesDistribution(GroupMixedInstancesPolicyInstancesDistributionArgs.builder()\n .onDemandBaseCapacity(0)\n .onDemandPercentageAboveBaseCapacity(25)\n .spotAllocationStrategy(\"capacity-optimized\")\n .build())\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides( \n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c4.large\")\n .weightedCapacity(\"3\")\n .build(),\n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c3.large\")\n .weightedCapacity(\"2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n capacityRebalance: true\n desiredCapacity: 12\n maxSize: 15\n minSize: 12\n vpcZoneIdentifiers:\n - ${example1.id}\n - ${example2.id}\n mixedInstancesPolicy:\n instancesDistribution:\n onDemandBaseCapacity: 0\n onDemandPercentageAboveBaseCapacity: 25\n spotAllocationStrategy: capacity-optimized\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceType: c4.large\n weightedCapacity: '3'\n - instanceType: c3.large\n weightedCapacity: '2'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy with Instance level LaunchTemplateSpecification Overrides\n\nWhen using a diverse instance set, some instance types might require a launch template with configuration values unique to that instance type such as a different AMI (Graviton2), architecture specific user data script, different EBS configuration, or different networking configuration.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst example2 = new aws.ec2.LaunchTemplate(\"example2\", {\n namePrefix: \"example2\",\n imageId: example2AwsAmi.id,\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c6g.large\",\n launchTemplateSpecification: {\n launchTemplateId: example2.id,\n },\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample2 = aws.ec2.LaunchTemplate(\"example2\",\n name_prefix=\"example2\",\n image_id=example2_aws_ami[\"id\"])\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c6g.large\",\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs(\n launch_template_id=example2.id,\n ),\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var example2 = new Aws.Ec2.LaunchTemplate(\"example2\", new()\n {\n NamePrefix = \"example2\",\n ImageId = example2AwsAmi.Id,\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c6g.large\",\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example2.Id,\n },\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample2, err := ec2.NewLaunchTemplate(ctx, \"example2\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example2\"),\n\t\t\tImageId: pulumi.Any(example2AwsAmi.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c6g.large\"),\n\t\t\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\t\t\tLaunchTemplateId: example2.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var example2 = new LaunchTemplate(\"example2\", LaunchTemplateArgs.builder() \n .namePrefix(\"example2\")\n .imageId(example2AwsAmi.id())\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides( \n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c4.large\")\n .weightedCapacity(\"3\")\n .build(),\n GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceType(\"c6g.large\")\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example2.id())\n .build())\n .weightedCapacity(\"2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n example2:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example2\n imageId: ${example2AwsAmi.id}\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n mixedInstancesPolicy:\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceType: c4.large\n weightedCapacity: '3'\n - instanceType: c6g.large\n launchTemplateSpecification:\n launchTemplateId: ${example2.id}\n weightedCapacity: '2'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Mixed Instances Policy with Attribute-based Instance Type Selection\n\nAs an alternative to manually choosing instance types when creating a mixed instances group, you can specify a set of instance attributes that describe your compute requirements.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: example.id,\n },\n overrides: [{\n instanceRequirements: {\n memoryMib: {\n min: 1000,\n },\n vcpuCount: {\n min: 4,\n },\n },\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example.id,\n ),\n overrides=[aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_requirements=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs(\n memory_mib=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs(\n min=1000,\n ),\n vcpu_count=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs(\n min=4,\n ),\n ),\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example.Id,\n },\n Overrides = new[]\n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceRequirements = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs\n {\n MemoryMib = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs\n {\n Min = 1000,\n },\n VcpuCount = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs\n {\n Min = 4,\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: \u0026autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: example.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t\u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceRequirements: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs{\n\t\t\t\t\t\t\t\tMemoryMib: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs{\n\t\t\t\t\t\t\t\t\tMin: pulumi.Int(1000),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tVcpuCount: \u0026autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs{\n\t\t\t\t\t\t\t\t\tMin: pulumi.Int(4),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(1)\n .minSize(1)\n .mixedInstancesPolicy(GroupMixedInstancesPolicyArgs.builder()\n .launchTemplate(GroupMixedInstancesPolicyLaunchTemplateArgs.builder()\n .launchTemplateSpecification(GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs.builder()\n .launchTemplateId(example.id())\n .build())\n .overrides(GroupMixedInstancesPolicyLaunchTemplateOverrideArgs.builder()\n .instanceRequirements(GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsArgs.builder()\n .memoryMib(GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMibArgs.builder()\n .min(1000)\n .build())\n .vcpuCount(GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCountArgs.builder()\n .min(4)\n .build())\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 1\n minSize: 1\n mixedInstancesPolicy:\n launchTemplate:\n launchTemplateSpecification:\n launchTemplateId: ${example.id}\n overrides:\n - instanceRequirements:\n memoryMib:\n min: 1000\n vcpuCount:\n min: 4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Dynamic tagging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst extraTags = config.getObject(\"extraTags\") || [\n {\n key: \"Foo\",\n propagateAtLaunch: true,\n value: \"Bar\",\n },\n {\n key: \"Baz\",\n propagateAtLaunch: true,\n value: \"Bam\",\n },\n];\nconst test = new aws.autoscaling.Group(\"test\", {\n tags: [\n {\n key: \"explicit1\",\n value: \"value1\",\n propagateAtLaunch: true,\n },\n {\n key: \"explicit2\",\n value: \"value2\",\n propagateAtLaunch: true,\n },\n ],\n name: \"foobar3-test\",\n maxSize: 5,\n minSize: 2,\n launchConfiguration: foobar.name,\n vpcZoneIdentifiers: [\n example1.id,\n example2.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nextra_tags = config.get_object(\"extraTags\")\nif extra_tags is None:\n extra_tags = [\n {\n \"key\": \"Foo\",\n \"propagateAtLaunch\": True,\n \"value\": \"Bar\",\n },\n {\n \"key\": \"Baz\",\n \"propagateAtLaunch\": True,\n \"value\": \"Bam\",\n },\n ]\ntest = aws.autoscaling.Group(\"test\",\n tags=[\n aws.autoscaling.GroupTagArgs(\n key=\"explicit1\",\n value=\"value1\",\n propagate_at_launch=True,\n ),\n aws.autoscaling.GroupTagArgs(\n key=\"explicit2\",\n value=\"value2\",\n propagate_at_launch=True,\n ),\n ],\n name=\"foobar3-test\",\n max_size=5,\n min_size=2,\n launch_configuration=foobar[\"name\"],\n vpc_zone_identifiers=[\n example1[\"id\"],\n example2[\"id\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var extraTags = config.GetObject\u003cdynamic\u003e(\"extraTags\") ?? new[]\n {\n \n {\n { \"key\", \"Foo\" },\n { \"propagateAtLaunch\", true },\n { \"value\", \"Bar\" },\n },\n \n {\n { \"key\", \"Baz\" },\n { \"propagateAtLaunch\", true },\n { \"value\", \"Bam\" },\n },\n };\n var test = new Aws.AutoScaling.Group(\"test\", new()\n {\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"explicit1\",\n Value = \"value1\",\n PropagateAtLaunch = true,\n },\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"explicit2\",\n Value = \"value2\",\n PropagateAtLaunch = true,\n },\n },\n Name = \"foobar3-test\",\n MaxSize = 5,\n MinSize = 2,\n LaunchConfiguration = foobar.Name,\n VpcZoneIdentifiers = new[]\n {\n example1.Id,\n example2.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\textraTags := []map[string]interface{}{\n\t\t\tmap[string]interface{}{\n\t\t\t\t\"key\": \"Foo\",\n\t\t\t\t\"propagateAtLaunch\": true,\n\t\t\t\t\"value\": \"Bar\",\n\t\t\t},\n\t\t\tmap[string]interface{}{\n\t\t\t\t\"key\": \"Baz\",\n\t\t\t\t\"propagateAtLaunch\": true,\n\t\t\t\t\"value\": \"Bam\",\n\t\t\t},\n\t\t}\n\t\tif param := cfg.GetObject(\"extraTags\"); param != nil {\n\t\t\textraTags = param\n\t\t}\n\t\t_, err := autoscaling.NewGroup(ctx, \"test\", \u0026autoscaling.GroupArgs{\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"explicit1\"),\n\t\t\t\t\tValue: pulumi.String(\"value1\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"explicit2\"),\n\t\t\t\t\tValue: pulumi.String(\"value2\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"foobar3-test\"),\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(2),\n\t\t\tLaunchConfiguration: pulumi.Any(foobar.Name),\n\t\t\tVpcZoneIdentifiers: pulumi.StringArray{\n\t\t\t\texample1.Id,\n\t\t\t\texample2.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var extraTags = config.get(\"extraTags\").orElse( \n %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),\n %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n var test = new Group(\"test\", GroupArgs.builder() \n .tags( \n GroupTagArgs.builder()\n .key(\"explicit1\")\n .value(\"value1\")\n .propagateAtLaunch(true)\n .build(),\n GroupTagArgs.builder()\n .key(\"explicit2\")\n .value(\"value2\")\n .propagateAtLaunch(true)\n .build())\n .name(\"foobar3-test\")\n .maxSize(5)\n .minSize(2)\n .launchConfiguration(foobar.name())\n .vpcZoneIdentifiers( \n example1.id(),\n example2.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n extraTags:\n type: dynamic\n default:\n - key: Foo\n propagateAtLaunch: true\n value: Bar\n - key: Baz\n propagateAtLaunch: true\n value: Bam\nresources:\n test:\n type: aws:autoscaling:Group\n properties:\n tags:\n - key: explicit1\n value: value1\n propagateAtLaunch: true\n - key: explicit2\n value: value2\n propagateAtLaunch: true\n name: foobar3-test\n maxSize: 5\n minSize: 2\n launchConfiguration: ${foobar.name}\n vpcZoneIdentifiers:\n - ${example1.id}\n - ${example2.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Automatically refresh all instances after the group is updated\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-hvm-*-x86_64-gp2\"],\n }],\n});\nconst exampleLaunchTemplate = new aws.ec2.LaunchTemplate(\"example\", {\n imageId: example.then(example =\u003e example.id),\n instanceType: \"t3.nano\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 2,\n minSize: 1,\n launchTemplate: {\n id: exampleLaunchTemplate.id,\n version: exampleLaunchTemplate.latestVersion,\n },\n tags: [{\n key: \"Key\",\n value: \"Value\",\n propagateAtLaunch: true,\n }],\n instanceRefresh: {\n strategy: \"Rolling\",\n preferences: {\n minHealthyPercentage: 50,\n },\n triggers: [\"tag\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*-x86_64-gp2\"],\n )])\nexample_launch_template = aws.ec2.LaunchTemplate(\"example\",\n image_id=example.id,\n instance_type=\"t3.nano\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=2,\n min_size=1,\n launch_template=aws.autoscaling.GroupLaunchTemplateArgs(\n id=example_launch_template.id,\n version=example_launch_template.latest_version,\n ),\n tags=[aws.autoscaling.GroupTagArgs(\n key=\"Key\",\n value=\"Value\",\n propagate_at_launch=True,\n )],\n instance_refresh=aws.autoscaling.GroupInstanceRefreshArgs(\n strategy=\"Rolling\",\n preferences=aws.autoscaling.GroupInstanceRefreshPreferencesArgs(\n min_healthy_percentage=50,\n ),\n triggers=[\"tag\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-hvm-*-x86_64-gp2\",\n },\n },\n },\n });\n\n var exampleLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n ImageId = example.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t3.nano\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 2,\n MinSize = 1,\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupLaunchTemplateArgs\n {\n Id = exampleLaunchTemplate.Id,\n Version = exampleLaunchTemplate.LatestVersion,\n },\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"Key\",\n Value = \"Value\",\n PropagateAtLaunch = true,\n },\n },\n InstanceRefresh = new Aws.AutoScaling.Inputs.GroupInstanceRefreshArgs\n {\n Strategy = \"Rolling\",\n Preferences = new Aws.AutoScaling.Inputs.GroupInstanceRefreshPreferencesArgs\n {\n MinHealthyPercentage = 50,\n },\n Triggers = new[]\n {\n \"tag\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*-x86_64-gp2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(example.Id),\n\t\t\tInstanceType: pulumi.String(\"t3.nano\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(2),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tLaunchTemplate: \u0026autoscaling.GroupLaunchTemplateArgs{\n\t\t\t\tId: exampleLaunchTemplate.ID(),\n\t\t\t\tVersion: exampleLaunchTemplate.LatestVersion,\n\t\t\t},\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"Key\"),\n\t\t\t\t\tValue: pulumi.String(\"Value\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceRefresh: \u0026autoscaling.GroupInstanceRefreshArgs{\n\t\t\t\tStrategy: pulumi.String(\"Rolling\"),\n\t\t\t\tPreferences: \u0026autoscaling.GroupInstanceRefreshPreferencesArgs{\n\t\t\t\t\tMinHealthyPercentage: pulumi.Int(50),\n\t\t\t\t},\n\t\t\t\tTriggers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"tag\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupLaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInstanceRefreshArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupInstanceRefreshPreferencesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-hvm-*-x86_64-gp2\")\n .build())\n .build());\n\n var exampleLaunchTemplate = new LaunchTemplate(\"exampleLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(example.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.nano\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(2)\n .minSize(1)\n .launchTemplate(GroupLaunchTemplateArgs.builder()\n .id(exampleLaunchTemplate.id())\n .version(exampleLaunchTemplate.latestVersion())\n .build())\n .tags(GroupTagArgs.builder()\n .key(\"Key\")\n .value(\"Value\")\n .propagateAtLaunch(true)\n .build())\n .instanceRefresh(GroupInstanceRefreshArgs.builder()\n .strategy(\"Rolling\")\n .preferences(GroupInstanceRefreshPreferencesArgs.builder()\n .minHealthyPercentage(50)\n .build())\n .triggers(\"tag\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 2\n minSize: 1\n launchTemplate:\n id: ${exampleLaunchTemplate.id}\n version: ${exampleLaunchTemplate.latestVersion}\n tags:\n - key: Key\n value: Value\n propagateAtLaunch: true\n instanceRefresh:\n strategy: Rolling\n preferences:\n minHealthyPercentage: 50\n triggers:\n - tag\n exampleLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n name: example\n properties:\n imageId: ${example.id}\n instanceType: t3.nano\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - amzn-ami-hvm-*-x86_64-gp2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Auto Scaling group with Warm Pool\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LaunchTemplate(\"example\", {\n namePrefix: \"example\",\n imageId: exampleAwsAmi.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"example\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 5,\n minSize: 1,\n warmPool: {\n poolState: \"Hibernated\",\n minSize: 1,\n maxGroupPreparedCapacity: 10,\n instanceReusePolicy: {\n reuseOnScaleIn: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LaunchTemplate(\"example\",\n name_prefix=\"example\",\n image_id=example_aws_ami[\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"example\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=5,\n min_size=1,\n warm_pool=aws.autoscaling.GroupWarmPoolArgs(\n pool_state=\"Hibernated\",\n min_size=1,\n max_group_prepared_capacity=10,\n instance_reuse_policy=aws.autoscaling.GroupWarmPoolInstanceReusePolicyArgs(\n reuse_on_scale_in=True,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.LaunchTemplate(\"example\", new()\n {\n NamePrefix = \"example\",\n ImageId = exampleAwsAmi.Id,\n InstanceType = \"c5.large\",\n });\n\n var exampleGroup = new Aws.AutoScaling.Group(\"example\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 5,\n MinSize = 1,\n WarmPool = new Aws.AutoScaling.Inputs.GroupWarmPoolArgs\n {\n PoolState = \"Hibernated\",\n MinSize = 1,\n MaxGroupPreparedCapacity = 10,\n InstanceReusePolicy = new Aws.AutoScaling.Inputs.GroupWarmPoolInstanceReusePolicyArgs\n {\n ReuseOnScaleIn = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewLaunchTemplate(ctx, \"example\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(exampleAwsAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"example\", \u0026autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tWarmPool: \u0026autoscaling.GroupWarmPoolArgs{\n\t\t\t\tPoolState: pulumi.String(\"Hibernated\"),\n\t\t\t\tMinSize: pulumi.Int(1),\n\t\t\t\tMaxGroupPreparedCapacity: pulumi.Int(10),\n\t\t\t\tInstanceReusePolicy: \u0026autoscaling.GroupWarmPoolInstanceReusePolicyArgs{\n\t\t\t\t\tReuseOnScaleIn: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupWarmPoolArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupWarmPoolInstanceReusePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LaunchTemplate(\"example\", LaunchTemplateArgs.builder() \n .namePrefix(\"example\")\n .imageId(exampleAwsAmi.id())\n .instanceType(\"c5.large\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .availabilityZones(\"us-east-1a\")\n .desiredCapacity(1)\n .maxSize(5)\n .minSize(1)\n .warmPool(GroupWarmPoolArgs.builder()\n .poolState(\"Hibernated\")\n .minSize(1)\n .maxGroupPreparedCapacity(10)\n .instanceReusePolicy(GroupWarmPoolInstanceReusePolicyArgs.builder()\n .reuseOnScaleIn(true)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:LaunchTemplate\n properties:\n namePrefix: example\n imageId: ${exampleAwsAmi.id}\n instanceType: c5.large\n exampleGroup:\n type: aws:autoscaling:Group\n name: example\n properties:\n availabilityZones:\n - us-east-1a\n desiredCapacity: 1\n maxSize: 5\n minSize: 1\n warmPool:\n poolState: Hibernated\n minSize: 1\n maxGroupPreparedCapacity: 10\n instanceReusePolicy:\n reuseOnScaleIn: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Auto Scaling group with Traffic Sources\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.autoscaling.Group(\"test\", {\n trafficSources: testAwsVpclatticeTargetGroup.map(__item =\u003e __item).map((v, k) =\u003e ({key: k, value: v})).map(entry =\u003e ({\n identifier: entry.value.arn,\n type: \"vpc-lattice\",\n })),\n vpcZoneIdentifiers: testAwsSubnet.id,\n maxSize: 1,\n minSize: 1,\n forceDelete: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.autoscaling.Group(\"test\",\n traffic_sources=[aws.autoscaling.GroupTrafficSourceArgs(\n identifier=entry[\"value\"][\"arn\"],\n type=\"vpc-lattice\",\n ) for entry in [{\"key\": k, \"value\": v} for k, v in [__item for __item in test_aws_vpclattice_target_group]]],\n vpc_zone_identifiers=test_aws_subnet[\"id\"],\n max_size=1,\n min_size=1,\n force_delete=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.AutoScaling.Group(\"test\", new()\n {\n TrafficSources = testAwsVpclatticeTargetGroup.Select(__item =\u003e __item).ToList().Select((v, k) =\u003e new { Key = k, Value = v }).Select(entry =\u003e \n {\n return new Aws.AutoScaling.Inputs.GroupTrafficSourceArgs\n {\n Identifier = entry.Value.Arn,\n Type = \"vpc-lattice\",\n };\n }).ToList(),\n VpcZoneIdentifiers = testAwsSubnet.Id,\n MaxSize = 1,\n MinSize = 1,\n ForceDelete = true,\n });\n\n});\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Waiting for Capacity\n\nA newly-created ASG is initially empty and begins to scale to `min_size` (or\n`desired_capacity`, if specified) by launching instances using the provided\nLaunch Configuration. These instances take time to launch and boot.\n\nOn ASG Update, changes to these values also take time to result in the target\nnumber of instances providing service.\n\nThis provider provides two mechanisms to help consistently manage ASG scale up\ntime across dependent resources.\n\n#### Waiting for ASG Capacity\n\nThe first is default behavior. This provider waits after ASG creation for\n`min_size` (or `desired_capacity`, if specified) healthy instances to show up\nin the ASG before continuing.\n\nIf `min_size` or `desired_capacity` are changed in a subsequent update,\nthis provider will also wait for the correct number of healthy instances before\ncontinuing.\n\nThis provider considers an instance \"healthy\" when the ASG reports `HealthStatus:\n\"Healthy\"` and `LifecycleState: \"InService\"`. See the [AWS AutoScaling\nDocs](https://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AutoScalingGroupLifecycle.html)\nfor more information on an ASG's lifecycle.\n\nThis provider will wait for healthy instances for up to\n`wait_for_capacity_timeout`. If ASG creation is taking more than a few minutes,\nit's worth investigating for scaling activity errors, which can be caused by\nproblems with the selected Launch Configuration.\n\nSetting `wait_for_capacity_timeout` to `\"0\"` disables ASG Capacity waiting.\n\n#### Waiting for ELB Capacity\n\nThe second mechanism is optional, and affects ASGs with attached ELBs specified\nvia the `load_balancers` attribute or with ALBs specified with `target_group_arns`.\n\nThe `min_elb_capacity` parameter causes the provider to wait for at least the\nrequested number of instances to show up `\"InService\"` in all attached ELBs\nduring ASG creation. It has no effect on ASG updates.\n\nIf `wait_for_elb_capacity` is set, the provider will wait for exactly that number\nof Instances to be `\"InService\"` in all attached ELBs on both creation and\nupdates.\n\nThese parameters can be used to ensure that service is being provided before\nthe provider moves on. If new instances don't pass the ELB's health checks for any\nreason, the apply will time out, and the ASG will be marked as\ntainted (i.e., marked to be destroyed in a follow up run).\n\nAs with ASG Capacity, the provider will wait for up to `wait_for_capacity_timeout`\nfor the proper number of instances to be healthy.\n\n#### Troubleshooting Capacity Waiting Timeouts\n\nIf ASG creation takes more than a few minutes, this could indicate one of a\nnumber of configuration problems. See the [AWS Docs on Load Balancer\nTroubleshooting](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-troubleshooting.html)\nfor more information.\n\n## Import\n\nUsing `pulumi import`, import Auto Scaling Groups using the `name`. For example:\n\n```sh\n$ pulumi import aws:autoscaling/group:Group web web-asg\n```\n", "properties": { "arn": { "type": "string", @@ -172359,7 +172359,7 @@ } }, "aws:backup/selection:Selection": { - "description": "Manages selection conditions for AWS Backup plan resources.\n\n## Example Usage\n\n### IAM Role\n\n\u003e For more information about creating and managing IAM Roles for backups and restores, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html).\n\nThe below example creates an IAM role with the default managed IAM Policy for allowing AWS Backup to create backups.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"backup.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role: example.name,\n});\nconst exampleSelection = new aws.backup.Selection(\"example\", {iamRoleArn: example.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"backup.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role=example.name)\nexample_selection = aws.backup.Selection(\"example\", iam_role_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"backup.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n Role = example.Name,\n });\n\n var exampleSelection = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"backup.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"backup.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\")\n .role(example.name())\n .build());\n\n var exampleSelection = new Selection(\"exampleSelection\", SelectionArgs.builder() \n .iamRoleArn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\n role: ${example.name}\n exampleSelection:\n type: aws:backup:Selection\n name: example\n properties:\n iamRoleArn: ${example.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - backup.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Tag\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n selectionTags: [{\n type: \"STRINGEQUALS\",\n key: \"foo\",\n value: \"bar\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n selection_tags=[aws.backup.SelectionSelectionTagArgs(\n type=\"STRINGEQUALS\",\n key=\"foo\",\n value=\"bar\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n SelectionTags = new[]\n {\n new Aws.Backup.Inputs.SelectionSelectionTagArgs\n {\n Type = \"STRINGEQUALS\",\n Key = \"foo\",\n Value = \"bar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tSelectionTags: backup.SelectionSelectionTagArray{\n\t\t\t\t\u0026backup.SelectionSelectionTagArgs{\n\t\t\t\t\tType: pulumi.String(\"STRINGEQUALS\"),\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionSelectionTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .selectionTags(SelectionSelectionTagArgs.builder()\n .type(\"STRINGEQUALS\")\n .key(\"foo\")\n .value(\"bar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n selectionTags:\n - type: STRINGEQUALS\n key: foo\n value: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Conditions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n resources: [\"*\"],\n conditions: [{\n stringEquals: [{\n key: \"aws:ResourceTag/Component\",\n value: \"rds\",\n }],\n stringLikes: [{\n key: \"aws:ResourceTag/Application\",\n value: \"app*\",\n }],\n stringNotEquals: [{\n key: \"aws:ResourceTag/Backup\",\n value: \"false\",\n }],\n stringNotLikes: [{\n key: \"aws:ResourceTag/Environment\",\n value: \"test*\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n resources=[\"*\"],\n conditions=[aws.backup.SelectionConditionArgs(\n string_equals=[aws.backup.SelectionConditionStringEqualArgs(\n key=\"aws:ResourceTag/Component\",\n value=\"rds\",\n )],\n string_likes=[aws.backup.SelectionConditionStringLikeArgs(\n key=\"aws:ResourceTag/Application\",\n value=\"app*\",\n )],\n string_not_equals=[aws.backup.SelectionConditionStringNotEqualArgs(\n key=\"aws:ResourceTag/Backup\",\n value=\"false\",\n )],\n string_not_likes=[aws.backup.SelectionConditionStringNotLikeArgs(\n key=\"aws:ResourceTag/Environment\",\n value=\"test*\",\n )],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n Resources = new[]\n {\n \"*\",\n },\n Conditions = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionArgs\n {\n StringEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringEqualArgs\n {\n Key = \"aws:ResourceTag/Component\",\n Value = \"rds\",\n },\n },\n StringLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringLikeArgs\n {\n Key = \"aws:ResourceTag/Application\",\n Value = \"app*\",\n },\n },\n StringNotEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotEqualArgs\n {\n Key = \"aws:ResourceTag/Backup\",\n Value = \"false\",\n },\n },\n StringNotLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotLikeArgs\n {\n Key = \"aws:ResourceTag/Environment\",\n Value = \"test*\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"*\"),\n\t\t\t},\n\t\t\tConditions: backup.SelectionConditionArray{\n\t\t\t\t\u0026backup.SelectionConditionArgs{\n\t\t\t\t\tStringEquals: backup.SelectionConditionStringEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Component\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"rds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringLikes: backup.SelectionConditionStringLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Application\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"app*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotEquals: backup.SelectionConditionStringNotEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Backup\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotLikes: backup.SelectionConditionStringNotLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Environment\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"test*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .resources(\"*\")\n .conditions(SelectionConditionArgs.builder()\n .stringEquals(SelectionConditionStringEqualArgs.builder()\n .key(\"aws:ResourceTag/Component\")\n .value(\"rds\")\n .build())\n .stringLikes(SelectionConditionStringLikeArgs.builder()\n .key(\"aws:ResourceTag/Application\")\n .value(\"app*\")\n .build())\n .stringNotEquals(SelectionConditionStringNotEqualArgs.builder()\n .key(\"aws:ResourceTag/Backup\")\n .value(\"false\")\n .build())\n .stringNotLikes(SelectionConditionStringNotLikeArgs.builder()\n .key(\"aws:ResourceTag/Environment\")\n .value(\"test*\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n resources:\n - '*'\n conditions:\n - stringEquals:\n - key: aws:ResourceTag/Component\n value: rds\n stringLikes:\n - key: aws:ResourceTag/Application\n value: app*\n stringNotEquals:\n - key: aws:ResourceTag/Backup\n value: 'false'\n stringNotLikes:\n - key: aws:ResourceTag/Environment\n value: test*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n resources: [\n exampleAwsDbInstance.arn,\n exampleAwsEbsVolume.arn,\n exampleAwsEfsFileSystem.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n resources=[\n example_aws_db_instance[\"arn\"],\n example_aws_ebs_volume[\"arn\"],\n example_aws_efs_file_system[\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n Resources = new[]\n {\n exampleAwsDbInstance.Arn,\n exampleAwsEbsVolume.Arn,\n exampleAwsEfsFileSystem.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\texampleAwsDbInstance.Arn,\n\t\t\t\texampleAwsEbsVolume.Arn,\n\t\t\t\texampleAwsEfsFileSystem.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .resources( \n exampleAwsDbInstance.arn(),\n exampleAwsEbsVolume.arn(),\n exampleAwsEfsFileSystem.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n resources:\n - ${exampleAwsDbInstance.arn}\n - ${exampleAwsEbsVolume.arn}\n - ${exampleAwsEfsFileSystem.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Not Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n notResources: [\n exampleAwsDbInstance.arn,\n exampleAwsEbsVolume.arn,\n exampleAwsEfsFileSystem.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n not_resources=[\n example_aws_db_instance[\"arn\"],\n example_aws_ebs_volume[\"arn\"],\n example_aws_efs_file_system[\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n NotResources = new[]\n {\n exampleAwsDbInstance.Arn,\n exampleAwsEbsVolume.Arn,\n exampleAwsEfsFileSystem.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tNotResources: pulumi.StringArray{\n\t\t\t\texampleAwsDbInstance.Arn,\n\t\t\t\texampleAwsEbsVolume.Arn,\n\t\t\t\texampleAwsEfsFileSystem.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .notResources( \n exampleAwsDbInstance.arn(),\n exampleAwsEbsVolume.arn(),\n exampleAwsEfsFileSystem.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n notResources:\n - ${exampleAwsDbInstance.arn}\n - ${exampleAwsEbsVolume.arn}\n - ${exampleAwsEfsFileSystem.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Backup selection using the role plan_id and id separated by `|`. For example:\n\n```sh\n$ pulumi import aws:backup/selection:Selection example plan-id|selection-id\n```\n", + "description": "Manages selection conditions for AWS Backup plan resources.\n\n## Example Usage\n\n### IAM Role\n\n\u003e For more information about creating and managing IAM Roles for backups and restores, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html).\n\nThe below example creates an IAM role with the default managed IAM Policy for allowing AWS Backup to create backups.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"backup.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role: example.name,\n});\nconst exampleSelection = new aws.backup.Selection(\"example\", {iamRoleArn: example.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"backup.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role=example.name)\nexample_selection = aws.backup.Selection(\"example\", iam_role_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"backup.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n Role = example.Name,\n });\n\n var exampleSelection = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"backup.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"backup.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\")\n .role(example.name())\n .build());\n\n var exampleSelection = new Selection(\"exampleSelection\", SelectionArgs.builder() \n .iamRoleArn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\n role: ${example.name}\n exampleSelection:\n type: aws:backup:Selection\n name: example\n properties:\n iamRoleArn: ${example.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - backup.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Tag\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n selectionTags: [{\n type: \"STRINGEQUALS\",\n key: \"foo\",\n value: \"bar\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n selection_tags=[aws.backup.SelectionSelectionTagArgs(\n type=\"STRINGEQUALS\",\n key=\"foo\",\n value=\"bar\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n SelectionTags = new[]\n {\n new Aws.Backup.Inputs.SelectionSelectionTagArgs\n {\n Type = \"STRINGEQUALS\",\n Key = \"foo\",\n Value = \"bar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tSelectionTags: backup.SelectionSelectionTagArray{\n\t\t\t\t\u0026backup.SelectionSelectionTagArgs{\n\t\t\t\t\tType: pulumi.String(\"STRINGEQUALS\"),\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionSelectionTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .selectionTags(SelectionSelectionTagArgs.builder()\n .type(\"STRINGEQUALS\")\n .key(\"foo\")\n .value(\"bar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n selectionTags:\n - type: STRINGEQUALS\n key: foo\n value: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Conditions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n resources: [\"*\"],\n conditions: [{\n stringEquals: [{\n key: \"aws:ResourceTag/Component\",\n value: \"rds\",\n }],\n stringLikes: [{\n key: \"aws:ResourceTag/Application\",\n value: \"app*\",\n }],\n stringNotEquals: [{\n key: \"aws:ResourceTag/Backup\",\n value: \"false\",\n }],\n stringNotLikes: [{\n key: \"aws:ResourceTag/Environment\",\n value: \"test*\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n resources=[\"*\"],\n conditions=[aws.backup.SelectionConditionArgs(\n string_equals=[aws.backup.SelectionConditionStringEqualArgs(\n key=\"aws:ResourceTag/Component\",\n value=\"rds\",\n )],\n string_likes=[aws.backup.SelectionConditionStringLikeArgs(\n key=\"aws:ResourceTag/Application\",\n value=\"app*\",\n )],\n string_not_equals=[aws.backup.SelectionConditionStringNotEqualArgs(\n key=\"aws:ResourceTag/Backup\",\n value=\"false\",\n )],\n string_not_likes=[aws.backup.SelectionConditionStringNotLikeArgs(\n key=\"aws:ResourceTag/Environment\",\n value=\"test*\",\n )],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n Resources = new[]\n {\n \"*\",\n },\n Conditions = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionArgs\n {\n StringEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringEqualArgs\n {\n Key = \"aws:ResourceTag/Component\",\n Value = \"rds\",\n },\n },\n StringLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringLikeArgs\n {\n Key = \"aws:ResourceTag/Application\",\n Value = \"app*\",\n },\n },\n StringNotEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotEqualArgs\n {\n Key = \"aws:ResourceTag/Backup\",\n Value = \"false\",\n },\n },\n StringNotLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotLikeArgs\n {\n Key = \"aws:ResourceTag/Environment\",\n Value = \"test*\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"*\"),\n\t\t\t},\n\t\t\tConditions: backup.SelectionConditionArray{\n\t\t\t\t\u0026backup.SelectionConditionArgs{\n\t\t\t\t\tStringEquals: backup.SelectionConditionStringEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Component\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"rds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringLikes: backup.SelectionConditionStringLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Application\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"app*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotEquals: backup.SelectionConditionStringNotEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Backup\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotLikes: backup.SelectionConditionStringNotLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Environment\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"test*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .resources(\"*\")\n .conditions(SelectionConditionArgs.builder()\n .stringEquals(SelectionConditionStringEqualArgs.builder()\n .key(\"aws:ResourceTag/Component\")\n .value(\"rds\")\n .build())\n .stringLikes(SelectionConditionStringLikeArgs.builder()\n .key(\"aws:ResourceTag/Application\")\n .value(\"app*\")\n .build())\n .stringNotEquals(SelectionConditionStringNotEqualArgs.builder()\n .key(\"aws:ResourceTag/Backup\")\n .value(\"false\")\n .build())\n .stringNotLikes(SelectionConditionStringNotLikeArgs.builder()\n .key(\"aws:ResourceTag/Environment\")\n .value(\"test*\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n resources:\n - '*'\n conditions:\n - stringEquals:\n - key: aws:ResourceTag/Component\n value: rds\n stringLikes:\n - key: aws:ResourceTag/Application\n value: app*\n stringNotEquals:\n - key: aws:ResourceTag/Backup\n value: 'false'\n stringNotLikes:\n - key: aws:ResourceTag/Environment\n value: test*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n resources: [\n exampleAwsDbInstance.arn,\n exampleAwsEbsVolume.arn,\n exampleAwsEfsFileSystem.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n resources=[\n example_aws_db_instance[\"arn\"],\n example_aws_ebs_volume[\"arn\"],\n example_aws_efs_file_system[\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n Resources = new[]\n {\n exampleAwsDbInstance.Arn,\n exampleAwsEbsVolume.Arn,\n exampleAwsEfsFileSystem.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\texampleAwsDbInstance.Arn,\n\t\t\t\texampleAwsEbsVolume.Arn,\n\t\t\t\texampleAwsEfsFileSystem.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .resources( \n exampleAwsDbInstance.arn(),\n exampleAwsEbsVolume.arn(),\n exampleAwsEfsFileSystem.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n resources:\n - ${exampleAwsDbInstance.arn}\n - ${exampleAwsEbsVolume.arn}\n - ${exampleAwsEfsFileSystem.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Selecting Backups By Not Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: exampleAwsIamRole.arn,\n name: \"my_example_backup_selection\",\n planId: exampleAwsBackupPlan.id,\n notResources: [\n exampleAwsDbInstance.arn,\n exampleAwsEbsVolume.arn,\n exampleAwsEfsFileSystem.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=example_aws_iam_role[\"arn\"],\n name=\"my_example_backup_selection\",\n plan_id=example_aws_backup_plan[\"id\"],\n not_resources=[\n example_aws_db_instance[\"arn\"],\n example_aws_ebs_volume[\"arn\"],\n example_aws_efs_file_system[\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = exampleAwsIamRole.Arn,\n Name = \"my_example_backup_selection\",\n PlanId = exampleAwsBackupPlan.Id,\n NotResources = new[]\n {\n exampleAwsDbInstance.Arn,\n exampleAwsEbsVolume.Arn,\n exampleAwsEfsFileSystem.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tName: pulumi.String(\"my_example_backup_selection\"),\n\t\t\tPlanId: pulumi.Any(exampleAwsBackupPlan.Id),\n\t\t\tNotResources: pulumi.StringArray{\n\t\t\t\texampleAwsDbInstance.Arn,\n\t\t\t\texampleAwsEbsVolume.Arn,\n\t\t\t\texampleAwsEfsFileSystem.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(exampleAwsIamRole.arn())\n .name(\"my_example_backup_selection\")\n .planId(exampleAwsBackupPlan.id())\n .notResources( \n exampleAwsDbInstance.arn(),\n exampleAwsEbsVolume.arn(),\n exampleAwsEfsFileSystem.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleAwsIamRole.arn}\n name: my_example_backup_selection\n planId: ${exampleAwsBackupPlan.id}\n notResources:\n - ${exampleAwsDbInstance.arn}\n - ${exampleAwsEbsVolume.arn}\n - ${exampleAwsEfsFileSystem.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Backup selection using the role plan_id and id separated by `|`. For example:\n\n```sh\n$ pulumi import aws:backup/selection:Selection example plan-id|selection-id\n```\n", "properties": { "conditions": { "type": "array", @@ -172853,7 +172853,7 @@ } }, "aws:batch/computeEnvironment:ComputeEnvironment": { - "description": "Creates a AWS Batch compute environment. Compute environments contain the Amazon ECS container instances that are used to run containerized batch jobs.\n\nFor information about AWS Batch, see [What is AWS Batch?](http://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html) .\nFor information about compute environment, see [Compute Environments](http://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html) .\n\n\u003e **Note:** To prevent a race condition during environment deletion, make sure to set `depends_on` to the related `aws.iam.RolePolicyAttachment`;\notherwise, the policy may be destroyed too soon and the compute environment will then get stuck in the `DELETING` state, see [Troubleshooting AWS Batch](http://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html) .\n\n## Example Usage\n\n### EC2 Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ec2AssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst ecsInstanceRole = new aws.iam.Role(\"ecs_instance_role\", {\n name: \"ecs_instance_role\",\n assumeRolePolicy: ec2AssumeRole.then(ec2AssumeRole =\u003e ec2AssumeRole.json),\n});\nconst ecsInstanceRoleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"ecs_instance_role\", {\n role: ecsInstanceRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\n});\nconst ecsInstanceRoleInstanceProfile = new aws.iam.InstanceProfile(\"ecs_instance_role\", {\n name: \"ecs_instance_role\",\n role: ecsInstanceRole.name,\n});\nconst batchAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"batch.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst awsBatchServiceRole = new aws.iam.Role(\"aws_batch_service_role\", {\n name: \"aws_batch_service_role\",\n assumeRolePolicy: batchAssumeRole.then(batchAssumeRole =\u003e batchAssumeRole.json),\n});\nconst awsBatchServiceRoleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"aws_batch_service_role\", {\n role: awsBatchServiceRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\",\n});\nconst sample = new aws.ec2.SecurityGroup(\"sample\", {\n name: \"aws_batch_compute_environment_security_group\",\n egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n }],\n});\nconst sampleVpc = new aws.ec2.Vpc(\"sample\", {cidrBlock: \"10.1.0.0/16\"});\nconst sampleSubnet = new aws.ec2.Subnet(\"sample\", {\n vpcId: sampleVpc.id,\n cidrBlock: \"10.1.1.0/24\",\n});\nconst samplePlacementGroup = new aws.ec2.PlacementGroup(\"sample\", {\n name: \"sample\",\n strategy: \"cluster\",\n});\nconst sampleComputeEnvironment = new aws.batch.ComputeEnvironment(\"sample\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n instanceRole: ecsInstanceRoleInstanceProfile.arn,\n instanceTypes: [\"c4.large\"],\n maxVcpus: 16,\n minVcpus: 0,\n placementGroup: samplePlacementGroup.name,\n securityGroupIds: [sample.id],\n subnets: [sampleSubnet.id],\n type: \"EC2\",\n },\n serviceRole: awsBatchServiceRole.arn,\n type: \"MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nec2_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\necs_instance_role = aws.iam.Role(\"ecs_instance_role\",\n name=\"ecs_instance_role\",\n assume_role_policy=ec2_assume_role.json)\necs_instance_role_role_policy_attachment = aws.iam.RolePolicyAttachment(\"ecs_instance_role\",\n role=ecs_instance_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\")\necs_instance_role_instance_profile = aws.iam.InstanceProfile(\"ecs_instance_role\",\n name=\"ecs_instance_role\",\n role=ecs_instance_role.name)\nbatch_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"batch.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\naws_batch_service_role = aws.iam.Role(\"aws_batch_service_role\",\n name=\"aws_batch_service_role\",\n assume_role_policy=batch_assume_role.json)\naws_batch_service_role_role_policy_attachment = aws.iam.RolePolicyAttachment(\"aws_batch_service_role\",\n role=aws_batch_service_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\")\nsample = aws.ec2.SecurityGroup(\"sample\",\n name=\"aws_batch_compute_environment_security_group\",\n egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n )])\nsample_vpc = aws.ec2.Vpc(\"sample\", cidr_block=\"10.1.0.0/16\")\nsample_subnet = aws.ec2.Subnet(\"sample\",\n vpc_id=sample_vpc.id,\n cidr_block=\"10.1.1.0/24\")\nsample_placement_group = aws.ec2.PlacementGroup(\"sample\",\n name=\"sample\",\n strategy=\"cluster\")\nsample_compute_environment = aws.batch.ComputeEnvironment(\"sample\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n instance_role=ecs_instance_role_instance_profile.arn,\n instance_types=[\"c4.large\"],\n max_vcpus=16,\n min_vcpus=0,\n placement_group=sample_placement_group.name,\n security_group_ids=[sample.id],\n subnets=[sample_subnet.id],\n type=\"EC2\",\n ),\n service_role=aws_batch_service_role.arn,\n type=\"MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ec2AssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var ecsInstanceRole = new Aws.Iam.Role(\"ecs_instance_role\", new()\n {\n Name = \"ecs_instance_role\",\n AssumeRolePolicy = ec2AssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"ecs_instance_role\", new()\n {\n Role = ecsInstanceRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\n });\n\n var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile(\"ecs_instance_role\", new()\n {\n Name = \"ecs_instance_role\",\n Role = ecsInstanceRole.Name,\n });\n\n var batchAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"batch.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var awsBatchServiceRole = new Aws.Iam.Role(\"aws_batch_service_role\", new()\n {\n Name = \"aws_batch_service_role\",\n AssumeRolePolicy = batchAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"aws_batch_service_role\", new()\n {\n Role = awsBatchServiceRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\",\n });\n\n var sample = new Aws.Ec2.SecurityGroup(\"sample\", new()\n {\n Name = \"aws_batch_compute_environment_security_group\",\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n },\n },\n });\n\n var sampleVpc = new Aws.Ec2.Vpc(\"sample\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var sampleSubnet = new Aws.Ec2.Subnet(\"sample\", new()\n {\n VpcId = sampleVpc.Id,\n CidrBlock = \"10.1.1.0/24\",\n });\n\n var samplePlacementGroup = new Aws.Ec2.PlacementGroup(\"sample\", new()\n {\n Name = \"sample\",\n Strategy = \"cluster\",\n });\n\n var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment(\"sample\", new()\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n InstanceRole = ecsInstanceRoleInstanceProfile.Arn,\n InstanceTypes = new[]\n {\n \"c4.large\",\n },\n MaxVcpus = 16,\n MinVcpus = 0,\n PlacementGroup = samplePlacementGroup.Name,\n SecurityGroupIds = new[]\n {\n sample.Id,\n },\n Subnets = new[]\n {\n sampleSubnet.Id,\n },\n Type = \"EC2\",\n },\n ServiceRole = awsBatchServiceRole.Arn,\n Type = \"MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tec2AssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsInstanceRole, err := iam.NewRole(ctx, \"ecs_instance_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"ecs_instance_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(ec2AssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ecs_instance_role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: ecsInstanceRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsInstanceRoleInstanceProfile, err := iam.NewInstanceProfile(ctx, \"ecs_instance_role\", \u0026iam.InstanceProfileArgs{\n\t\t\tName: pulumi.String(\"ecs_instance_role\"),\n\t\t\tRole: ecsInstanceRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbatchAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"batch.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsBatchServiceRole, err := iam.NewRole(ctx, \"aws_batch_service_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"aws_batch_service_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(batchAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"aws_batch_service_role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: awsBatchServiceRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsample, err := ec2.NewSecurityGroup(ctx, \"sample\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"aws_batch_compute_environment_security_group\"),\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleVpc, err := ec2.NewVpc(ctx, \"sample\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleSubnet, err := ec2.NewSubnet(ctx, \"sample\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: sampleVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamplePlacementGroup, err := ec2.NewPlacementGroup(ctx, \"sample\", \u0026ec2.PlacementGroupArgs{\n\t\t\tName: pulumi.String(\"sample\"),\n\t\t\tStrategy: pulumi.String(\"cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = batch.NewComputeEnvironment(ctx, \"sample\", \u0026batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: \u0026batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tInstanceRole: ecsInstanceRoleInstanceProfile.Arn,\n\t\t\t\tInstanceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"c4.large\"),\n\t\t\t\t},\n\t\t\t\tMaxVcpus: pulumi.Int(16),\n\t\t\t\tMinVcpus: pulumi.Int(0),\n\t\t\t\tPlacementGroup: samplePlacementGroup.Name,\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsample.ID(),\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tsampleSubnet.ID(),\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"EC2\"),\n\t\t\t},\n\t\t\tServiceRole: awsBatchServiceRole.Arn,\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.iam.InstanceProfile;\nimport com.pulumi.aws.iam.InstanceProfileArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.PlacementGroup;\nimport com.pulumi.aws.ec2.PlacementGroupArgs;\nimport com.pulumi.aws.batch.ComputeEnvironment;\nimport com.pulumi.aws.batch.ComputeEnvironmentArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentComputeResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ec2AssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var ecsInstanceRole = new Role(\"ecsInstanceRole\", RoleArgs.builder() \n .name(\"ecs_instance_role\")\n .assumeRolePolicy(ec2AssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ecsInstanceRoleRolePolicyAttachment = new RolePolicyAttachment(\"ecsInstanceRoleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(ecsInstanceRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\")\n .build());\n\n var ecsInstanceRoleInstanceProfile = new InstanceProfile(\"ecsInstanceRoleInstanceProfile\", InstanceProfileArgs.builder() \n .name(\"ecs_instance_role\")\n .role(ecsInstanceRole.name())\n .build());\n\n final var batchAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"batch.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var awsBatchServiceRole = new Role(\"awsBatchServiceRole\", RoleArgs.builder() \n .name(\"aws_batch_service_role\")\n .assumeRolePolicy(batchAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var awsBatchServiceRoleRolePolicyAttachment = new RolePolicyAttachment(\"awsBatchServiceRoleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(awsBatchServiceRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\")\n .build());\n\n var sample = new SecurityGroup(\"sample\", SecurityGroupArgs.builder() \n .name(\"aws_batch_compute_environment_security_group\")\n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .cidrBlocks(\"0.0.0.0/0\")\n .build())\n .build());\n\n var sampleVpc = new Vpc(\"sampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var sampleSubnet = new Subnet(\"sampleSubnet\", SubnetArgs.builder() \n .vpcId(sampleVpc.id())\n .cidrBlock(\"10.1.1.0/24\")\n .build());\n\n var samplePlacementGroup = new PlacementGroup(\"samplePlacementGroup\", PlacementGroupArgs.builder() \n .name(\"sample\")\n .strategy(\"cluster\")\n .build());\n\n var sampleComputeEnvironment = new ComputeEnvironment(\"sampleComputeEnvironment\", ComputeEnvironmentArgs.builder() \n .computeEnvironmentName(\"sample\")\n .computeResources(ComputeEnvironmentComputeResourcesArgs.builder()\n .instanceRole(ecsInstanceRoleInstanceProfile.arn())\n .instanceTypes(\"c4.large\")\n .maxVcpus(16)\n .minVcpus(0)\n .placementGroup(samplePlacementGroup.name())\n .securityGroupIds(sample.id())\n .subnets(sampleSubnet.id())\n .type(\"EC2\")\n .build())\n .serviceRole(awsBatchServiceRole.arn())\n .type(\"MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ecsInstanceRole:\n type: aws:iam:Role\n name: ecs_instance_role\n properties:\n name: ecs_instance_role\n assumeRolePolicy: ${ec2AssumeRole.json}\n ecsInstanceRoleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: ecs_instance_role\n properties:\n role: ${ecsInstanceRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\n ecsInstanceRoleInstanceProfile:\n type: aws:iam:InstanceProfile\n name: ecs_instance_role\n properties:\n name: ecs_instance_role\n role: ${ecsInstanceRole.name}\n awsBatchServiceRole:\n type: aws:iam:Role\n name: aws_batch_service_role\n properties:\n name: aws_batch_service_role\n assumeRolePolicy: ${batchAssumeRole.json}\n awsBatchServiceRoleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: aws_batch_service_role\n properties:\n role: ${awsBatchServiceRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\n sample:\n type: aws:ec2:SecurityGroup\n properties:\n name: aws_batch_compute_environment_security_group\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n cidrBlocks:\n - 0.0.0.0/0\n sampleVpc:\n type: aws:ec2:Vpc\n name: sample\n properties:\n cidrBlock: 10.1.0.0/16\n sampleSubnet:\n type: aws:ec2:Subnet\n name: sample\n properties:\n vpcId: ${sampleVpc.id}\n cidrBlock: 10.1.1.0/24\n samplePlacementGroup:\n type: aws:ec2:PlacementGroup\n name: sample\n properties:\n name: sample\n strategy: cluster\n sampleComputeEnvironment:\n type: aws:batch:ComputeEnvironment\n name: sample\n properties:\n computeEnvironmentName: sample\n computeResources:\n instanceRole: ${ecsInstanceRoleInstanceProfile.arn}\n instanceTypes:\n - c4.large\n maxVcpus: 16\n minVcpus: 0\n placementGroup: ${samplePlacementGroup.name}\n securityGroupIds:\n - ${sample.id}\n subnets:\n - ${sampleSubnet.id}\n type: EC2\n serviceRole: ${awsBatchServiceRole.arn}\n type: MANAGED\nvariables:\n ec2AssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n batchAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - batch.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Fargate Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sample = new aws.batch.ComputeEnvironment(\"sample\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n maxVcpus: 16,\n securityGroupIds: [sampleAwsSecurityGroup.id],\n subnets: [sampleAwsSubnet.id],\n type: \"FARGATE\",\n },\n serviceRole: awsBatchServiceRole.arn,\n type: \"MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsample = aws.batch.ComputeEnvironment(\"sample\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n max_vcpus=16,\n security_group_ids=[sample_aws_security_group[\"id\"]],\n subnets=[sample_aws_subnet[\"id\"]],\n type=\"FARGATE\",\n ),\n service_role=aws_batch_service_role[\"arn\"],\n type=\"MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = new Aws.Batch.ComputeEnvironment(\"sample\", new()\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n MaxVcpus = 16,\n SecurityGroupIds = new[]\n {\n sampleAwsSecurityGroup.Id,\n },\n Subnets = new[]\n {\n sampleAwsSubnet.Id,\n },\n Type = \"FARGATE\",\n },\n ServiceRole = awsBatchServiceRole.Arn,\n Type = \"MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewComputeEnvironment(ctx, \"sample\", \u0026batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: \u0026batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tMaxVcpus: pulumi.Int(16),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSecurityGroup.Id,\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"FARGATE\"),\n\t\t\t},\n\t\t\tServiceRole: pulumi.Any(awsBatchServiceRole.Arn),\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.ComputeEnvironment;\nimport com.pulumi.aws.batch.ComputeEnvironmentArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentComputeResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sample = new ComputeEnvironment(\"sample\", ComputeEnvironmentArgs.builder() \n .computeEnvironmentName(\"sample\")\n .computeResources(ComputeEnvironmentComputeResourcesArgs.builder()\n .maxVcpus(16)\n .securityGroupIds(sampleAwsSecurityGroup.id())\n .subnets(sampleAwsSubnet.id())\n .type(\"FARGATE\")\n .build())\n .serviceRole(awsBatchServiceRole.arn())\n .type(\"MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sample:\n type: aws:batch:ComputeEnvironment\n properties:\n computeEnvironmentName: sample\n computeResources:\n maxVcpus: 16\n securityGroupIds:\n - ${sampleAwsSecurityGroup.id}\n subnets:\n - ${sampleAwsSubnet.id}\n type: FARGATE\n serviceRole: ${awsBatchServiceRole.arn}\n type: MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Setting Update Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sample = new aws.batch.ComputeEnvironment(\"sample\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n allocationStrategy: \"BEST_FIT_PROGRESSIVE\",\n instanceRole: ecsInstance.arn,\n instanceTypes: [\"optimal\"],\n maxVcpus: 4,\n minVcpus: 0,\n securityGroupIds: [sampleAwsSecurityGroup.id],\n subnets: [sampleAwsSubnet.id],\n type: \"EC2\",\n },\n updatePolicy: {\n jobExecutionTimeoutMinutes: 30,\n terminateJobsOnUpdate: false,\n },\n type: \"MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsample = aws.batch.ComputeEnvironment(\"sample\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n allocation_strategy=\"BEST_FIT_PROGRESSIVE\",\n instance_role=ecs_instance[\"arn\"],\n instance_types=[\"optimal\"],\n max_vcpus=4,\n min_vcpus=0,\n security_group_ids=[sample_aws_security_group[\"id\"]],\n subnets=[sample_aws_subnet[\"id\"]],\n type=\"EC2\",\n ),\n update_policy=aws.batch.ComputeEnvironmentUpdatePolicyArgs(\n job_execution_timeout_minutes=30,\n terminate_jobs_on_update=False,\n ),\n type=\"MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = new Aws.Batch.ComputeEnvironment(\"sample\", new()\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n AllocationStrategy = \"BEST_FIT_PROGRESSIVE\",\n InstanceRole = ecsInstance.Arn,\n InstanceTypes = new[]\n {\n \"optimal\",\n },\n MaxVcpus = 4,\n MinVcpus = 0,\n SecurityGroupIds = new[]\n {\n sampleAwsSecurityGroup.Id,\n },\n Subnets = new[]\n {\n sampleAwsSubnet.Id,\n },\n Type = \"EC2\",\n },\n UpdatePolicy = new Aws.Batch.Inputs.ComputeEnvironmentUpdatePolicyArgs\n {\n JobExecutionTimeoutMinutes = 30,\n TerminateJobsOnUpdate = false,\n },\n Type = \"MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewComputeEnvironment(ctx, \"sample\", \u0026batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: \u0026batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tAllocationStrategy: pulumi.String(\"BEST_FIT_PROGRESSIVE\"),\n\t\t\t\tInstanceRole: pulumi.Any(ecsInstance.Arn),\n\t\t\t\tInstanceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"optimal\"),\n\t\t\t\t},\n\t\t\t\tMaxVcpus: pulumi.Int(4),\n\t\t\t\tMinVcpus: pulumi.Int(0),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSecurityGroup.Id,\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"EC2\"),\n\t\t\t},\n\t\t\tUpdatePolicy: \u0026batch.ComputeEnvironmentUpdatePolicyArgs{\n\t\t\t\tJobExecutionTimeoutMinutes: pulumi.Int(30),\n\t\t\t\tTerminateJobsOnUpdate: pulumi.Bool(false),\n\t\t\t},\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.ComputeEnvironment;\nimport com.pulumi.aws.batch.ComputeEnvironmentArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentComputeResourcesArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentUpdatePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sample = new ComputeEnvironment(\"sample\", ComputeEnvironmentArgs.builder() \n .computeEnvironmentName(\"sample\")\n .computeResources(ComputeEnvironmentComputeResourcesArgs.builder()\n .allocationStrategy(\"BEST_FIT_PROGRESSIVE\")\n .instanceRole(ecsInstance.arn())\n .instanceTypes(\"optimal\")\n .maxVcpus(4)\n .minVcpus(0)\n .securityGroupIds(sampleAwsSecurityGroup.id())\n .subnets(sampleAwsSubnet.id())\n .type(\"EC2\")\n .build())\n .updatePolicy(ComputeEnvironmentUpdatePolicyArgs.builder()\n .jobExecutionTimeoutMinutes(30)\n .terminateJobsOnUpdate(false)\n .build())\n .type(\"MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sample:\n type: aws:batch:ComputeEnvironment\n properties:\n computeEnvironmentName: sample\n computeResources:\n allocationStrategy: BEST_FIT_PROGRESSIVE\n instanceRole: ${ecsInstance.arn}\n instanceTypes:\n - optimal\n maxVcpus: 4\n minVcpus: 0\n securityGroupIds:\n - ${sampleAwsSecurityGroup.id}\n subnets:\n - ${sampleAwsSubnet.id}\n type: EC2\n updatePolicy:\n jobExecutionTimeoutMinutes: 30\n terminateJobsOnUpdate: false\n type: MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS Batch compute using the `compute_environment_name`. For example:\n\n```sh\n$ pulumi import aws:batch/computeEnvironment:ComputeEnvironment sample sample\n```\n", + "description": "Creates a AWS Batch compute environment. Compute environments contain the Amazon ECS container instances that are used to run containerized batch jobs.\n\nFor information about AWS Batch, see [What is AWS Batch?](http://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html) .\nFor information about compute environment, see [Compute Environments](http://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html) .\n\n\u003e **Note:** To prevent a race condition during environment deletion, make sure to set `depends_on` to the related `aws.iam.RolePolicyAttachment`;\notherwise, the policy may be destroyed too soon and the compute environment will then get stuck in the `DELETING` state, see [Troubleshooting AWS Batch](http://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html) .\n\n## Example Usage\n\n### EC2 Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ec2AssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst ecsInstanceRole = new aws.iam.Role(\"ecs_instance_role\", {\n name: \"ecs_instance_role\",\n assumeRolePolicy: ec2AssumeRole.then(ec2AssumeRole =\u003e ec2AssumeRole.json),\n});\nconst ecsInstanceRoleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"ecs_instance_role\", {\n role: ecsInstanceRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\n});\nconst ecsInstanceRoleInstanceProfile = new aws.iam.InstanceProfile(\"ecs_instance_role\", {\n name: \"ecs_instance_role\",\n role: ecsInstanceRole.name,\n});\nconst batchAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"batch.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst awsBatchServiceRole = new aws.iam.Role(\"aws_batch_service_role\", {\n name: \"aws_batch_service_role\",\n assumeRolePolicy: batchAssumeRole.then(batchAssumeRole =\u003e batchAssumeRole.json),\n});\nconst awsBatchServiceRoleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"aws_batch_service_role\", {\n role: awsBatchServiceRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\",\n});\nconst sample = new aws.ec2.SecurityGroup(\"sample\", {\n name: \"aws_batch_compute_environment_security_group\",\n egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n }],\n});\nconst sampleVpc = new aws.ec2.Vpc(\"sample\", {cidrBlock: \"10.1.0.0/16\"});\nconst sampleSubnet = new aws.ec2.Subnet(\"sample\", {\n vpcId: sampleVpc.id,\n cidrBlock: \"10.1.1.0/24\",\n});\nconst samplePlacementGroup = new aws.ec2.PlacementGroup(\"sample\", {\n name: \"sample\",\n strategy: aws.ec2.PlacementStrategy.Cluster,\n});\nconst sampleComputeEnvironment = new aws.batch.ComputeEnvironment(\"sample\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n instanceRole: ecsInstanceRoleInstanceProfile.arn,\n instanceTypes: [\"c4.large\"],\n maxVcpus: 16,\n minVcpus: 0,\n placementGroup: samplePlacementGroup.name,\n securityGroupIds: [sample.id],\n subnets: [sampleSubnet.id],\n type: \"EC2\",\n },\n serviceRole: awsBatchServiceRole.arn,\n type: \"MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nec2_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\necs_instance_role = aws.iam.Role(\"ecs_instance_role\",\n name=\"ecs_instance_role\",\n assume_role_policy=ec2_assume_role.json)\necs_instance_role_role_policy_attachment = aws.iam.RolePolicyAttachment(\"ecs_instance_role\",\n role=ecs_instance_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\")\necs_instance_role_instance_profile = aws.iam.InstanceProfile(\"ecs_instance_role\",\n name=\"ecs_instance_role\",\n role=ecs_instance_role.name)\nbatch_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"batch.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\naws_batch_service_role = aws.iam.Role(\"aws_batch_service_role\",\n name=\"aws_batch_service_role\",\n assume_role_policy=batch_assume_role.json)\naws_batch_service_role_role_policy_attachment = aws.iam.RolePolicyAttachment(\"aws_batch_service_role\",\n role=aws_batch_service_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\")\nsample = aws.ec2.SecurityGroup(\"sample\",\n name=\"aws_batch_compute_environment_security_group\",\n egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n )])\nsample_vpc = aws.ec2.Vpc(\"sample\", cidr_block=\"10.1.0.0/16\")\nsample_subnet = aws.ec2.Subnet(\"sample\",\n vpc_id=sample_vpc.id,\n cidr_block=\"10.1.1.0/24\")\nsample_placement_group = aws.ec2.PlacementGroup(\"sample\",\n name=\"sample\",\n strategy=aws.ec2.PlacementStrategy.CLUSTER)\nsample_compute_environment = aws.batch.ComputeEnvironment(\"sample\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n instance_role=ecs_instance_role_instance_profile.arn,\n instance_types=[\"c4.large\"],\n max_vcpus=16,\n min_vcpus=0,\n placement_group=sample_placement_group.name,\n security_group_ids=[sample.id],\n subnets=[sample_subnet.id],\n type=\"EC2\",\n ),\n service_role=aws_batch_service_role.arn,\n type=\"MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ec2AssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var ecsInstanceRole = new Aws.Iam.Role(\"ecs_instance_role\", new()\n {\n Name = \"ecs_instance_role\",\n AssumeRolePolicy = ec2AssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"ecs_instance_role\", new()\n {\n Role = ecsInstanceRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\n });\n\n var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile(\"ecs_instance_role\", new()\n {\n Name = \"ecs_instance_role\",\n Role = ecsInstanceRole.Name,\n });\n\n var batchAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"batch.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var awsBatchServiceRole = new Aws.Iam.Role(\"aws_batch_service_role\", new()\n {\n Name = \"aws_batch_service_role\",\n AssumeRolePolicy = batchAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"aws_batch_service_role\", new()\n {\n Role = awsBatchServiceRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\",\n });\n\n var sample = new Aws.Ec2.SecurityGroup(\"sample\", new()\n {\n Name = \"aws_batch_compute_environment_security_group\",\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n },\n },\n });\n\n var sampleVpc = new Aws.Ec2.Vpc(\"sample\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var sampleSubnet = new Aws.Ec2.Subnet(\"sample\", new()\n {\n VpcId = sampleVpc.Id,\n CidrBlock = \"10.1.1.0/24\",\n });\n\n var samplePlacementGroup = new Aws.Ec2.PlacementGroup(\"sample\", new()\n {\n Name = \"sample\",\n Strategy = Aws.Ec2.PlacementStrategy.Cluster,\n });\n\n var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment(\"sample\", new()\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n InstanceRole = ecsInstanceRoleInstanceProfile.Arn,\n InstanceTypes = new[]\n {\n \"c4.large\",\n },\n MaxVcpus = 16,\n MinVcpus = 0,\n PlacementGroup = samplePlacementGroup.Name,\n SecurityGroupIds = new[]\n {\n sample.Id,\n },\n Subnets = new[]\n {\n sampleSubnet.Id,\n },\n Type = \"EC2\",\n },\n ServiceRole = awsBatchServiceRole.Arn,\n Type = \"MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tec2AssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsInstanceRole, err := iam.NewRole(ctx, \"ecs_instance_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"ecs_instance_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(ec2AssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ecs_instance_role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: ecsInstanceRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsInstanceRoleInstanceProfile, err := iam.NewInstanceProfile(ctx, \"ecs_instance_role\", \u0026iam.InstanceProfileArgs{\n\t\t\tName: pulumi.String(\"ecs_instance_role\"),\n\t\t\tRole: ecsInstanceRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbatchAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"batch.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsBatchServiceRole, err := iam.NewRole(ctx, \"aws_batch_service_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"aws_batch_service_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(batchAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"aws_batch_service_role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: awsBatchServiceRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsample, err := ec2.NewSecurityGroup(ctx, \"sample\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"aws_batch_compute_environment_security_group\"),\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleVpc, err := ec2.NewVpc(ctx, \"sample\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleSubnet, err := ec2.NewSubnet(ctx, \"sample\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: sampleVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamplePlacementGroup, err := ec2.NewPlacementGroup(ctx, \"sample\", \u0026ec2.PlacementGroupArgs{\n\t\t\tName: pulumi.String(\"sample\"),\n\t\t\tStrategy: pulumi.String(ec2.PlacementStrategyCluster),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = batch.NewComputeEnvironment(ctx, \"sample\", \u0026batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: \u0026batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tInstanceRole: ecsInstanceRoleInstanceProfile.Arn,\n\t\t\t\tInstanceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"c4.large\"),\n\t\t\t\t},\n\t\t\t\tMaxVcpus: pulumi.Int(16),\n\t\t\t\tMinVcpus: pulumi.Int(0),\n\t\t\t\tPlacementGroup: samplePlacementGroup.Name,\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsample.ID(),\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tsampleSubnet.ID(),\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"EC2\"),\n\t\t\t},\n\t\t\tServiceRole: awsBatchServiceRole.Arn,\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.iam.InstanceProfile;\nimport com.pulumi.aws.iam.InstanceProfileArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.PlacementGroup;\nimport com.pulumi.aws.ec2.PlacementGroupArgs;\nimport com.pulumi.aws.batch.ComputeEnvironment;\nimport com.pulumi.aws.batch.ComputeEnvironmentArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentComputeResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ec2AssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var ecsInstanceRole = new Role(\"ecsInstanceRole\", RoleArgs.builder() \n .name(\"ecs_instance_role\")\n .assumeRolePolicy(ec2AssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ecsInstanceRoleRolePolicyAttachment = new RolePolicyAttachment(\"ecsInstanceRoleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(ecsInstanceRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\")\n .build());\n\n var ecsInstanceRoleInstanceProfile = new InstanceProfile(\"ecsInstanceRoleInstanceProfile\", InstanceProfileArgs.builder() \n .name(\"ecs_instance_role\")\n .role(ecsInstanceRole.name())\n .build());\n\n final var batchAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"batch.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var awsBatchServiceRole = new Role(\"awsBatchServiceRole\", RoleArgs.builder() \n .name(\"aws_batch_service_role\")\n .assumeRolePolicy(batchAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var awsBatchServiceRoleRolePolicyAttachment = new RolePolicyAttachment(\"awsBatchServiceRoleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(awsBatchServiceRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\")\n .build());\n\n var sample = new SecurityGroup(\"sample\", SecurityGroupArgs.builder() \n .name(\"aws_batch_compute_environment_security_group\")\n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .cidrBlocks(\"0.0.0.0/0\")\n .build())\n .build());\n\n var sampleVpc = new Vpc(\"sampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var sampleSubnet = new Subnet(\"sampleSubnet\", SubnetArgs.builder() \n .vpcId(sampleVpc.id())\n .cidrBlock(\"10.1.1.0/24\")\n .build());\n\n var samplePlacementGroup = new PlacementGroup(\"samplePlacementGroup\", PlacementGroupArgs.builder() \n .name(\"sample\")\n .strategy(\"cluster\")\n .build());\n\n var sampleComputeEnvironment = new ComputeEnvironment(\"sampleComputeEnvironment\", ComputeEnvironmentArgs.builder() \n .computeEnvironmentName(\"sample\")\n .computeResources(ComputeEnvironmentComputeResourcesArgs.builder()\n .instanceRole(ecsInstanceRoleInstanceProfile.arn())\n .instanceTypes(\"c4.large\")\n .maxVcpus(16)\n .minVcpus(0)\n .placementGroup(samplePlacementGroup.name())\n .securityGroupIds(sample.id())\n .subnets(sampleSubnet.id())\n .type(\"EC2\")\n .build())\n .serviceRole(awsBatchServiceRole.arn())\n .type(\"MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ecsInstanceRole:\n type: aws:iam:Role\n name: ecs_instance_role\n properties:\n name: ecs_instance_role\n assumeRolePolicy: ${ec2AssumeRole.json}\n ecsInstanceRoleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: ecs_instance_role\n properties:\n role: ${ecsInstanceRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\n ecsInstanceRoleInstanceProfile:\n type: aws:iam:InstanceProfile\n name: ecs_instance_role\n properties:\n name: ecs_instance_role\n role: ${ecsInstanceRole.name}\n awsBatchServiceRole:\n type: aws:iam:Role\n name: aws_batch_service_role\n properties:\n name: aws_batch_service_role\n assumeRolePolicy: ${batchAssumeRole.json}\n awsBatchServiceRoleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: aws_batch_service_role\n properties:\n role: ${awsBatchServiceRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\n sample:\n type: aws:ec2:SecurityGroup\n properties:\n name: aws_batch_compute_environment_security_group\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n cidrBlocks:\n - 0.0.0.0/0\n sampleVpc:\n type: aws:ec2:Vpc\n name: sample\n properties:\n cidrBlock: 10.1.0.0/16\n sampleSubnet:\n type: aws:ec2:Subnet\n name: sample\n properties:\n vpcId: ${sampleVpc.id}\n cidrBlock: 10.1.1.0/24\n samplePlacementGroup:\n type: aws:ec2:PlacementGroup\n name: sample\n properties:\n name: sample\n strategy: cluster\n sampleComputeEnvironment:\n type: aws:batch:ComputeEnvironment\n name: sample\n properties:\n computeEnvironmentName: sample\n computeResources:\n instanceRole: ${ecsInstanceRoleInstanceProfile.arn}\n instanceTypes:\n - c4.large\n maxVcpus: 16\n minVcpus: 0\n placementGroup: ${samplePlacementGroup.name}\n securityGroupIds:\n - ${sample.id}\n subnets:\n - ${sampleSubnet.id}\n type: EC2\n serviceRole: ${awsBatchServiceRole.arn}\n type: MANAGED\nvariables:\n ec2AssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n batchAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - batch.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Fargate Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sample = new aws.batch.ComputeEnvironment(\"sample\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n maxVcpus: 16,\n securityGroupIds: [sampleAwsSecurityGroup.id],\n subnets: [sampleAwsSubnet.id],\n type: \"FARGATE\",\n },\n serviceRole: awsBatchServiceRole.arn,\n type: \"MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsample = aws.batch.ComputeEnvironment(\"sample\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n max_vcpus=16,\n security_group_ids=[sample_aws_security_group[\"id\"]],\n subnets=[sample_aws_subnet[\"id\"]],\n type=\"FARGATE\",\n ),\n service_role=aws_batch_service_role[\"arn\"],\n type=\"MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = new Aws.Batch.ComputeEnvironment(\"sample\", new()\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n MaxVcpus = 16,\n SecurityGroupIds = new[]\n {\n sampleAwsSecurityGroup.Id,\n },\n Subnets = new[]\n {\n sampleAwsSubnet.Id,\n },\n Type = \"FARGATE\",\n },\n ServiceRole = awsBatchServiceRole.Arn,\n Type = \"MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewComputeEnvironment(ctx, \"sample\", \u0026batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: \u0026batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tMaxVcpus: pulumi.Int(16),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSecurityGroup.Id,\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"FARGATE\"),\n\t\t\t},\n\t\t\tServiceRole: pulumi.Any(awsBatchServiceRole.Arn),\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.ComputeEnvironment;\nimport com.pulumi.aws.batch.ComputeEnvironmentArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentComputeResourcesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sample = new ComputeEnvironment(\"sample\", ComputeEnvironmentArgs.builder() \n .computeEnvironmentName(\"sample\")\n .computeResources(ComputeEnvironmentComputeResourcesArgs.builder()\n .maxVcpus(16)\n .securityGroupIds(sampleAwsSecurityGroup.id())\n .subnets(sampleAwsSubnet.id())\n .type(\"FARGATE\")\n .build())\n .serviceRole(awsBatchServiceRole.arn())\n .type(\"MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sample:\n type: aws:batch:ComputeEnvironment\n properties:\n computeEnvironmentName: sample\n computeResources:\n maxVcpus: 16\n securityGroupIds:\n - ${sampleAwsSecurityGroup.id}\n subnets:\n - ${sampleAwsSubnet.id}\n type: FARGATE\n serviceRole: ${awsBatchServiceRole.arn}\n type: MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Setting Update Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sample = new aws.batch.ComputeEnvironment(\"sample\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n allocationStrategy: \"BEST_FIT_PROGRESSIVE\",\n instanceRole: ecsInstance.arn,\n instanceTypes: [\"optimal\"],\n maxVcpus: 4,\n minVcpus: 0,\n securityGroupIds: [sampleAwsSecurityGroup.id],\n subnets: [sampleAwsSubnet.id],\n type: \"EC2\",\n },\n updatePolicy: {\n jobExecutionTimeoutMinutes: 30,\n terminateJobsOnUpdate: false,\n },\n type: \"MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsample = aws.batch.ComputeEnvironment(\"sample\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n allocation_strategy=\"BEST_FIT_PROGRESSIVE\",\n instance_role=ecs_instance[\"arn\"],\n instance_types=[\"optimal\"],\n max_vcpus=4,\n min_vcpus=0,\n security_group_ids=[sample_aws_security_group[\"id\"]],\n subnets=[sample_aws_subnet[\"id\"]],\n type=\"EC2\",\n ),\n update_policy=aws.batch.ComputeEnvironmentUpdatePolicyArgs(\n job_execution_timeout_minutes=30,\n terminate_jobs_on_update=False,\n ),\n type=\"MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sample = new Aws.Batch.ComputeEnvironment(\"sample\", new()\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n AllocationStrategy = \"BEST_FIT_PROGRESSIVE\",\n InstanceRole = ecsInstance.Arn,\n InstanceTypes = new[]\n {\n \"optimal\",\n },\n MaxVcpus = 4,\n MinVcpus = 0,\n SecurityGroupIds = new[]\n {\n sampleAwsSecurityGroup.Id,\n },\n Subnets = new[]\n {\n sampleAwsSubnet.Id,\n },\n Type = \"EC2\",\n },\n UpdatePolicy = new Aws.Batch.Inputs.ComputeEnvironmentUpdatePolicyArgs\n {\n JobExecutionTimeoutMinutes = 30,\n TerminateJobsOnUpdate = false,\n },\n Type = \"MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewComputeEnvironment(ctx, \"sample\", \u0026batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: \u0026batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tAllocationStrategy: pulumi.String(\"BEST_FIT_PROGRESSIVE\"),\n\t\t\t\tInstanceRole: pulumi.Any(ecsInstance.Arn),\n\t\t\t\tInstanceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"optimal\"),\n\t\t\t\t},\n\t\t\t\tMaxVcpus: pulumi.Int(4),\n\t\t\t\tMinVcpus: pulumi.Int(0),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSecurityGroup.Id,\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tsampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"EC2\"),\n\t\t\t},\n\t\t\tUpdatePolicy: \u0026batch.ComputeEnvironmentUpdatePolicyArgs{\n\t\t\t\tJobExecutionTimeoutMinutes: pulumi.Int(30),\n\t\t\t\tTerminateJobsOnUpdate: pulumi.Bool(false),\n\t\t\t},\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.ComputeEnvironment;\nimport com.pulumi.aws.batch.ComputeEnvironmentArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentComputeResourcesArgs;\nimport com.pulumi.aws.batch.inputs.ComputeEnvironmentUpdatePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sample = new ComputeEnvironment(\"sample\", ComputeEnvironmentArgs.builder() \n .computeEnvironmentName(\"sample\")\n .computeResources(ComputeEnvironmentComputeResourcesArgs.builder()\n .allocationStrategy(\"BEST_FIT_PROGRESSIVE\")\n .instanceRole(ecsInstance.arn())\n .instanceTypes(\"optimal\")\n .maxVcpus(4)\n .minVcpus(0)\n .securityGroupIds(sampleAwsSecurityGroup.id())\n .subnets(sampleAwsSubnet.id())\n .type(\"EC2\")\n .build())\n .updatePolicy(ComputeEnvironmentUpdatePolicyArgs.builder()\n .jobExecutionTimeoutMinutes(30)\n .terminateJobsOnUpdate(false)\n .build())\n .type(\"MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sample:\n type: aws:batch:ComputeEnvironment\n properties:\n computeEnvironmentName: sample\n computeResources:\n allocationStrategy: BEST_FIT_PROGRESSIVE\n instanceRole: ${ecsInstance.arn}\n instanceTypes:\n - optimal\n maxVcpus: 4\n minVcpus: 0\n securityGroupIds:\n - ${sampleAwsSecurityGroup.id}\n subnets:\n - ${sampleAwsSubnet.id}\n type: EC2\n updatePolicy:\n jobExecutionTimeoutMinutes: 30\n terminateJobsOnUpdate: false\n type: MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS Batch compute using the `compute_environment_name`. For example:\n\n```sh\n$ pulumi import aws:batch/computeEnvironment:ComputeEnvironment sample sample\n```\n", "properties": { "arn": { "type": "string", @@ -173055,7 +173055,7 @@ } }, "aws:batch/jobDefinition:JobDefinition": { - "description": "Provides a Batch Job Definition resource.\n\n## Example Usage\n\n### Job definition of type container\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \"my_test_batch_job_definition\",\n type: \"container\",\n containerProperties: JSON.stringify({\n command: [\n \"ls\",\n \"-la\",\n ],\n image: \"busybox\",\n resourceRequirements: [\n {\n type: \"VCPU\",\n value: \"0.25\",\n },\n {\n type: \"MEMORY\",\n value: \"512\",\n },\n ],\n volumes: [{\n host: {\n sourcePath: \"/tmp\",\n },\n name: \"tmp\",\n }],\n environment: [{\n name: \"VARNAME\",\n value: \"VARVAL\",\n }],\n mountPoints: [{\n sourceVolume: \"tmp\",\n containerPath: \"/tmp\",\n readOnly: false,\n }],\n ulimits: [{\n hardLimit: 1024,\n name: \"nofile\",\n softLimit: 1024,\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest = aws.batch.JobDefinition(\"test\",\n name=\"my_test_batch_job_definition\",\n type=\"container\",\n container_properties=json.dumps({\n \"command\": [\n \"ls\",\n \"-la\",\n ],\n \"image\": \"busybox\",\n \"resourceRequirements\": [\n {\n \"type\": \"VCPU\",\n \"value\": \"0.25\",\n },\n {\n \"type\": \"MEMORY\",\n \"value\": \"512\",\n },\n ],\n \"volumes\": [{\n \"host\": {\n \"sourcePath\": \"/tmp\",\n },\n \"name\": \"tmp\",\n }],\n \"environment\": [{\n \"name\": \"VARNAME\",\n \"value\": \"VARVAL\",\n }],\n \"mountPoints\": [{\n \"sourceVolume\": \"tmp\",\n \"containerPath\": \"/tmp\",\n \"readOnly\": False,\n }],\n \"ulimits\": [{\n \"hardLimit\": 1024,\n \"name\": \"nofile\",\n \"softLimit\": 1024,\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \"my_test_batch_job_definition\",\n Type = \"container\",\n ContainerProperties = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"ls\",\n \"-la\",\n },\n [\"image\"] = \"busybox\",\n [\"resourceRequirements\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"VCPU\",\n [\"value\"] = \"0.25\",\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"MEMORY\",\n [\"value\"] = \"512\",\n },\n },\n [\"volumes\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"host\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"sourcePath\"] = \"/tmp\",\n },\n [\"name\"] = \"tmp\",\n },\n },\n [\"environment\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"name\"] = \"VARNAME\",\n [\"value\"] = \"VARVAL\",\n },\n },\n [\"mountPoints\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"sourceVolume\"] = \"tmp\",\n [\"containerPath\"] = \"/tmp\",\n [\"readOnly\"] = false,\n },\n },\n [\"ulimits\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"hardLimit\"] = 1024,\n [\"name\"] = \"nofile\",\n [\"softLimit\"] = 1024,\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"command\": []string{\n\t\t\t\t\"ls\",\n\t\t\t\t\"-la\",\n\t\t\t},\n\t\t\t\"image\": \"busybox\",\n\t\t\t\"resourceRequirements\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"type\": \"VCPU\",\n\t\t\t\t\t\"value\": \"0.25\",\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"type\": \"MEMORY\",\n\t\t\t\t\t\"value\": \"512\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"volumes\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"host\": map[string]interface{}{\n\t\t\t\t\t\t\"sourcePath\": \"/tmp\",\n\t\t\t\t\t},\n\t\t\t\t\t\"name\": \"tmp\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"environment\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"name\": \"VARNAME\",\n\t\t\t\t\t\"value\": \"VARVAL\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"mountPoints\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"sourceVolume\": \"tmp\",\n\t\t\t\t\t\"containerPath\": \"/tmp\",\n\t\t\t\t\t\"readOnly\": false,\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"ulimits\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"hardLimit\": 1024,\n\t\t\t\t\t\"name\": \"nofile\",\n\t\t\t\t\t\"softLimit\": 1024,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\"my_test_batch_job_definition\"),\n\t\t\tType: pulumi.String(\"container\"),\n\t\t\tContainerProperties: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\"my_test_batch_job_definition\")\n .type(\"container\")\n .containerProperties(serializeJson(\n jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"ls\", \n \"-la\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"resourceRequirements\", jsonArray(\n jsonObject(\n jsonProperty(\"type\", \"VCPU\"),\n jsonProperty(\"value\", \"0.25\")\n ), \n jsonObject(\n jsonProperty(\"type\", \"MEMORY\"),\n jsonProperty(\"value\", \"512\")\n )\n )),\n jsonProperty(\"volumes\", jsonArray(jsonObject(\n jsonProperty(\"host\", jsonObject(\n jsonProperty(\"sourcePath\", \"/tmp\")\n )),\n jsonProperty(\"name\", \"tmp\")\n ))),\n jsonProperty(\"environment\", jsonArray(jsonObject(\n jsonProperty(\"name\", \"VARNAME\"),\n jsonProperty(\"value\", \"VARVAL\")\n ))),\n jsonProperty(\"mountPoints\", jsonArray(jsonObject(\n jsonProperty(\"sourceVolume\", \"tmp\"),\n jsonProperty(\"containerPath\", \"/tmp\"),\n jsonProperty(\"readOnly\", false)\n ))),\n jsonProperty(\"ulimits\", jsonArray(jsonObject(\n jsonProperty(\"hardLimit\", 1024),\n jsonProperty(\"name\", \"nofile\"),\n jsonProperty(\"softLimit\", 1024)\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:batch:JobDefinition\n properties:\n name: my_test_batch_job_definition\n type: container\n containerProperties:\n fn::toJSON:\n command:\n - ls\n - -la\n image: busybox\n resourceRequirements:\n - type: VCPU\n value: '0.25'\n - type: MEMORY\n value: '512'\n volumes:\n - host:\n sourcePath: /tmp\n name: tmp\n environment:\n - name: VARNAME\n value: VARVAL\n mountPoints:\n - sourceVolume: tmp\n containerPath: /tmp\n readOnly: false\n ulimits:\n - hardLimit: 1024\n name: nofile\n softLimit: 1024\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Job definition of type multinode\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \"tf_test_batch_job_definition_multinode\",\n type: \"multinode\",\n nodeProperties: JSON.stringify({\n mainNode: 0,\n nodeRangeProperties: [\n {\n container: {\n command: [\n \"ls\",\n \"-la\",\n ],\n image: \"busybox\",\n memory: 128,\n vcpus: 1,\n },\n targetNodes: \"0:\",\n },\n {\n container: {\n command: [\n \"echo\",\n \"test\",\n ],\n image: \"busybox\",\n memory: 128,\n vcpus: 1,\n },\n targetNodes: \"1:\",\n },\n ],\n numNodes: 2,\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest = aws.batch.JobDefinition(\"test\",\n name=\"tf_test_batch_job_definition_multinode\",\n type=\"multinode\",\n node_properties=json.dumps({\n \"mainNode\": 0,\n \"nodeRangeProperties\": [\n {\n \"container\": {\n \"command\": [\n \"ls\",\n \"-la\",\n ],\n \"image\": \"busybox\",\n \"memory\": 128,\n \"vcpus\": 1,\n },\n \"targetNodes\": \"0:\",\n },\n {\n \"container\": {\n \"command\": [\n \"echo\",\n \"test\",\n ],\n \"image\": \"busybox\",\n \"memory\": 128,\n \"vcpus\": 1,\n },\n \"targetNodes\": \"1:\",\n },\n ],\n \"numNodes\": 2,\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \"tf_test_batch_job_definition_multinode\",\n Type = \"multinode\",\n NodeProperties = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"mainNode\"] = 0,\n [\"nodeRangeProperties\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"container\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"ls\",\n \"-la\",\n },\n [\"image\"] = \"busybox\",\n [\"memory\"] = 128,\n [\"vcpus\"] = 1,\n },\n [\"targetNodes\"] = \"0:\",\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"container\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"echo\",\n \"test\",\n },\n [\"image\"] = \"busybox\",\n [\"memory\"] = 128,\n [\"vcpus\"] = 1,\n },\n [\"targetNodes\"] = \"1:\",\n },\n },\n [\"numNodes\"] = 2,\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"mainNode\": 0,\n\t\t\t\"nodeRangeProperties\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"container\": map[string]interface{}{\n\t\t\t\t\t\t\"command\": []string{\n\t\t\t\t\t\t\t\"ls\",\n\t\t\t\t\t\t\t\"-la\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"image\": \"busybox\",\n\t\t\t\t\t\t\"memory\": 128,\n\t\t\t\t\t\t\"vcpus\": 1,\n\t\t\t\t\t},\n\t\t\t\t\t\"targetNodes\": \"0:\",\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"container\": map[string]interface{}{\n\t\t\t\t\t\t\"command\": []string{\n\t\t\t\t\t\t\t\"echo\",\n\t\t\t\t\t\t\t\"test\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"image\": \"busybox\",\n\t\t\t\t\t\t\"memory\": 128,\n\t\t\t\t\t\t\"vcpus\": 1,\n\t\t\t\t\t},\n\t\t\t\t\t\"targetNodes\": \"1:\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"numNodes\": 2,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\"tf_test_batch_job_definition_multinode\"),\n\t\t\tType: pulumi.String(\"multinode\"),\n\t\t\tNodeProperties: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\"tf_test_batch_job_definition_multinode\")\n .type(\"multinode\")\n .nodeProperties(serializeJson(\n jsonObject(\n jsonProperty(\"mainNode\", 0),\n jsonProperty(\"nodeRangeProperties\", jsonArray(\n jsonObject(\n jsonProperty(\"container\", jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"ls\", \n \"-la\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"memory\", 128),\n jsonProperty(\"vcpus\", 1)\n )),\n jsonProperty(\"targetNodes\", \"0:\")\n ), \n jsonObject(\n jsonProperty(\"container\", jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"echo\", \n \"test\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"memory\", 128),\n jsonProperty(\"vcpus\", 1)\n )),\n jsonProperty(\"targetNodes\", \"1:\")\n )\n )),\n jsonProperty(\"numNodes\", 2)\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:batch:JobDefinition\n properties:\n name: tf_test_batch_job_definition_multinode\n type: multinode\n nodeProperties:\n fn::toJSON:\n mainNode: 0\n nodeRangeProperties:\n - container:\n command:\n - ls\n - -la\n image: busybox\n memory: 128\n vcpus: 1\n targetNodes: '0:'\n - container:\n command:\n - echo\n - test\n image: busybox\n memory: 128\n vcpus: 1\n targetNodes: '1:'\n numNodes: 2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Job Definitionn of type EKS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \" tf_test_batch_job_definition_eks\",\n type: \"container\",\n eksProperties: {\n podProperties: {\n hostNetwork: true,\n containers: {\n image: \"public.ecr.aws/amazonlinux/amazonlinux:1\",\n commands: [\n \"sleep\",\n \"60\",\n ],\n resources: {\n limits: {\n cpu: \"1\",\n memory: \"1024Mi\",\n },\n },\n },\n metadata: {\n labels: {\n environment: \"test\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.batch.JobDefinition(\"test\",\n name=\" tf_test_batch_job_definition_eks\",\n type=\"container\",\n eks_properties=aws.batch.JobDefinitionEksPropertiesArgs(\n pod_properties=aws.batch.JobDefinitionEksPropertiesPodPropertiesArgs(\n host_network=True,\n containers=aws.batch.JobDefinitionEksPropertiesPodPropertiesContainersArgs(\n image=\"public.ecr.aws/amazonlinux/amazonlinux:1\",\n commands=[\n \"sleep\",\n \"60\",\n ],\n resources=aws.batch.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs(\n limits={\n \"cpu\": \"1\",\n \"memory\": \"1024Mi\",\n },\n ),\n ),\n metadata=aws.batch.JobDefinitionEksPropertiesPodPropertiesMetadataArgs(\n labels={\n \"environment\": \"test\",\n },\n ),\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \" tf_test_batch_job_definition_eks\",\n Type = \"container\",\n EksProperties = new Aws.Batch.Inputs.JobDefinitionEksPropertiesArgs\n {\n PodProperties = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesArgs\n {\n HostNetwork = true,\n Containers = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesContainersArgs\n {\n Image = \"public.ecr.aws/amazonlinux/amazonlinux:1\",\n Commands = new[]\n {\n \"sleep\",\n \"60\",\n },\n Resources = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"1\" },\n { \"memory\", \"1024Mi\" },\n },\n },\n },\n Metadata = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesMetadataArgs\n {\n Labels = \n {\n { \"environment\", \"test\" },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\" tf_test_batch_job_definition_eks\"),\n\t\t\tType: pulumi.String(\"container\"),\n\t\t\tEksProperties: \u0026batch.JobDefinitionEksPropertiesArgs{\n\t\t\t\tPodProperties: \u0026batch.JobDefinitionEksPropertiesPodPropertiesArgs{\n\t\t\t\t\tHostNetwork: pulumi.Bool(true),\n\t\t\t\t\tContainers: \u0026batch.JobDefinitionEksPropertiesPodPropertiesContainersArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"public.ecr.aws/amazonlinux/amazonlinux:1\"),\n\t\t\t\t\t\tCommands: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"sleep\"),\n\t\t\t\t\t\t\tpulumi.String(\"60\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tResources: \u0026batch.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs{\n\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"1024Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMetadata: \u0026batch.JobDefinitionEksPropertiesPodPropertiesMetadataArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"environment\": pulumi.String(\"test\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesContainersArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesMetadataArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\" tf_test_batch_job_definition_eks\")\n .type(\"container\")\n .eksProperties(JobDefinitionEksPropertiesArgs.builder()\n .podProperties(JobDefinitionEksPropertiesPodPropertiesArgs.builder()\n .hostNetwork(true)\n .containers(JobDefinitionEksPropertiesPodPropertiesContainersArgs.builder()\n .image(\"public.ecr.aws/amazonlinux/amazonlinux:1\")\n .commands( \n \"sleep\",\n \"60\")\n .resources(JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"1\"),\n Map.entry(\"memory\", \"1024Mi\")\n ))\n .build())\n .build())\n .metadata(JobDefinitionEksPropertiesPodPropertiesMetadataArgs.builder()\n .labels(Map.of(\"environment\", \"test\"))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:batch:JobDefinition\n properties:\n name: ' tf_test_batch_job_definition_eks'\n type: container\n eksProperties:\n podProperties:\n hostNetwork: true\n containers:\n image: public.ecr.aws/amazonlinux/amazonlinux:1\n commands:\n - sleep\n - '60'\n resources:\n limits:\n cpu: '1'\n memory: 1024Mi\n metadata:\n labels:\n environment: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Fargate Platform Capability\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ecs-tasks.amazonaws.com\"],\n }],\n }],\n});\nconst ecsTaskExecutionRole = new aws.iam.Role(\"ecs_task_execution_role\", {\n name: \"my_test_batch_exec_role\",\n assumeRolePolicy: assumeRolePolicy.then(assumeRolePolicy =\u003e assumeRolePolicy.json),\n});\nconst ecsTaskExecutionRolePolicy = new aws.iam.RolePolicyAttachment(\"ecs_task_execution_role_policy\", {\n role: ecsTaskExecutionRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\n});\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \"my_test_batch_job_definition\",\n type: \"container\",\n platformCapabilities: [\"FARGATE\"],\n containerProperties: pulumi.jsonStringify({\n command: [\n \"echo\",\n \"test\",\n ],\n image: \"busybox\",\n jobRoleArn: \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n fargatePlatformConfiguration: {\n platformVersion: \"LATEST\",\n },\n resourceRequirements: [\n {\n type: \"VCPU\",\n value: \"0.25\",\n },\n {\n type: \"MEMORY\",\n value: \"512\",\n },\n ],\n executionRoleArn: ecsTaskExecutionRole.arn,\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nassume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ecs-tasks.amazonaws.com\"],\n )],\n)])\necs_task_execution_role = aws.iam.Role(\"ecs_task_execution_role\",\n name=\"my_test_batch_exec_role\",\n assume_role_policy=assume_role_policy.json)\necs_task_execution_role_policy = aws.iam.RolePolicyAttachment(\"ecs_task_execution_role_policy\",\n role=ecs_task_execution_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\")\ntest = aws.batch.JobDefinition(\"test\",\n name=\"my_test_batch_job_definition\",\n type=\"container\",\n platform_capabilities=[\"FARGATE\"],\n container_properties=pulumi.Output.json_dumps({\n \"command\": [\n \"echo\",\n \"test\",\n ],\n \"image\": \"busybox\",\n \"jobRoleArn\": \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n \"fargatePlatformConfiguration\": {\n \"platformVersion\": \"LATEST\",\n },\n \"resourceRequirements\": [\n {\n \"type\": \"VCPU\",\n \"value\": \"0.25\",\n },\n {\n \"type\": \"MEMORY\",\n \"value\": \"512\",\n },\n ],\n \"executionRoleArn\": ecs_task_execution_role.arn,\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ecs-tasks.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var ecsTaskExecutionRole = new Aws.Iam.Role(\"ecs_task_execution_role\", new()\n {\n Name = \"my_test_batch_exec_role\",\n AssumeRolePolicy = assumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsTaskExecutionRolePolicy = new Aws.Iam.RolePolicyAttachment(\"ecs_task_execution_role_policy\", new()\n {\n Role = ecsTaskExecutionRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\n });\n\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \"my_test_batch_job_definition\",\n Type = \"container\",\n PlatformCapabilities = new[]\n {\n \"FARGATE\",\n },\n ContainerProperties = Output.JsonSerialize(Output.Create(new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"echo\",\n \"test\",\n },\n [\"image\"] = \"busybox\",\n [\"jobRoleArn\"] = \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n [\"fargatePlatformConfiguration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"platformVersion\"] = \"LATEST\",\n },\n [\"resourceRequirements\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"VCPU\",\n [\"value\"] = \"0.25\",\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"MEMORY\",\n [\"value\"] = \"512\",\n },\n },\n [\"executionRoleArn\"] = ecsTaskExecutionRole.Arn,\n })),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ecs-tasks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsTaskExecutionRole, err := iam.NewRole(ctx, \"ecs_task_execution_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"my_test_batch_exec_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ecs_task_execution_role_policy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: ecsTaskExecutionRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\"my_test_batch_job_definition\"),\n\t\t\tType: pulumi.String(\"container\"),\n\t\t\tPlatformCapabilities: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FARGATE\"),\n\t\t\t},\n\t\t\tContainerProperties: ecsTaskExecutionRole.Arn.ApplyT(func(arn string) (pulumi.String, error) {\n\t\t\t\tvar _zero pulumi.String\n\t\t\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\t\t\"command\": []string{\n\t\t\t\t\t\t\"echo\",\n\t\t\t\t\t\t\"test\",\n\t\t\t\t\t},\n\t\t\t\t\t\"image\": \"busybox\",\n\t\t\t\t\t\"jobRoleArn\": \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n\t\t\t\t\t\"fargatePlatformConfiguration\": map[string]interface{}{\n\t\t\t\t\t\t\"platformVersion\": \"LATEST\",\n\t\t\t\t\t},\n\t\t\t\t\t\"resourceRequirements\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"type\": \"VCPU\",\n\t\t\t\t\t\t\t\"value\": \"0.25\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"type\": \"MEMORY\",\n\t\t\t\t\t\t\t\"value\": \"512\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"executionRoleArn\": arn,\n\t\t\t\t})\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn _zero, err\n\t\t\t\t}\n\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\treturn pulumi.String(json0), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ecs-tasks.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var ecsTaskExecutionRole = new Role(\"ecsTaskExecutionRole\", RoleArgs.builder() \n .name(\"my_test_batch_exec_role\")\n .assumeRolePolicy(assumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ecsTaskExecutionRolePolicy = new RolePolicyAttachment(\"ecsTaskExecutionRolePolicy\", RolePolicyAttachmentArgs.builder() \n .role(ecsTaskExecutionRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\")\n .build());\n\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\"my_test_batch_job_definition\")\n .type(\"container\")\n .platformCapabilities(\"FARGATE\")\n .containerProperties(ecsTaskExecutionRole.arn().applyValue(arn -\u003e serializeJson(\n jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"echo\", \n \"test\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"jobRoleArn\", \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\"),\n jsonProperty(\"fargatePlatformConfiguration\", jsonObject(\n jsonProperty(\"platformVersion\", \"LATEST\")\n )),\n jsonProperty(\"resourceRequirements\", jsonArray(\n jsonObject(\n jsonProperty(\"type\", \"VCPU\"),\n jsonProperty(\"value\", \"0.25\")\n ), \n jsonObject(\n jsonProperty(\"type\", \"MEMORY\"),\n jsonProperty(\"value\", \"512\")\n )\n )),\n jsonProperty(\"executionRoleArn\", arn)\n ))))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ecsTaskExecutionRole:\n type: aws:iam:Role\n name: ecs_task_execution_role\n properties:\n name: my_test_batch_exec_role\n assumeRolePolicy: ${assumeRolePolicy.json}\n ecsTaskExecutionRolePolicy:\n type: aws:iam:RolePolicyAttachment\n name: ecs_task_execution_role_policy\n properties:\n role: ${ecsTaskExecutionRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\n test:\n type: aws:batch:JobDefinition\n properties:\n name: my_test_batch_job_definition\n type: container\n platformCapabilities:\n - FARGATE\n containerProperties:\n fn::toJSON:\n command:\n - echo\n - test\n image: busybox\n jobRoleArn: arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\n fargatePlatformConfiguration:\n platformVersion: LATEST\n resourceRequirements:\n - type: VCPU\n value: '0.25'\n - type: MEMORY\n value: '512'\n executionRoleArn: ${ecsTaskExecutionRole.arn}\nvariables:\n assumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - ecs-tasks.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Batch Job Definition using the `arn`. For example:\n\n```sh\n$ pulumi import aws:batch/jobDefinition:JobDefinition test arn:aws:batch:us-east-1:123456789012:job-definition/sample\n```\n", + "description": "Provides a Batch Job Definition resource.\n\n## Example Usage\n\n### Job definition of type container\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \"my_test_batch_job_definition\",\n type: \"container\",\n containerProperties: JSON.stringify({\n command: [\n \"ls\",\n \"-la\",\n ],\n image: \"busybox\",\n resourceRequirements: [\n {\n type: \"VCPU\",\n value: \"0.25\",\n },\n {\n type: \"MEMORY\",\n value: \"512\",\n },\n ],\n volumes: [{\n host: {\n sourcePath: \"/tmp\",\n },\n name: \"tmp\",\n }],\n environment: [{\n name: \"VARNAME\",\n value: \"VARVAL\",\n }],\n mountPoints: [{\n sourceVolume: \"tmp\",\n containerPath: \"/tmp\",\n readOnly: false,\n }],\n ulimits: [{\n hardLimit: 1024,\n name: \"nofile\",\n softLimit: 1024,\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest = aws.batch.JobDefinition(\"test\",\n name=\"my_test_batch_job_definition\",\n type=\"container\",\n container_properties=json.dumps({\n \"command\": [\n \"ls\",\n \"-la\",\n ],\n \"image\": \"busybox\",\n \"resourceRequirements\": [\n {\n \"type\": \"VCPU\",\n \"value\": \"0.25\",\n },\n {\n \"type\": \"MEMORY\",\n \"value\": \"512\",\n },\n ],\n \"volumes\": [{\n \"host\": {\n \"sourcePath\": \"/tmp\",\n },\n \"name\": \"tmp\",\n }],\n \"environment\": [{\n \"name\": \"VARNAME\",\n \"value\": \"VARVAL\",\n }],\n \"mountPoints\": [{\n \"sourceVolume\": \"tmp\",\n \"containerPath\": \"/tmp\",\n \"readOnly\": False,\n }],\n \"ulimits\": [{\n \"hardLimit\": 1024,\n \"name\": \"nofile\",\n \"softLimit\": 1024,\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \"my_test_batch_job_definition\",\n Type = \"container\",\n ContainerProperties = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"ls\",\n \"-la\",\n },\n [\"image\"] = \"busybox\",\n [\"resourceRequirements\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"VCPU\",\n [\"value\"] = \"0.25\",\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"MEMORY\",\n [\"value\"] = \"512\",\n },\n },\n [\"volumes\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"host\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"sourcePath\"] = \"/tmp\",\n },\n [\"name\"] = \"tmp\",\n },\n },\n [\"environment\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"name\"] = \"VARNAME\",\n [\"value\"] = \"VARVAL\",\n },\n },\n [\"mountPoints\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"sourceVolume\"] = \"tmp\",\n [\"containerPath\"] = \"/tmp\",\n [\"readOnly\"] = false,\n },\n },\n [\"ulimits\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"hardLimit\"] = 1024,\n [\"name\"] = \"nofile\",\n [\"softLimit\"] = 1024,\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"command\": []string{\n\t\t\t\t\"ls\",\n\t\t\t\t\"-la\",\n\t\t\t},\n\t\t\t\"image\": \"busybox\",\n\t\t\t\"resourceRequirements\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"type\": \"VCPU\",\n\t\t\t\t\t\"value\": \"0.25\",\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"type\": \"MEMORY\",\n\t\t\t\t\t\"value\": \"512\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"volumes\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"host\": map[string]interface{}{\n\t\t\t\t\t\t\"sourcePath\": \"/tmp\",\n\t\t\t\t\t},\n\t\t\t\t\t\"name\": \"tmp\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"environment\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"name\": \"VARNAME\",\n\t\t\t\t\t\"value\": \"VARVAL\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"mountPoints\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"sourceVolume\": \"tmp\",\n\t\t\t\t\t\"containerPath\": \"/tmp\",\n\t\t\t\t\t\"readOnly\": false,\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"ulimits\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"hardLimit\": 1024,\n\t\t\t\t\t\"name\": \"nofile\",\n\t\t\t\t\t\"softLimit\": 1024,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\"my_test_batch_job_definition\"),\n\t\t\tType: pulumi.String(\"container\"),\n\t\t\tContainerProperties: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\"my_test_batch_job_definition\")\n .type(\"container\")\n .containerProperties(serializeJson(\n jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"ls\", \n \"-la\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"resourceRequirements\", jsonArray(\n jsonObject(\n jsonProperty(\"type\", \"VCPU\"),\n jsonProperty(\"value\", \"0.25\")\n ), \n jsonObject(\n jsonProperty(\"type\", \"MEMORY\"),\n jsonProperty(\"value\", \"512\")\n )\n )),\n jsonProperty(\"volumes\", jsonArray(jsonObject(\n jsonProperty(\"host\", jsonObject(\n jsonProperty(\"sourcePath\", \"/tmp\")\n )),\n jsonProperty(\"name\", \"tmp\")\n ))),\n jsonProperty(\"environment\", jsonArray(jsonObject(\n jsonProperty(\"name\", \"VARNAME\"),\n jsonProperty(\"value\", \"VARVAL\")\n ))),\n jsonProperty(\"mountPoints\", jsonArray(jsonObject(\n jsonProperty(\"sourceVolume\", \"tmp\"),\n jsonProperty(\"containerPath\", \"/tmp\"),\n jsonProperty(\"readOnly\", false)\n ))),\n jsonProperty(\"ulimits\", jsonArray(jsonObject(\n jsonProperty(\"hardLimit\", 1024),\n jsonProperty(\"name\", \"nofile\"),\n jsonProperty(\"softLimit\", 1024)\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:batch:JobDefinition\n properties:\n name: my_test_batch_job_definition\n type: container\n containerProperties:\n fn::toJSON:\n command:\n - ls\n - -la\n image: busybox\n resourceRequirements:\n - type: VCPU\n value: '0.25'\n - type: MEMORY\n value: '512'\n volumes:\n - host:\n sourcePath: /tmp\n name: tmp\n environment:\n - name: VARNAME\n value: VARVAL\n mountPoints:\n - sourceVolume: tmp\n containerPath: /tmp\n readOnly: false\n ulimits:\n - hardLimit: 1024\n name: nofile\n softLimit: 1024\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Job definition of type multinode\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \"tf_test_batch_job_definition_multinode\",\n type: \"multinode\",\n nodeProperties: JSON.stringify({\n mainNode: 0,\n nodeRangeProperties: [\n {\n container: {\n command: [\n \"ls\",\n \"-la\",\n ],\n image: \"busybox\",\n memory: 128,\n vcpus: 1,\n },\n targetNodes: \"0:\",\n },\n {\n container: {\n command: [\n \"echo\",\n \"test\",\n ],\n image: \"busybox\",\n memory: 128,\n vcpus: 1,\n },\n targetNodes: \"1:\",\n },\n ],\n numNodes: 2,\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest = aws.batch.JobDefinition(\"test\",\n name=\"tf_test_batch_job_definition_multinode\",\n type=\"multinode\",\n node_properties=json.dumps({\n \"mainNode\": 0,\n \"nodeRangeProperties\": [\n {\n \"container\": {\n \"command\": [\n \"ls\",\n \"-la\",\n ],\n \"image\": \"busybox\",\n \"memory\": 128,\n \"vcpus\": 1,\n },\n \"targetNodes\": \"0:\",\n },\n {\n \"container\": {\n \"command\": [\n \"echo\",\n \"test\",\n ],\n \"image\": \"busybox\",\n \"memory\": 128,\n \"vcpus\": 1,\n },\n \"targetNodes\": \"1:\",\n },\n ],\n \"numNodes\": 2,\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \"tf_test_batch_job_definition_multinode\",\n Type = \"multinode\",\n NodeProperties = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"mainNode\"] = 0,\n [\"nodeRangeProperties\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"container\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"ls\",\n \"-la\",\n },\n [\"image\"] = \"busybox\",\n [\"memory\"] = 128,\n [\"vcpus\"] = 1,\n },\n [\"targetNodes\"] = \"0:\",\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"container\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"echo\",\n \"test\",\n },\n [\"image\"] = \"busybox\",\n [\"memory\"] = 128,\n [\"vcpus\"] = 1,\n },\n [\"targetNodes\"] = \"1:\",\n },\n },\n [\"numNodes\"] = 2,\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"mainNode\": 0,\n\t\t\t\"nodeRangeProperties\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"container\": map[string]interface{}{\n\t\t\t\t\t\t\"command\": []string{\n\t\t\t\t\t\t\t\"ls\",\n\t\t\t\t\t\t\t\"-la\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"image\": \"busybox\",\n\t\t\t\t\t\t\"memory\": 128,\n\t\t\t\t\t\t\"vcpus\": 1,\n\t\t\t\t\t},\n\t\t\t\t\t\"targetNodes\": \"0:\",\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"container\": map[string]interface{}{\n\t\t\t\t\t\t\"command\": []string{\n\t\t\t\t\t\t\t\"echo\",\n\t\t\t\t\t\t\t\"test\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"image\": \"busybox\",\n\t\t\t\t\t\t\"memory\": 128,\n\t\t\t\t\t\t\"vcpus\": 1,\n\t\t\t\t\t},\n\t\t\t\t\t\"targetNodes\": \"1:\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"numNodes\": 2,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\"tf_test_batch_job_definition_multinode\"),\n\t\t\tType: pulumi.String(\"multinode\"),\n\t\t\tNodeProperties: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\"tf_test_batch_job_definition_multinode\")\n .type(\"multinode\")\n .nodeProperties(serializeJson(\n jsonObject(\n jsonProperty(\"mainNode\", 0),\n jsonProperty(\"nodeRangeProperties\", jsonArray(\n jsonObject(\n jsonProperty(\"container\", jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"ls\", \n \"-la\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"memory\", 128),\n jsonProperty(\"vcpus\", 1)\n )),\n jsonProperty(\"targetNodes\", \"0:\")\n ), \n jsonObject(\n jsonProperty(\"container\", jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"echo\", \n \"test\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"memory\", 128),\n jsonProperty(\"vcpus\", 1)\n )),\n jsonProperty(\"targetNodes\", \"1:\")\n )\n )),\n jsonProperty(\"numNodes\", 2)\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:batch:JobDefinition\n properties:\n name: tf_test_batch_job_definition_multinode\n type: multinode\n nodeProperties:\n fn::toJSON:\n mainNode: 0\n nodeRangeProperties:\n - container:\n command:\n - ls\n - -la\n image: busybox\n memory: 128\n vcpus: 1\n targetNodes: '0:'\n - container:\n command:\n - echo\n - test\n image: busybox\n memory: 128\n vcpus: 1\n targetNodes: '1:'\n numNodes: 2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Job Definitionn of type EKS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \" tf_test_batch_job_definition_eks\",\n type: \"container\",\n eksProperties: {\n podProperties: {\n hostNetwork: true,\n containers: {\n image: \"public.ecr.aws/amazonlinux/amazonlinux:1\",\n commands: [\n \"sleep\",\n \"60\",\n ],\n resources: {\n limits: {\n cpu: \"1\",\n memory: \"1024Mi\",\n },\n },\n },\n metadata: {\n labels: {\n environment: \"test\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.batch.JobDefinition(\"test\",\n name=\" tf_test_batch_job_definition_eks\",\n type=\"container\",\n eks_properties=aws.batch.JobDefinitionEksPropertiesArgs(\n pod_properties=aws.batch.JobDefinitionEksPropertiesPodPropertiesArgs(\n host_network=True,\n containers=aws.batch.JobDefinitionEksPropertiesPodPropertiesContainersArgs(\n image=\"public.ecr.aws/amazonlinux/amazonlinux:1\",\n commands=[\n \"sleep\",\n \"60\",\n ],\n resources=aws.batch.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs(\n limits={\n \"cpu\": \"1\",\n \"memory\": \"1024Mi\",\n },\n ),\n ),\n metadata=aws.batch.JobDefinitionEksPropertiesPodPropertiesMetadataArgs(\n labels={\n \"environment\": \"test\",\n },\n ),\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \" tf_test_batch_job_definition_eks\",\n Type = \"container\",\n EksProperties = new Aws.Batch.Inputs.JobDefinitionEksPropertiesArgs\n {\n PodProperties = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesArgs\n {\n HostNetwork = true,\n Containers = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesContainersArgs\n {\n Image = \"public.ecr.aws/amazonlinux/amazonlinux:1\",\n Commands = new[]\n {\n \"sleep\",\n \"60\",\n },\n Resources = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs\n {\n Limits = \n {\n { \"cpu\", \"1\" },\n { \"memory\", \"1024Mi\" },\n },\n },\n },\n Metadata = new Aws.Batch.Inputs.JobDefinitionEksPropertiesPodPropertiesMetadataArgs\n {\n Labels = \n {\n { \"environment\", \"test\" },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\" tf_test_batch_job_definition_eks\"),\n\t\t\tType: pulumi.String(\"container\"),\n\t\t\tEksProperties: \u0026batch.JobDefinitionEksPropertiesArgs{\n\t\t\t\tPodProperties: \u0026batch.JobDefinitionEksPropertiesPodPropertiesArgs{\n\t\t\t\t\tHostNetwork: pulumi.Bool(true),\n\t\t\t\t\tContainers: \u0026batch.JobDefinitionEksPropertiesPodPropertiesContainersArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"public.ecr.aws/amazonlinux/amazonlinux:1\"),\n\t\t\t\t\t\tCommands: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"sleep\"),\n\t\t\t\t\t\t\tpulumi.String(\"60\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tResources: \u0026batch.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs{\n\t\t\t\t\t\t\tLimits: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"cpu\": pulumi.String(\"1\"),\n\t\t\t\t\t\t\t\t\"memory\": pulumi.String(\"1024Mi\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMetadata: \u0026batch.JobDefinitionEksPropertiesPodPropertiesMetadataArgs{\n\t\t\t\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\t\t\t\"environment\": pulumi.String(\"test\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesContainersArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs;\nimport com.pulumi.aws.batch.inputs.JobDefinitionEksPropertiesPodPropertiesMetadataArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\" tf_test_batch_job_definition_eks\")\n .type(\"container\")\n .eksProperties(JobDefinitionEksPropertiesArgs.builder()\n .podProperties(JobDefinitionEksPropertiesPodPropertiesArgs.builder()\n .hostNetwork(true)\n .containers(JobDefinitionEksPropertiesPodPropertiesContainersArgs.builder()\n .image(\"public.ecr.aws/amazonlinux/amazonlinux:1\")\n .commands( \n \"sleep\",\n \"60\")\n .resources(JobDefinitionEksPropertiesPodPropertiesContainersResourcesArgs.builder()\n .limits(Map.ofEntries(\n Map.entry(\"cpu\", \"1\"),\n Map.entry(\"memory\", \"1024Mi\")\n ))\n .build())\n .build())\n .metadata(JobDefinitionEksPropertiesPodPropertiesMetadataArgs.builder()\n .labels(Map.of(\"environment\", \"test\"))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:batch:JobDefinition\n properties:\n name: ' tf_test_batch_job_definition_eks'\n type: container\n eksProperties:\n podProperties:\n hostNetwork: true\n containers:\n image: public.ecr.aws/amazonlinux/amazonlinux:1\n commands:\n - sleep\n - '60'\n resources:\n limits:\n cpu: '1'\n memory: 1024Mi\n metadata:\n labels:\n environment: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Fargate Platform Capability\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ecs-tasks.amazonaws.com\"],\n }],\n }],\n});\nconst ecsTaskExecutionRole = new aws.iam.Role(\"ecs_task_execution_role\", {\n name: \"my_test_batch_exec_role\",\n assumeRolePolicy: assumeRolePolicy.then(assumeRolePolicy =\u003e assumeRolePolicy.json),\n});\nconst ecsTaskExecutionRolePolicy = new aws.iam.RolePolicyAttachment(\"ecs_task_execution_role_policy\", {\n role: ecsTaskExecutionRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\n});\nconst test = new aws.batch.JobDefinition(\"test\", {\n name: \"my_test_batch_job_definition\",\n type: \"container\",\n platformCapabilities: [\"FARGATE\"],\n containerProperties: pulumi.jsonStringify({\n command: [\n \"echo\",\n \"test\",\n ],\n image: \"busybox\",\n jobRoleArn: \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n fargatePlatformConfiguration: {\n platformVersion: \"LATEST\",\n },\n resourceRequirements: [\n {\n type: \"VCPU\",\n value: \"0.25\",\n },\n {\n type: \"MEMORY\",\n value: \"512\",\n },\n ],\n executionRoleArn: ecsTaskExecutionRole.arn,\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nassume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ecs-tasks.amazonaws.com\"],\n )],\n)])\necs_task_execution_role = aws.iam.Role(\"ecs_task_execution_role\",\n name=\"my_test_batch_exec_role\",\n assume_role_policy=assume_role_policy.json)\necs_task_execution_role_policy = aws.iam.RolePolicyAttachment(\"ecs_task_execution_role_policy\",\n role=ecs_task_execution_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\")\ntest = aws.batch.JobDefinition(\"test\",\n name=\"my_test_batch_job_definition\",\n type=\"container\",\n platform_capabilities=[\"FARGATE\"],\n container_properties=pulumi.Output.json_dumps({\n \"command\": [\n \"echo\",\n \"test\",\n ],\n \"image\": \"busybox\",\n \"jobRoleArn\": \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n \"fargatePlatformConfiguration\": {\n \"platformVersion\": \"LATEST\",\n },\n \"resourceRequirements\": [\n {\n \"type\": \"VCPU\",\n \"value\": \"0.25\",\n },\n {\n \"type\": \"MEMORY\",\n \"value\": \"512\",\n },\n ],\n \"executionRoleArn\": ecs_task_execution_role.arn,\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ecs-tasks.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var ecsTaskExecutionRole = new Aws.Iam.Role(\"ecs_task_execution_role\", new()\n {\n Name = \"my_test_batch_exec_role\",\n AssumeRolePolicy = assumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsTaskExecutionRolePolicy = new Aws.Iam.RolePolicyAttachment(\"ecs_task_execution_role_policy\", new()\n {\n Role = ecsTaskExecutionRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\n });\n\n var test = new Aws.Batch.JobDefinition(\"test\", new()\n {\n Name = \"my_test_batch_job_definition\",\n Type = \"container\",\n PlatformCapabilities = new[]\n {\n \"FARGATE\",\n },\n ContainerProperties = Output.JsonSerialize(Output.Create(new Dictionary\u003cstring, object?\u003e\n {\n [\"command\"] = new[]\n {\n \"echo\",\n \"test\",\n },\n [\"image\"] = \"busybox\",\n [\"jobRoleArn\"] = \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n [\"fargatePlatformConfiguration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"platformVersion\"] = \"LATEST\",\n },\n [\"resourceRequirements\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"VCPU\",\n [\"value\"] = \"0.25\",\n },\n new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"MEMORY\",\n [\"value\"] = \"512\",\n },\n },\n [\"executionRoleArn\"] = ecsTaskExecutionRole.Arn,\n })),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ecs-tasks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsTaskExecutionRole, err := iam.NewRole(ctx, \"ecs_task_execution_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"my_test_batch_exec_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ecs_task_execution_role_policy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: ecsTaskExecutionRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = batch.NewJobDefinition(ctx, \"test\", \u0026batch.JobDefinitionArgs{\n\t\t\tName: pulumi.String(\"my_test_batch_job_definition\"),\n\t\t\tType: pulumi.String(\"container\"),\n\t\t\tPlatformCapabilities: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FARGATE\"),\n\t\t\t},\n\t\t\tContainerProperties: ecsTaskExecutionRole.Arn.ApplyT(func(arn string) (pulumi.String, error) {\n\t\t\t\tvar _zero pulumi.String\n\t\t\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\t\t\"command\": []string{\n\t\t\t\t\t\t\"echo\",\n\t\t\t\t\t\t\"test\",\n\t\t\t\t\t},\n\t\t\t\t\t\"image\": \"busybox\",\n\t\t\t\t\t\"jobRoleArn\": \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\",\n\t\t\t\t\t\"fargatePlatformConfiguration\": map[string]interface{}{\n\t\t\t\t\t\t\"platformVersion\": \"LATEST\",\n\t\t\t\t\t},\n\t\t\t\t\t\"resourceRequirements\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"type\": \"VCPU\",\n\t\t\t\t\t\t\t\"value\": \"0.25\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"type\": \"MEMORY\",\n\t\t\t\t\t\t\t\"value\": \"512\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"executionRoleArn\": arn,\n\t\t\t\t})\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn _zero, err\n\t\t\t\t}\n\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\treturn pulumi.String(json0), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.batch.JobDefinition;\nimport com.pulumi.aws.batch.JobDefinitionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ecs-tasks.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var ecsTaskExecutionRole = new Role(\"ecsTaskExecutionRole\", RoleArgs.builder() \n .name(\"my_test_batch_exec_role\")\n .assumeRolePolicy(assumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ecsTaskExecutionRolePolicy = new RolePolicyAttachment(\"ecsTaskExecutionRolePolicy\", RolePolicyAttachmentArgs.builder() \n .role(ecsTaskExecutionRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\")\n .build());\n\n var test = new JobDefinition(\"test\", JobDefinitionArgs.builder() \n .name(\"my_test_batch_job_definition\")\n .type(\"container\")\n .platformCapabilities(\"FARGATE\")\n .containerProperties(ecsTaskExecutionRole.arn().applyValue(arn -\u003e serializeJson(\n jsonObject(\n jsonProperty(\"command\", jsonArray(\n \"echo\", \n \"test\"\n )),\n jsonProperty(\"image\", \"busybox\"),\n jsonProperty(\"jobRoleArn\", \"arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\"),\n jsonProperty(\"fargatePlatformConfiguration\", jsonObject(\n jsonProperty(\"platformVersion\", \"LATEST\")\n )),\n jsonProperty(\"resourceRequirements\", jsonArray(\n jsonObject(\n jsonProperty(\"type\", \"VCPU\"),\n jsonProperty(\"value\", \"0.25\")\n ), \n jsonObject(\n jsonProperty(\"type\", \"MEMORY\"),\n jsonProperty(\"value\", \"512\")\n )\n )),\n jsonProperty(\"executionRoleArn\", arn)\n ))))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ecsTaskExecutionRole:\n type: aws:iam:Role\n name: ecs_task_execution_role\n properties:\n name: my_test_batch_exec_role\n assumeRolePolicy: ${assumeRolePolicy.json}\n ecsTaskExecutionRolePolicy:\n type: aws:iam:RolePolicyAttachment\n name: ecs_task_execution_role_policy\n properties:\n role: ${ecsTaskExecutionRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\n test:\n type: aws:batch:JobDefinition\n properties:\n name: my_test_batch_job_definition\n type: container\n platformCapabilities:\n - FARGATE\n containerProperties:\n fn::toJSON:\n command:\n - echo\n - test\n image: busybox\n jobRoleArn: arn:aws:iam::123456789012:role/AWSBatchS3ReadOnly\n fargatePlatformConfiguration:\n platformVersion: LATEST\n resourceRequirements:\n - type: VCPU\n value: '0.25'\n - type: MEMORY\n value: '512'\n executionRoleArn: ${ecsTaskExecutionRole.arn}\nvariables:\n assumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - ecs-tasks.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Batch Job Definition using the `arn`. For example:\n\n```sh\n$ pulumi import aws:batch/jobDefinition:JobDefinition test arn:aws:batch:us-east-1:123456789012:job-definition/sample\n```\n", "properties": { "arn": { "type": "string", @@ -173567,7 +173567,7 @@ } }, "aws:bedrock/customModel:CustomModel": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.bedrockfoundation.getModel({\n modelId: \"amazon.titan-text-express-v1\",\n});\nconst exampleCustomModel = new aws.bedrock.CustomModel(\"example\", {\n customModelName: \"example-model\",\n jobName: \"example-job-1\",\n baseModelIdentifier: example.then(example =\u003e example.modelArn),\n roleArn: exampleAwsIamRole.arn,\n hyperparameters: {\n epochCount: \"1\",\n batchSize: \"1\",\n learningRate: \"0.005\",\n learningRateWarmupSteps: \"0\",\n },\n outputDataConfig: {\n s3Uri: `s3://${output.id}/data/`,\n },\n trainingDataConfig: {\n s3Uri: `s3://${training.id}/data/train.jsonl`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.bedrockfoundation.get_model(model_id=\"amazon.titan-text-express-v1\")\nexample_custom_model = aws.bedrock.CustomModel(\"example\",\n custom_model_name=\"example-model\",\n job_name=\"example-job-1\",\n base_model_identifier=example.model_arn,\n role_arn=example_aws_iam_role[\"arn\"],\n hyperparameters={\n \"epochCount\": \"1\",\n \"batchSize\": \"1\",\n \"learningRate\": \"0.005\",\n \"learningRateWarmupSteps\": \"0\",\n },\n output_data_config=aws.bedrock.CustomModelOutputDataConfigArgs(\n s3_uri=f\"s3://{output['id']}/data/\",\n ),\n training_data_config=aws.bedrock.CustomModelTrainingDataConfigArgs(\n s3_uri=f\"s3://{training['id']}/data/train.jsonl\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.BedrockFoundation.GetModel.Invoke(new()\n {\n ModelId = \"amazon.titan-text-express-v1\",\n });\n\n var exampleCustomModel = new Aws.Bedrock.CustomModel(\"example\", new()\n {\n CustomModelName = \"example-model\",\n JobName = \"example-job-1\",\n BaseModelIdentifier = example.Apply(getModelResult =\u003e getModelResult.ModelArn),\n RoleArn = exampleAwsIamRole.Arn,\n Hyperparameters = \n {\n { \"epochCount\", \"1\" },\n { \"batchSize\", \"1\" },\n { \"learningRate\", \"0.005\" },\n { \"learningRateWarmupSteps\", \"0\" },\n },\n OutputDataConfig = new Aws.Bedrock.Inputs.CustomModelOutputDataConfigArgs\n {\n S3Uri = $\"s3://{output.Id}/data/\",\n },\n TrainingDataConfig = new Aws.Bedrock.Inputs.CustomModelTrainingDataConfigArgs\n {\n S3Uri = $\"s3://{training.Id}/data/train.jsonl\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/bedrock\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/bedrockfoundation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := bedrockfoundation.GetModel(ctx, \u0026bedrockfoundation.GetModelArgs{\n\t\t\tModelId: \"amazon.titan-text-express-v1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bedrock.NewCustomModel(ctx, \"example\", \u0026bedrock.CustomModelArgs{\n\t\t\tCustomModelName: pulumi.String(\"example-model\"),\n\t\t\tJobName: pulumi.String(\"example-job-1\"),\n\t\t\tBaseModelIdentifier: *pulumi.String(example.ModelArn),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tHyperparameters: pulumi.StringMap{\n\t\t\t\t\"epochCount\": pulumi.String(\"1\"),\n\t\t\t\t\"batchSize\": pulumi.String(\"1\"),\n\t\t\t\t\"learningRate\": pulumi.String(\"0.005\"),\n\t\t\t\t\"learningRateWarmupSteps\": pulumi.String(\"0\"),\n\t\t\t},\n\t\t\tOutputDataConfig: \u0026bedrock.CustomModelOutputDataConfigArgs{\n\t\t\t\tS3Uri: pulumi.String(fmt.Sprintf(\"s3://%v/data/\", output.Id)),\n\t\t\t},\n\t\t\tTrainingDataConfig: \u0026bedrock.CustomModelTrainingDataConfigArgs{\n\t\t\t\tS3Uri: pulumi.String(fmt.Sprintf(\"s3://%v/data/train.jsonl\", training.Id)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.bedrockfoundation.BedrockfoundationFunctions;\nimport com.pulumi.aws.bedrockfoundation.inputs.GetModelArgs;\nimport com.pulumi.aws.bedrock.CustomModel;\nimport com.pulumi.aws.bedrock.CustomModelArgs;\nimport com.pulumi.aws.bedrock.inputs.CustomModelOutputDataConfigArgs;\nimport com.pulumi.aws.bedrock.inputs.CustomModelTrainingDataConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = BedrockfoundationFunctions.getModel(GetModelArgs.builder()\n .modelId(\"amazon.titan-text-express-v1\")\n .build());\n\n var exampleCustomModel = new CustomModel(\"exampleCustomModel\", CustomModelArgs.builder() \n .customModelName(\"example-model\")\n .jobName(\"example-job-1\")\n .baseModelIdentifier(example.applyValue(getModelResult -\u003e getModelResult.modelArn()))\n .roleArn(exampleAwsIamRole.arn())\n .hyperparameters(Map.ofEntries(\n Map.entry(\"epochCount\", \"1\"),\n Map.entry(\"batchSize\", \"1\"),\n Map.entry(\"learningRate\", \"0.005\"),\n Map.entry(\"learningRateWarmupSteps\", \"0\")\n ))\n .outputDataConfig(CustomModelOutputDataConfigArgs.builder()\n .s3Uri(String.format(\"s3://%s/data/\", output.id()))\n .build())\n .trainingDataConfig(CustomModelTrainingDataConfigArgs.builder()\n .s3Uri(String.format(\"s3://%s/data/train.jsonl\", training.id()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCustomModel:\n type: aws:bedrock:CustomModel\n name: example\n properties:\n customModelName: example-model\n jobName: example-job-1\n baseModelIdentifier: ${example.modelArn}\n roleArn: ${exampleAwsIamRole.arn}\n hyperparameters:\n epochCount: '1'\n batchSize: '1'\n learningRate: '0.005'\n learningRateWarmupSteps: '0'\n outputDataConfig:\n s3Uri: s3://${output.id}/data/\n trainingDataConfig:\n s3Uri: s3://${training.id}/data/train.jsonl\nvariables:\n example:\n fn::invoke:\n Function: aws:bedrockfoundation:getModel\n Arguments:\n modelId: amazon.titan-text-express-v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Bedrock custom model using the `job_arn`. For example:\n\n```sh\n$ pulumi import aws:bedrock/customModel:CustomModel example arn:aws:bedrock:us-west-2:123456789012:model-customization-job/amazon.titan-text-express-v1:0:8k/1y5n57gh5y2e\n```\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.bedrockfoundation.getModel({\n modelId: \"amazon.titan-text-express-v1\",\n});\nconst exampleCustomModel = new aws.bedrock.CustomModel(\"example\", {\n customModelName: \"example-model\",\n jobName: \"example-job-1\",\n baseModelIdentifier: example.then(example =\u003e example.modelArn),\n roleArn: exampleAwsIamRole.arn,\n hyperparameters: {\n epochCount: \"1\",\n batchSize: \"1\",\n learningRate: \"0.005\",\n learningRateWarmupSteps: \"0\",\n },\n outputDataConfig: {\n s3Uri: `s3://${output.id}/data/`,\n },\n trainingDataConfig: {\n s3Uri: `s3://${training.id}/data/train.jsonl`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.bedrockfoundation.get_model(model_id=\"amazon.titan-text-express-v1\")\nexample_custom_model = aws.bedrock.CustomModel(\"example\",\n custom_model_name=\"example-model\",\n job_name=\"example-job-1\",\n base_model_identifier=example.model_arn,\n role_arn=example_aws_iam_role[\"arn\"],\n hyperparameters={\n \"epochCount\": \"1\",\n \"batchSize\": \"1\",\n \"learningRate\": \"0.005\",\n \"learningRateWarmupSteps\": \"0\",\n },\n output_data_config=aws.bedrock.CustomModelOutputDataConfigArgs(\n s3_uri=f\"s3://{output['id']}/data/\",\n ),\n training_data_config=aws.bedrock.CustomModelTrainingDataConfigArgs(\n s3_uri=f\"s3://{training['id']}/data/train.jsonl\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.BedrockFoundation.GetModel.Invoke(new()\n {\n ModelId = \"amazon.titan-text-express-v1\",\n });\n\n var exampleCustomModel = new Aws.Bedrock.CustomModel(\"example\", new()\n {\n CustomModelName = \"example-model\",\n JobName = \"example-job-1\",\n BaseModelIdentifier = example.Apply(getModelResult =\u003e getModelResult.ModelArn),\n RoleArn = exampleAwsIamRole.Arn,\n Hyperparameters = \n {\n { \"epochCount\", \"1\" },\n { \"batchSize\", \"1\" },\n { \"learningRate\", \"0.005\" },\n { \"learningRateWarmupSteps\", \"0\" },\n },\n OutputDataConfig = new Aws.Bedrock.Inputs.CustomModelOutputDataConfigArgs\n {\n S3Uri = $\"s3://{output.Id}/data/\",\n },\n TrainingDataConfig = new Aws.Bedrock.Inputs.CustomModelTrainingDataConfigArgs\n {\n S3Uri = $\"s3://{training.Id}/data/train.jsonl\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/bedrock\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/bedrockfoundation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := bedrockfoundation.GetModel(ctx, \u0026bedrockfoundation.GetModelArgs{\n\t\t\tModelId: \"amazon.titan-text-express-v1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bedrock.NewCustomModel(ctx, \"example\", \u0026bedrock.CustomModelArgs{\n\t\t\tCustomModelName: pulumi.String(\"example-model\"),\n\t\t\tJobName: pulumi.String(\"example-job-1\"),\n\t\t\tBaseModelIdentifier: pulumi.String(example.ModelArn),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tHyperparameters: pulumi.StringMap{\n\t\t\t\t\"epochCount\": pulumi.String(\"1\"),\n\t\t\t\t\"batchSize\": pulumi.String(\"1\"),\n\t\t\t\t\"learningRate\": pulumi.String(\"0.005\"),\n\t\t\t\t\"learningRateWarmupSteps\": pulumi.String(\"0\"),\n\t\t\t},\n\t\t\tOutputDataConfig: \u0026bedrock.CustomModelOutputDataConfigArgs{\n\t\t\t\tS3Uri: pulumi.String(fmt.Sprintf(\"s3://%v/data/\", output.Id)),\n\t\t\t},\n\t\t\tTrainingDataConfig: \u0026bedrock.CustomModelTrainingDataConfigArgs{\n\t\t\t\tS3Uri: pulumi.String(fmt.Sprintf(\"s3://%v/data/train.jsonl\", training.Id)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.bedrockfoundation.BedrockfoundationFunctions;\nimport com.pulumi.aws.bedrockfoundation.inputs.GetModelArgs;\nimport com.pulumi.aws.bedrock.CustomModel;\nimport com.pulumi.aws.bedrock.CustomModelArgs;\nimport com.pulumi.aws.bedrock.inputs.CustomModelOutputDataConfigArgs;\nimport com.pulumi.aws.bedrock.inputs.CustomModelTrainingDataConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = BedrockfoundationFunctions.getModel(GetModelArgs.builder()\n .modelId(\"amazon.titan-text-express-v1\")\n .build());\n\n var exampleCustomModel = new CustomModel(\"exampleCustomModel\", CustomModelArgs.builder() \n .customModelName(\"example-model\")\n .jobName(\"example-job-1\")\n .baseModelIdentifier(example.applyValue(getModelResult -\u003e getModelResult.modelArn()))\n .roleArn(exampleAwsIamRole.arn())\n .hyperparameters(Map.ofEntries(\n Map.entry(\"epochCount\", \"1\"),\n Map.entry(\"batchSize\", \"1\"),\n Map.entry(\"learningRate\", \"0.005\"),\n Map.entry(\"learningRateWarmupSteps\", \"0\")\n ))\n .outputDataConfig(CustomModelOutputDataConfigArgs.builder()\n .s3Uri(String.format(\"s3://%s/data/\", output.id()))\n .build())\n .trainingDataConfig(CustomModelTrainingDataConfigArgs.builder()\n .s3Uri(String.format(\"s3://%s/data/train.jsonl\", training.id()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCustomModel:\n type: aws:bedrock:CustomModel\n name: example\n properties:\n customModelName: example-model\n jobName: example-job-1\n baseModelIdentifier: ${example.modelArn}\n roleArn: ${exampleAwsIamRole.arn}\n hyperparameters:\n epochCount: '1'\n batchSize: '1'\n learningRate: '0.005'\n learningRateWarmupSteps: '0'\n outputDataConfig:\n s3Uri: s3://${output.id}/data/\n trainingDataConfig:\n s3Uri: s3://${training.id}/data/train.jsonl\nvariables:\n example:\n fn::invoke:\n Function: aws:bedrockfoundation:getModel\n Arguments:\n modelId: amazon.titan-text-express-v1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Bedrock custom model using the `job_arn`. For example:\n\n```sh\n$ pulumi import aws:bedrock/customModel:CustomModel example arn:aws:bedrock:us-west-2:123456789012:model-customization-job/amazon.titan-text-express-v1:0:8k/1y5n57gh5y2e\n```\n", "properties": { "baseModelIdentifier": { "type": "string", @@ -174231,7 +174231,7 @@ } }, "aws:budgets/budgetAction:BudgetAction": { - "description": "Provides a budget action resource. Budget actions are cost savings controls that run either automatically on your behalf or by using a workflow approval process.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"example\",\n description: \"My example policy\",\n policy: example.then(example =\u003e example.json),\n});\nconst current = aws.getPartition({});\nconst assumeRole = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [`budgets.${current.dnsSuffix}`],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n}));\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleBudget = new aws.budgets.Budget(\"example\", {\n name: \"example\",\n budgetType: \"USAGE\",\n limitAmount: \"10.0\",\n limitUnit: \"dollars\",\n timePeriodStart: \"2006-01-02_15:04\",\n timeUnit: \"MONTHLY\",\n});\nconst exampleBudgetAction = new aws.budgets.BudgetAction(\"example\", {\n budgetName: exampleBudget.name,\n actionType: \"APPLY_IAM_POLICY\",\n approvalModel: \"AUTOMATIC\",\n notificationType: \"ACTUAL\",\n executionRoleArn: exampleRole.arn,\n actionThreshold: {\n actionThresholdType: \"ABSOLUTE_VALUE\",\n actionThresholdValue: 100,\n },\n definition: {\n iamActionDefinition: {\n policyArn: examplePolicy.arn,\n roles: [exampleRole.name],\n },\n },\n subscribers: [{\n address: \"example@example.example\",\n subscriptionType: \"EMAIL\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"example\",\n description=\"My example policy\",\n policy=example.json)\ncurrent = aws.get_partition()\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[f\"budgets.{current.dns_suffix}\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample_budget = aws.budgets.Budget(\"example\",\n name=\"example\",\n budget_type=\"USAGE\",\n limit_amount=\"10.0\",\n limit_unit=\"dollars\",\n time_period_start=\"2006-01-02_15:04\",\n time_unit=\"MONTHLY\")\nexample_budget_action = aws.budgets.BudgetAction(\"example\",\n budget_name=example_budget.name,\n action_type=\"APPLY_IAM_POLICY\",\n approval_model=\"AUTOMATIC\",\n notification_type=\"ACTUAL\",\n execution_role_arn=example_role.arn,\n action_threshold=aws.budgets.BudgetActionActionThresholdArgs(\n action_threshold_type=\"ABSOLUTE_VALUE\",\n action_threshold_value=100,\n ),\n definition=aws.budgets.BudgetActionDefinitionArgs(\n iam_action_definition=aws.budgets.BudgetActionDefinitionIamActionDefinitionArgs(\n policy_arn=example_policy.arn,\n roles=[example_role.name],\n ),\n ),\n subscribers=[aws.budgets.BudgetActionSubscriberArgs(\n address=\"example@example.example\",\n subscription_type=\"EMAIL\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"example\",\n Description = \"My example policy\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var current = Aws.GetPartition.Invoke();\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n $\"budgets.{current.Apply(getPartitionResult =\u003e getPartitionResult.DnsSuffix)}\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleBudget = new Aws.Budgets.Budget(\"example\", new()\n {\n Name = \"example\",\n BudgetType = \"USAGE\",\n LimitAmount = \"10.0\",\n LimitUnit = \"dollars\",\n TimePeriodStart = \"2006-01-02_15:04\",\n TimeUnit = \"MONTHLY\",\n });\n\n var exampleBudgetAction = new Aws.Budgets.BudgetAction(\"example\", new()\n {\n BudgetName = exampleBudget.Name,\n ActionType = \"APPLY_IAM_POLICY\",\n ApprovalModel = \"AUTOMATIC\",\n NotificationType = \"ACTUAL\",\n ExecutionRoleArn = exampleRole.Arn,\n ActionThreshold = new Aws.Budgets.Inputs.BudgetActionActionThresholdArgs\n {\n ActionThresholdType = \"ABSOLUTE_VALUE\",\n ActionThresholdValue = 100,\n },\n Definition = new Aws.Budgets.Inputs.BudgetActionDefinitionArgs\n {\n IamActionDefinition = new Aws.Budgets.Inputs.BudgetActionDefinitionIamActionDefinitionArgs\n {\n PolicyArn = examplePolicy.Arn,\n Roles = new[]\n {\n exampleRole.Name,\n },\n },\n },\n Subscribers = new[]\n {\n new Aws.Budgets.Inputs.BudgetActionSubscriberArgs\n {\n Address = \"example@example.example\",\n SubscriptionType = \"EMAIL\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicy, err := iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tDescription: pulumi.String(\"My example policy\"),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"budgets.%v\", current.DnsSuffix),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBudget, err := budgets.NewBudget(ctx, \"example\", \u0026budgets.BudgetArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tBudgetType: pulumi.String(\"USAGE\"),\n\t\t\tLimitAmount: pulumi.String(\"10.0\"),\n\t\t\tLimitUnit: pulumi.String(\"dollars\"),\n\t\t\tTimePeriodStart: pulumi.String(\"2006-01-02_15:04\"),\n\t\t\tTimeUnit: pulumi.String(\"MONTHLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = budgets.NewBudgetAction(ctx, \"example\", \u0026budgets.BudgetActionArgs{\n\t\t\tBudgetName: exampleBudget.Name,\n\t\t\tActionType: pulumi.String(\"APPLY_IAM_POLICY\"),\n\t\t\tApprovalModel: pulumi.String(\"AUTOMATIC\"),\n\t\t\tNotificationType: pulumi.String(\"ACTUAL\"),\n\t\t\tExecutionRoleArn: exampleRole.Arn,\n\t\t\tActionThreshold: \u0026budgets.BudgetActionActionThresholdArgs{\n\t\t\t\tActionThresholdType: pulumi.String(\"ABSOLUTE_VALUE\"),\n\t\t\t\tActionThresholdValue: pulumi.Float64(100),\n\t\t\t},\n\t\t\tDefinition: \u0026budgets.BudgetActionDefinitionArgs{\n\t\t\t\tIamActionDefinition: \u0026budgets.BudgetActionDefinitionIamActionDefinitionArgs{\n\t\t\t\t\tPolicyArn: examplePolicy.Arn,\n\t\t\t\t\tRoles: pulumi.StringArray{\n\t\t\t\t\t\texampleRole.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSubscribers: budgets.BudgetActionSubscriberArray{\n\t\t\t\t\u0026budgets.BudgetActionSubscriberArgs{\n\t\t\t\t\tAddress: pulumi.String(\"example@example.example\"),\n\t\t\t\t\tSubscriptionType: pulumi.String(\"EMAIL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.budgets.Budget;\nimport com.pulumi.aws.budgets.BudgetArgs;\nimport com.pulumi.aws.budgets.BudgetAction;\nimport com.pulumi.aws.budgets.BudgetActionArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionActionThresholdArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionDefinitionArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionDefinitionIamActionDefinitionArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionSubscriberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example\")\n .description(\"My example policy\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var current = AwsFunctions.getPartition();\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(String.format(\"budgets.%s\", current.applyValue(getPartitionResult -\u003e getPartitionResult.dnsSuffix())))\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleBudget = new Budget(\"exampleBudget\", BudgetArgs.builder() \n .name(\"example\")\n .budgetType(\"USAGE\")\n .limitAmount(\"10.0\")\n .limitUnit(\"dollars\")\n .timePeriodStart(\"2006-01-02_15:04\")\n .timeUnit(\"MONTHLY\")\n .build());\n\n var exampleBudgetAction = new BudgetAction(\"exampleBudgetAction\", BudgetActionArgs.builder() \n .budgetName(exampleBudget.name())\n .actionType(\"APPLY_IAM_POLICY\")\n .approvalModel(\"AUTOMATIC\")\n .notificationType(\"ACTUAL\")\n .executionRoleArn(exampleRole.arn())\n .actionThreshold(BudgetActionActionThresholdArgs.builder()\n .actionThresholdType(\"ABSOLUTE_VALUE\")\n .actionThresholdValue(100)\n .build())\n .definition(BudgetActionDefinitionArgs.builder()\n .iamActionDefinition(BudgetActionDefinitionIamActionDefinitionArgs.builder()\n .policyArn(examplePolicy.arn())\n .roles(exampleRole.name())\n .build())\n .build())\n .subscribers(BudgetActionSubscriberArgs.builder()\n .address(\"example@example.example\")\n .subscriptionType(\"EMAIL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBudgetAction:\n type: aws:budgets:BudgetAction\n name: example\n properties:\n budgetName: ${exampleBudget.name}\n actionType: APPLY_IAM_POLICY\n approvalModel: AUTOMATIC\n notificationType: ACTUAL\n executionRoleArn: ${exampleRole.arn}\n actionThreshold:\n actionThresholdType: ABSOLUTE_VALUE\n actionThresholdValue: 100\n definition:\n iamActionDefinition:\n policyArn: ${examplePolicy.arn}\n roles:\n - ${exampleRole.name}\n subscribers:\n - address: example@example.example\n subscriptionType: EMAIL\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: example\n description: My example policy\n policy: ${example.json}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleBudget:\n type: aws:budgets:Budget\n name: example\n properties:\n name: example\n budgetType: USAGE\n limitAmount: '10.0'\n limitUnit: dollars\n timePeriodStart: 2006-01-02_15:04\n timeUnit: MONTHLY\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n current:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - budgets.${current.dnsSuffix}\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import budget actions using `AccountID:ActionID:BudgetName`. For example:\n\n```sh\n$ pulumi import aws:budgets/budgetAction:BudgetAction myBudget 123456789012:some-id:myBudget\n```\n", + "description": "Provides a budget action resource. Budget actions are cost savings controls that run either automatically on your behalf or by using a workflow approval process.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"example\",\n description: \"My example policy\",\n policy: example.then(example =\u003e example.json),\n});\nconst current = aws.getPartition({});\nconst assumeRole = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [`budgets.${current.dnsSuffix}`],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n}));\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleBudget = new aws.budgets.Budget(\"example\", {\n name: \"example\",\n budgetType: \"USAGE\",\n limitAmount: \"10.0\",\n limitUnit: \"dollars\",\n timePeriodStart: \"2006-01-02_15:04\",\n timeUnit: \"MONTHLY\",\n});\nconst exampleBudgetAction = new aws.budgets.BudgetAction(\"example\", {\n budgetName: exampleBudget.name,\n actionType: \"APPLY_IAM_POLICY\",\n approvalModel: \"AUTOMATIC\",\n notificationType: \"ACTUAL\",\n executionRoleArn: exampleRole.arn,\n actionThreshold: {\n actionThresholdType: \"ABSOLUTE_VALUE\",\n actionThresholdValue: 100,\n },\n definition: {\n iamActionDefinition: {\n policyArn: examplePolicy.arn,\n roles: [exampleRole.name],\n },\n },\n subscribers: [{\n address: \"example@example.example\",\n subscriptionType: \"EMAIL\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"example\",\n description=\"My example policy\",\n policy=example.json)\ncurrent = aws.get_partition()\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[f\"budgets.{current.dns_suffix}\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample_budget = aws.budgets.Budget(\"example\",\n name=\"example\",\n budget_type=\"USAGE\",\n limit_amount=\"10.0\",\n limit_unit=\"dollars\",\n time_period_start=\"2006-01-02_15:04\",\n time_unit=\"MONTHLY\")\nexample_budget_action = aws.budgets.BudgetAction(\"example\",\n budget_name=example_budget.name,\n action_type=\"APPLY_IAM_POLICY\",\n approval_model=\"AUTOMATIC\",\n notification_type=\"ACTUAL\",\n execution_role_arn=example_role.arn,\n action_threshold=aws.budgets.BudgetActionActionThresholdArgs(\n action_threshold_type=\"ABSOLUTE_VALUE\",\n action_threshold_value=100,\n ),\n definition=aws.budgets.BudgetActionDefinitionArgs(\n iam_action_definition=aws.budgets.BudgetActionDefinitionIamActionDefinitionArgs(\n policy_arn=example_policy.arn,\n roles=[example_role.name],\n ),\n ),\n subscribers=[aws.budgets.BudgetActionSubscriberArgs(\n address=\"example@example.example\",\n subscription_type=\"EMAIL\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"example\",\n Description = \"My example policy\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var current = Aws.GetPartition.Invoke();\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n $\"budgets.{current.Apply(getPartitionResult =\u003e getPartitionResult.DnsSuffix)}\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleBudget = new Aws.Budgets.Budget(\"example\", new()\n {\n Name = \"example\",\n BudgetType = \"USAGE\",\n LimitAmount = \"10.0\",\n LimitUnit = \"dollars\",\n TimePeriodStart = \"2006-01-02_15:04\",\n TimeUnit = \"MONTHLY\",\n });\n\n var exampleBudgetAction = new Aws.Budgets.BudgetAction(\"example\", new()\n {\n BudgetName = exampleBudget.Name,\n ActionType = \"APPLY_IAM_POLICY\",\n ApprovalModel = \"AUTOMATIC\",\n NotificationType = \"ACTUAL\",\n ExecutionRoleArn = exampleRole.Arn,\n ActionThreshold = new Aws.Budgets.Inputs.BudgetActionActionThresholdArgs\n {\n ActionThresholdType = \"ABSOLUTE_VALUE\",\n ActionThresholdValue = 100,\n },\n Definition = new Aws.Budgets.Inputs.BudgetActionDefinitionArgs\n {\n IamActionDefinition = new Aws.Budgets.Inputs.BudgetActionDefinitionIamActionDefinitionArgs\n {\n PolicyArn = examplePolicy.Arn,\n Roles = new[]\n {\n exampleRole.Name,\n },\n },\n },\n Subscribers = new[]\n {\n new Aws.Budgets.Inputs.BudgetActionSubscriberArgs\n {\n Address = \"example@example.example\",\n SubscriptionType = \"EMAIL\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicy, err := iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tDescription: pulumi.String(\"My example policy\"),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"budgets.%v\", current.DnsSuffix),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBudget, err := budgets.NewBudget(ctx, \"example\", \u0026budgets.BudgetArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tBudgetType: pulumi.String(\"USAGE\"),\n\t\t\tLimitAmount: pulumi.String(\"10.0\"),\n\t\t\tLimitUnit: pulumi.String(\"dollars\"),\n\t\t\tTimePeriodStart: pulumi.String(\"2006-01-02_15:04\"),\n\t\t\tTimeUnit: pulumi.String(\"MONTHLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = budgets.NewBudgetAction(ctx, \"example\", \u0026budgets.BudgetActionArgs{\n\t\t\tBudgetName: exampleBudget.Name,\n\t\t\tActionType: pulumi.String(\"APPLY_IAM_POLICY\"),\n\t\t\tApprovalModel: pulumi.String(\"AUTOMATIC\"),\n\t\t\tNotificationType: pulumi.String(\"ACTUAL\"),\n\t\t\tExecutionRoleArn: exampleRole.Arn,\n\t\t\tActionThreshold: \u0026budgets.BudgetActionActionThresholdArgs{\n\t\t\t\tActionThresholdType: pulumi.String(\"ABSOLUTE_VALUE\"),\n\t\t\t\tActionThresholdValue: pulumi.Float64(100),\n\t\t\t},\n\t\t\tDefinition: \u0026budgets.BudgetActionDefinitionArgs{\n\t\t\t\tIamActionDefinition: \u0026budgets.BudgetActionDefinitionIamActionDefinitionArgs{\n\t\t\t\t\tPolicyArn: examplePolicy.Arn,\n\t\t\t\t\tRoles: pulumi.StringArray{\n\t\t\t\t\t\texampleRole.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSubscribers: budgets.BudgetActionSubscriberArray{\n\t\t\t\t\u0026budgets.BudgetActionSubscriberArgs{\n\t\t\t\t\tAddress: pulumi.String(\"example@example.example\"),\n\t\t\t\t\tSubscriptionType: pulumi.String(\"EMAIL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.budgets.Budget;\nimport com.pulumi.aws.budgets.BudgetArgs;\nimport com.pulumi.aws.budgets.BudgetAction;\nimport com.pulumi.aws.budgets.BudgetActionArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionActionThresholdArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionDefinitionArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionDefinitionIamActionDefinitionArgs;\nimport com.pulumi.aws.budgets.inputs.BudgetActionSubscriberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example\")\n .description(\"My example policy\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var current = AwsFunctions.getPartition();\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(String.format(\"budgets.%s\", current.applyValue(getPartitionResult -\u003e getPartitionResult.dnsSuffix())))\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleBudget = new Budget(\"exampleBudget\", BudgetArgs.builder() \n .name(\"example\")\n .budgetType(\"USAGE\")\n .limitAmount(\"10.0\")\n .limitUnit(\"dollars\")\n .timePeriodStart(\"2006-01-02_15:04\")\n .timeUnit(\"MONTHLY\")\n .build());\n\n var exampleBudgetAction = new BudgetAction(\"exampleBudgetAction\", BudgetActionArgs.builder() \n .budgetName(exampleBudget.name())\n .actionType(\"APPLY_IAM_POLICY\")\n .approvalModel(\"AUTOMATIC\")\n .notificationType(\"ACTUAL\")\n .executionRoleArn(exampleRole.arn())\n .actionThreshold(BudgetActionActionThresholdArgs.builder()\n .actionThresholdType(\"ABSOLUTE_VALUE\")\n .actionThresholdValue(100)\n .build())\n .definition(BudgetActionDefinitionArgs.builder()\n .iamActionDefinition(BudgetActionDefinitionIamActionDefinitionArgs.builder()\n .policyArn(examplePolicy.arn())\n .roles(exampleRole.name())\n .build())\n .build())\n .subscribers(BudgetActionSubscriberArgs.builder()\n .address(\"example@example.example\")\n .subscriptionType(\"EMAIL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBudgetAction:\n type: aws:budgets:BudgetAction\n name: example\n properties:\n budgetName: ${exampleBudget.name}\n actionType: APPLY_IAM_POLICY\n approvalModel: AUTOMATIC\n notificationType: ACTUAL\n executionRoleArn: ${exampleRole.arn}\n actionThreshold:\n actionThresholdType: ABSOLUTE_VALUE\n actionThresholdValue: 100\n definition:\n iamActionDefinition:\n policyArn: ${examplePolicy.arn}\n roles:\n - ${exampleRole.name}\n subscribers:\n - address: example@example.example\n subscriptionType: EMAIL\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: example\n description: My example policy\n policy: ${example.json}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleBudget:\n type: aws:budgets:Budget\n name: example\n properties:\n name: example\n budgetType: USAGE\n limitAmount: '10.0'\n limitUnit: dollars\n timePeriodStart: 2006-01-02_15:04\n timeUnit: MONTHLY\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n current:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - budgets.${current.dnsSuffix}\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import budget actions using `AccountID:ActionID:BudgetName`. For example:\n\n```sh\n$ pulumi import aws:budgets/budgetAction:BudgetAction myBudget 123456789012:some-id:myBudget\n```\n", "properties": { "accountId": { "type": "string", @@ -174511,7 +174511,7 @@ } }, "aws:cfg/configurationAggregator:ConfigurationAggregator": { - "description": "Manages an AWS Config Configuration Aggregator\n\n## Example Usage\n\n### Account Based Aggregation\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst account = new aws.cfg.ConfigurationAggregator(\"account\", {\n name: \"example\",\n accountAggregationSource: {\n accountIds: [\"123456789012\"],\n regions: [\"us-west-2\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccount = aws.cfg.ConfigurationAggregator(\"account\",\n name=\"example\",\n account_aggregation_source=aws.cfg.ConfigurationAggregatorAccountAggregationSourceArgs(\n account_ids=[\"123456789012\"],\n regions=[\"us-west-2\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = new Aws.Cfg.ConfigurationAggregator(\"account\", new()\n {\n Name = \"example\",\n AccountAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorAccountAggregationSourceArgs\n {\n AccountIds = new[]\n {\n \"123456789012\",\n },\n Regions = new[]\n {\n \"us-west-2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewConfigurationAggregator(ctx, \"account\", \u0026cfg.ConfigurationAggregatorArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccountAggregationSource: \u0026cfg.ConfigurationAggregatorAccountAggregationSourceArgs{\n\t\t\t\tAccountIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"123456789012\"),\n\t\t\t\t},\n\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"us-west-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.ConfigurationAggregator;\nimport com.pulumi.aws.cfg.ConfigurationAggregatorArgs;\nimport com.pulumi.aws.cfg.inputs.ConfigurationAggregatorAccountAggregationSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var account = new ConfigurationAggregator(\"account\", ConfigurationAggregatorArgs.builder() \n .name(\"example\")\n .accountAggregationSource(ConfigurationAggregatorAccountAggregationSourceArgs.builder()\n .accountIds(\"123456789012\")\n .regions(\"us-west-2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: aws:cfg:ConfigurationAggregator\n properties:\n name: example\n accountAggregationSource:\n accountIds:\n - '123456789012'\n regions:\n - us-west-2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Organization Based Aggregation\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst organizationRole = new aws.iam.Role(\"organization\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst organization = new aws.cfg.ConfigurationAggregator(\"organization\", {\n name: \"example\",\n organizationAggregationSource: {\n allRegions: true,\n roleArn: organizationRole.arn,\n },\n});\nconst organizationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"organization\", {\n role: organizationRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\norganization_role = aws.iam.Role(\"organization\",\n name=\"example\",\n assume_role_policy=assume_role.json)\norganization = aws.cfg.ConfigurationAggregator(\"organization\",\n name=\"example\",\n organization_aggregation_source=aws.cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs(\n all_regions=True,\n role_arn=organization_role.arn,\n ))\norganization_role_policy_attachment = aws.iam.RolePolicyAttachment(\"organization\",\n role=organization_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var organizationRole = new Aws.Iam.Role(\"organization\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var organization = new Aws.Cfg.ConfigurationAggregator(\"organization\", new()\n {\n Name = \"example\",\n OrganizationAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs\n {\n AllRegions = true,\n RoleArn = organizationRole.Arn,\n },\n });\n\n var organizationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"organization\", new()\n {\n Role = organizationRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\torganizationRole, err := iam.NewRole(ctx, \"organization\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewConfigurationAggregator(ctx, \"organization\", \u0026cfg.ConfigurationAggregatorArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tOrganizationAggregationSource: \u0026cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs{\n\t\t\t\tAllRegions: pulumi.Bool(true),\n\t\t\t\tRoleArn: organizationRole.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"organization\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: organizationRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.ConfigurationAggregator;\nimport com.pulumi.aws.cfg.ConfigurationAggregatorArgs;\nimport com.pulumi.aws.cfg.inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var organizationRole = new Role(\"organizationRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var organization = new ConfigurationAggregator(\"organization\", ConfigurationAggregatorArgs.builder() \n .name(\"example\")\n .organizationAggregationSource(ConfigurationAggregatorOrganizationAggregationSourceArgs.builder()\n .allRegions(true)\n .roleArn(organizationRole.arn())\n .build())\n .build());\n\n var organizationRolePolicyAttachment = new RolePolicyAttachment(\"organizationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(organizationRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: aws:cfg:ConfigurationAggregator\n properties:\n name: example\n organizationAggregationSource:\n allRegions: true\n roleArn: ${organizationRole.arn}\n organizationRole:\n type: aws:iam:Role\n name: organization\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n organizationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: organization\n properties:\n role: ${organizationRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Configuration Aggregators using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/configurationAggregator:ConfigurationAggregator example foo\n```\n", + "description": "Manages an AWS Config Configuration Aggregator\n\n## Example Usage\n\n### Account Based Aggregation\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst account = new aws.cfg.ConfigurationAggregator(\"account\", {\n name: \"example\",\n accountAggregationSource: {\n accountIds: [\"123456789012\"],\n regions: [\"us-west-2\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccount = aws.cfg.ConfigurationAggregator(\"account\",\n name=\"example\",\n account_aggregation_source=aws.cfg.ConfigurationAggregatorAccountAggregationSourceArgs(\n account_ids=[\"123456789012\"],\n regions=[\"us-west-2\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var account = new Aws.Cfg.ConfigurationAggregator(\"account\", new()\n {\n Name = \"example\",\n AccountAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorAccountAggregationSourceArgs\n {\n AccountIds = new[]\n {\n \"123456789012\",\n },\n Regions = new[]\n {\n \"us-west-2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewConfigurationAggregator(ctx, \"account\", \u0026cfg.ConfigurationAggregatorArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAccountAggregationSource: \u0026cfg.ConfigurationAggregatorAccountAggregationSourceArgs{\n\t\t\t\tAccountIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"123456789012\"),\n\t\t\t\t},\n\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"us-west-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.ConfigurationAggregator;\nimport com.pulumi.aws.cfg.ConfigurationAggregatorArgs;\nimport com.pulumi.aws.cfg.inputs.ConfigurationAggregatorAccountAggregationSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var account = new ConfigurationAggregator(\"account\", ConfigurationAggregatorArgs.builder() \n .name(\"example\")\n .accountAggregationSource(ConfigurationAggregatorAccountAggregationSourceArgs.builder()\n .accountIds(\"123456789012\")\n .regions(\"us-west-2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n account:\n type: aws:cfg:ConfigurationAggregator\n properties:\n name: example\n accountAggregationSource:\n accountIds:\n - '123456789012'\n regions:\n - us-west-2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Organization Based Aggregation\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst organizationRole = new aws.iam.Role(\"organization\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst organization = new aws.cfg.ConfigurationAggregator(\"organization\", {\n name: \"example\",\n organizationAggregationSource: {\n allRegions: true,\n roleArn: organizationRole.arn,\n },\n});\nconst organizationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"organization\", {\n role: organizationRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\norganization_role = aws.iam.Role(\"organization\",\n name=\"example\",\n assume_role_policy=assume_role.json)\norganization = aws.cfg.ConfigurationAggregator(\"organization\",\n name=\"example\",\n organization_aggregation_source=aws.cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs(\n all_regions=True,\n role_arn=organization_role.arn,\n ))\norganization_role_policy_attachment = aws.iam.RolePolicyAttachment(\"organization\",\n role=organization_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var organizationRole = new Aws.Iam.Role(\"organization\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var organization = new Aws.Cfg.ConfigurationAggregator(\"organization\", new()\n {\n Name = \"example\",\n OrganizationAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs\n {\n AllRegions = true,\n RoleArn = organizationRole.Arn,\n },\n });\n\n var organizationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"organization\", new()\n {\n Role = organizationRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\torganizationRole, err := iam.NewRole(ctx, \"organization\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewConfigurationAggregator(ctx, \"organization\", \u0026cfg.ConfigurationAggregatorArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tOrganizationAggregationSource: \u0026cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs{\n\t\t\t\tAllRegions: pulumi.Bool(true),\n\t\t\t\tRoleArn: organizationRole.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"organization\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: organizationRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.ConfigurationAggregator;\nimport com.pulumi.aws.cfg.ConfigurationAggregatorArgs;\nimport com.pulumi.aws.cfg.inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var organizationRole = new Role(\"organizationRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var organization = new ConfigurationAggregator(\"organization\", ConfigurationAggregatorArgs.builder() \n .name(\"example\")\n .organizationAggregationSource(ConfigurationAggregatorOrganizationAggregationSourceArgs.builder()\n .allRegions(true)\n .roleArn(organizationRole.arn())\n .build())\n .build());\n\n var organizationRolePolicyAttachment = new RolePolicyAttachment(\"organizationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(organizationRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: aws:cfg:ConfigurationAggregator\n properties:\n name: example\n organizationAggregationSource:\n allRegions: true\n roleArn: ${organizationRole.arn}\n organizationRole:\n type: aws:iam:Role\n name: organization\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n organizationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: organization\n properties:\n role: ${organizationRole.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Configuration Aggregators using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/configurationAggregator:ConfigurationAggregator example foo\n```\n", "properties": { "accountAggregationSource": { "$ref": "#/types/aws:cfg/ConfigurationAggregatorAccountAggregationSource:ConfigurationAggregatorAccountAggregationSource", @@ -174720,7 +174720,7 @@ } }, "aws:cfg/deliveryChannel:DeliveryChannel": { - "description": "Provides an AWS Config Delivery Channel.\n\n\u003e **Note:** Delivery Channel requires a Configuration Recorder to be present. Use of `depends_on` (as shown below) is recommended to avoid race conditions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.BucketV2(\"b\", {\n bucket: \"example-awsconfig\",\n forceDestroy: true,\n});\nconst foo = new aws.cfg.DeliveryChannel(\"foo\", {\n name: \"example\",\n s3BucketName: b.bucket,\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst r = new aws.iam.Role(\"r\", {\n name: \"awsconfig-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst fooRecorder = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n});\nconst p = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n b.arn,\n pulumi.interpolate`${b.arn}/*`,\n ],\n }],\n});\nconst pRolePolicy = new aws.iam.RolePolicy(\"p\", {\n name: \"awsconfig-example\",\n role: r.id,\n policy: p.apply(p =\u003e p.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.BucketV2(\"b\",\n bucket=\"example-awsconfig\",\n force_destroy=True)\nfoo = aws.cfg.DeliveryChannel(\"foo\",\n name=\"example\",\n s3_bucket_name=b.bucket)\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr = aws.iam.Role(\"r\",\n name=\"awsconfig-example\",\n assume_role_policy=assume_role.json)\nfoo_recorder = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r.arn)\np = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n b.arn,\n b.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n)])\np_role_policy = aws.iam.RolePolicy(\"p\",\n name=\"awsconfig-example\",\n role=r.id,\n policy=p.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.BucketV2(\"b\", new()\n {\n Bucket = \"example-awsconfig\",\n ForceDestroy = true,\n });\n\n var foo = new Aws.Cfg.DeliveryChannel(\"foo\", new()\n {\n Name = \"example\",\n S3BucketName = b.Bucket,\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var r = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"awsconfig-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fooRecorder = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n });\n\n var p = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n b.Arn,\n $\"{b.Arn}/*\",\n },\n },\n },\n });\n\n var pRolePolicy = new Aws.Iam.RolePolicy(\"p\", new()\n {\n Name = \"awsconfig-example\",\n Role = r.Id,\n Policy = p.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tb, err := s3.NewBucketV2(ctx, \"b\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-awsconfig\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewDeliveryChannel(ctx, \"foo\", \u0026cfg.DeliveryChannelArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tS3BucketName: b.Bucket,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tr, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: r.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tb.Arn,\n\t\t\t\t\t\tb.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"p\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tRole: r.ID(),\n\t\t\tPolicy: p.ApplyT(func(p iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026p.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.cfg.DeliveryChannel;\nimport com.pulumi.aws.cfg.DeliveryChannelArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new BucketV2(\"b\", BucketV2Args.builder() \n .bucket(\"example-awsconfig\")\n .forceDestroy(true)\n .build());\n\n var foo = new DeliveryChannel(\"foo\", DeliveryChannelArgs.builder() \n .name(\"example\")\n .s3BucketName(b.bucket())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var r = new Role(\"r\", RoleArgs.builder() \n .name(\"awsconfig-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fooRecorder = new Recorder(\"fooRecorder\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .build());\n\n final var p = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n b.arn(),\n b.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var pRolePolicy = new RolePolicy(\"pRolePolicy\", RolePolicyArgs.builder() \n .name(\"awsconfig-example\")\n .role(r.id())\n .policy(p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(p -\u003e p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:DeliveryChannel\n properties:\n name: example\n s3BucketName: ${b.bucket}\n b:\n type: aws:s3:BucketV2\n properties:\n bucket: example-awsconfig\n forceDestroy: true\n fooRecorder:\n type: aws:cfg:Recorder\n name: foo\n properties:\n name: example\n roleArn: ${r.arn}\n r:\n type: aws:iam:Role\n properties:\n name: awsconfig-example\n assumeRolePolicy: ${assumeRole.json}\n pRolePolicy:\n type: aws:iam:RolePolicy\n name: p\n properties:\n name: awsconfig-example\n role: ${r.id}\n policy: ${p.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n p:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${b.arn}\n - ${b.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Delivery Channel using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/deliveryChannel:DeliveryChannel foo example\n```\n", + "description": "Provides an AWS Config Delivery Channel.\n\n\u003e **Note:** Delivery Channel requires a Configuration Recorder to be present. Use of `depends_on` (as shown below) is recommended to avoid race conditions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.BucketV2(\"b\", {\n bucket: \"example-awsconfig\",\n forceDestroy: true,\n});\nconst foo = new aws.cfg.DeliveryChannel(\"foo\", {\n name: \"example\",\n s3BucketName: b.bucket,\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst r = new aws.iam.Role(\"r\", {\n name: \"awsconfig-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst fooRecorder = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n});\nconst p = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n b.arn,\n pulumi.interpolate`${b.arn}/*`,\n ],\n }],\n});\nconst pRolePolicy = new aws.iam.RolePolicy(\"p\", {\n name: \"awsconfig-example\",\n role: r.id,\n policy: p.apply(p =\u003e p.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.BucketV2(\"b\",\n bucket=\"example-awsconfig\",\n force_destroy=True)\nfoo = aws.cfg.DeliveryChannel(\"foo\",\n name=\"example\",\n s3_bucket_name=b.bucket)\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr = aws.iam.Role(\"r\",\n name=\"awsconfig-example\",\n assume_role_policy=assume_role.json)\nfoo_recorder = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r.arn)\np = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n b.arn,\n b.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n)])\np_role_policy = aws.iam.RolePolicy(\"p\",\n name=\"awsconfig-example\",\n role=r.id,\n policy=p.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.BucketV2(\"b\", new()\n {\n Bucket = \"example-awsconfig\",\n ForceDestroy = true,\n });\n\n var foo = new Aws.Cfg.DeliveryChannel(\"foo\", new()\n {\n Name = \"example\",\n S3BucketName = b.Bucket,\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var r = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"awsconfig-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fooRecorder = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n });\n\n var p = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n b.Arn,\n $\"{b.Arn}/*\",\n },\n },\n },\n });\n\n var pRolePolicy = new Aws.Iam.RolePolicy(\"p\", new()\n {\n Name = \"awsconfig-example\",\n Role = r.Id,\n Policy = p.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tb, err := s3.NewBucketV2(ctx, \"b\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-awsconfig\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewDeliveryChannel(ctx, \"foo\", \u0026cfg.DeliveryChannelArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tS3BucketName: b.Bucket,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tr, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: r.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tb.Arn,\n\t\t\t\t\t\tb.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"p\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tRole: r.ID(),\n\t\t\tPolicy: p.ApplyT(func(p iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026p.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.cfg.DeliveryChannel;\nimport com.pulumi.aws.cfg.DeliveryChannelArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new BucketV2(\"b\", BucketV2Args.builder() \n .bucket(\"example-awsconfig\")\n .forceDestroy(true)\n .build());\n\n var foo = new DeliveryChannel(\"foo\", DeliveryChannelArgs.builder() \n .name(\"example\")\n .s3BucketName(b.bucket())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var r = new Role(\"r\", RoleArgs.builder() \n .name(\"awsconfig-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fooRecorder = new Recorder(\"fooRecorder\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .build());\n\n final var p = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n b.arn(),\n b.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var pRolePolicy = new RolePolicy(\"pRolePolicy\", RolePolicyArgs.builder() \n .name(\"awsconfig-example\")\n .role(r.id())\n .policy(p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(p -\u003e p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:DeliveryChannel\n properties:\n name: example\n s3BucketName: ${b.bucket}\n b:\n type: aws:s3:BucketV2\n properties:\n bucket: example-awsconfig\n forceDestroy: true\n fooRecorder:\n type: aws:cfg:Recorder\n name: foo\n properties:\n name: example\n roleArn: ${r.arn}\n r:\n type: aws:iam:Role\n properties:\n name: awsconfig-example\n assumeRolePolicy: ${assumeRole.json}\n pRolePolicy:\n type: aws:iam:RolePolicy\n name: p\n properties:\n name: awsconfig-example\n role: ${r.id}\n policy: ${p.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n p:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${b.arn}\n - ${b.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Delivery Channel using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/deliveryChannel:DeliveryChannel foo example\n```\n", "properties": { "name": { "type": "string", @@ -175531,7 +175531,7 @@ } }, "aws:cfg/recorder:Recorder": { - "description": "Provides an AWS Config Configuration Recorder. Please note that this resource **does not start** the created recorder automatically.\n\n\u003e **Note:** _Starting_ the Configuration Recorder requires a delivery channel (while delivery channel creation requires Configuration Recorder). This is why `aws.cfg.RecorderStatus` is a separate resource.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst r = new aws.iam.Role(\"r\", {\n name: \"awsconfig-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr = aws.iam.Role(\"r\",\n name=\"awsconfig-example\",\n assume_role_policy=assume_role.json)\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var r = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"awsconfig-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tr, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: r.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var r = new Role(\"r\", RoleArgs.builder() \n .name(\"awsconfig-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${r.arn}\n r:\n type: aws:iam:Role\n properties:\n name: awsconfig-example\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Exclude Resources Types Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n recordingGroup: {\n allSupported: false,\n exclusionByResourceTypes: [{\n resourceTypes: [\"AWS::EC2::Instance\"],\n }],\n recordingStrategies: [{\n useOnly: \"EXCLUSION_BY_RESOURCE_TYPES\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r[\"arn\"],\n recording_group=aws.cfg.RecorderRecordingGroupArgs(\n all_supported=False,\n exclusion_by_resource_types=[aws.cfg.RecorderRecordingGroupExclusionByResourceTypeArgs(\n resource_types=[\"AWS::EC2::Instance\"],\n )],\n recording_strategies=[aws.cfg.RecorderRecordingGroupRecordingStrategyArgs(\n use_only=\"EXCLUSION_BY_RESOURCE_TYPES\",\n )],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n RecordingGroup = new Aws.Cfg.Inputs.RecorderRecordingGroupArgs\n {\n AllSupported = false,\n ExclusionByResourceTypes = new[]\n {\n new Aws.Cfg.Inputs.RecorderRecordingGroupExclusionByResourceTypeArgs\n {\n ResourceTypes = new[]\n {\n \"AWS::EC2::Instance\",\n },\n },\n },\n RecordingStrategies = new[]\n {\n new Aws.Cfg.Inputs.RecorderRecordingGroupRecordingStrategyArgs\n {\n UseOnly = \"EXCLUSION_BY_RESOURCE_TYPES\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(r.Arn),\n\t\t\tRecordingGroup: \u0026cfg.RecorderRecordingGroupArgs{\n\t\t\t\tAllSupported: pulumi.Bool(false),\n\t\t\t\tExclusionByResourceTypes: cfg.RecorderRecordingGroupExclusionByResourceTypeArray{\n\t\t\t\t\t\u0026cfg.RecorderRecordingGroupExclusionByResourceTypeArgs{\n\t\t\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"AWS::EC2::Instance\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tRecordingStrategies: cfg.RecorderRecordingGroupRecordingStrategyArray{\n\t\t\t\t\t\u0026cfg.RecorderRecordingGroupRecordingStrategyArgs{\n\t\t\t\t\t\tUseOnly: pulumi.String(\"EXCLUSION_BY_RESOURCE_TYPES\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .recordingGroup(RecorderRecordingGroupArgs.builder()\n .allSupported(false)\n .exclusionByResourceTypes(RecorderRecordingGroupExclusionByResourceTypeArgs.builder()\n .resourceTypes(\"AWS::EC2::Instance\")\n .build())\n .recordingStrategies(RecorderRecordingGroupRecordingStrategyArgs.builder()\n .useOnly(\"EXCLUSION_BY_RESOURCE_TYPES\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${r.arn}\n recordingGroup:\n allSupported: false\n exclusionByResourceTypes:\n - resourceTypes:\n - AWS::EC2::Instance\n recordingStrategies:\n - useOnly: EXCLUSION_BY_RESOURCE_TYPES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Periodic Recording\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n recordingGroup: {\n allSupported: false,\n includeGlobalResourceTypes: false,\n resourceTypes: [\n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\",\n ],\n },\n recordingMode: {\n recordingFrequency: \"CONTINUOUS\",\n recordingModeOverride: {\n description: \"Only record EC2 network interfaces daily\",\n resourceTypes: [\"AWS::EC2::NetworkInterface\"],\n recordingFrequency: \"DAILY\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r[\"arn\"],\n recording_group=aws.cfg.RecorderRecordingGroupArgs(\n all_supported=False,\n include_global_resource_types=False,\n resource_types=[\n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\",\n ],\n ),\n recording_mode=aws.cfg.RecorderRecordingModeArgs(\n recording_frequency=\"CONTINUOUS\",\n recording_mode_override=aws.cfg.RecorderRecordingModeRecordingModeOverrideArgs(\n description=\"Only record EC2 network interfaces daily\",\n resource_types=[\"AWS::EC2::NetworkInterface\"],\n recording_frequency=\"DAILY\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n RecordingGroup = new Aws.Cfg.Inputs.RecorderRecordingGroupArgs\n {\n AllSupported = false,\n IncludeGlobalResourceTypes = false,\n ResourceTypes = new[]\n {\n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\",\n },\n },\n RecordingMode = new Aws.Cfg.Inputs.RecorderRecordingModeArgs\n {\n RecordingFrequency = \"CONTINUOUS\",\n RecordingModeOverride = new Aws.Cfg.Inputs.RecorderRecordingModeRecordingModeOverrideArgs\n {\n Description = \"Only record EC2 network interfaces daily\",\n ResourceTypes = new[]\n {\n \"AWS::EC2::NetworkInterface\",\n },\n RecordingFrequency = \"DAILY\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(r.Arn),\n\t\t\tRecordingGroup: \u0026cfg.RecorderRecordingGroupArgs{\n\t\t\t\tAllSupported: pulumi.Bool(false),\n\t\t\t\tIncludeGlobalResourceTypes: pulumi.Bool(false),\n\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"AWS::EC2::Instance\"),\n\t\t\t\t\tpulumi.String(\"AWS::EC2::NetworkInterface\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRecordingMode: \u0026cfg.RecorderRecordingModeArgs{\n\t\t\t\tRecordingFrequency: pulumi.String(\"CONTINUOUS\"),\n\t\t\t\tRecordingModeOverride: \u0026cfg.RecorderRecordingModeRecordingModeOverrideArgs{\n\t\t\t\t\tDescription: pulumi.String(\"Only record EC2 network interfaces daily\"),\n\t\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"AWS::EC2::NetworkInterface\"),\n\t\t\t\t\t},\n\t\t\t\t\tRecordingFrequency: pulumi.String(\"DAILY\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingGroupArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingModeArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingModeRecordingModeOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .recordingGroup(RecorderRecordingGroupArgs.builder()\n .allSupported(false)\n .includeGlobalResourceTypes(false)\n .resourceTypes( \n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\")\n .build())\n .recordingMode(RecorderRecordingModeArgs.builder()\n .recordingFrequency(\"CONTINUOUS\")\n .recordingModeOverride(RecorderRecordingModeRecordingModeOverrideArgs.builder()\n .description(\"Only record EC2 network interfaces daily\")\n .resourceTypes(\"AWS::EC2::NetworkInterface\")\n .recordingFrequency(\"DAILY\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${r.arn}\n recordingGroup:\n allSupported: false\n includeGlobalResourceTypes: false\n resourceTypes:\n - AWS::EC2::Instance\n - AWS::EC2::NetworkInterface\n recordingMode:\n recordingFrequency: CONTINUOUS\n recordingModeOverride:\n description: Only record EC2 network interfaces daily\n resourceTypes:\n - AWS::EC2::NetworkInterface\n recordingFrequency: DAILY\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Configuration Recorder using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/recorder:Recorder foo example\n```\n", + "description": "Provides an AWS Config Configuration Recorder. Please note that this resource **does not start** the created recorder automatically.\n\n\u003e **Note:** _Starting_ the Configuration Recorder requires a delivery channel (while delivery channel creation requires Configuration Recorder). This is why `aws.cfg.RecorderStatus` is a separate resource.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst r = new aws.iam.Role(\"r\", {\n name: \"awsconfig-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr = aws.iam.Role(\"r\",\n name=\"awsconfig-example\",\n assume_role_policy=assume_role.json)\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var r = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"awsconfig-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tr, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: r.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var r = new Role(\"r\", RoleArgs.builder() \n .name(\"awsconfig-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${r.arn}\n r:\n type: aws:iam:Role\n properties:\n name: awsconfig-example\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Exclude Resources Types Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n recordingGroup: {\n allSupported: false,\n exclusionByResourceTypes: [{\n resourceTypes: [\"AWS::EC2::Instance\"],\n }],\n recordingStrategies: [{\n useOnly: \"EXCLUSION_BY_RESOURCE_TYPES\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r[\"arn\"],\n recording_group=aws.cfg.RecorderRecordingGroupArgs(\n all_supported=False,\n exclusion_by_resource_types=[aws.cfg.RecorderRecordingGroupExclusionByResourceTypeArgs(\n resource_types=[\"AWS::EC2::Instance\"],\n )],\n recording_strategies=[aws.cfg.RecorderRecordingGroupRecordingStrategyArgs(\n use_only=\"EXCLUSION_BY_RESOURCE_TYPES\",\n )],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n RecordingGroup = new Aws.Cfg.Inputs.RecorderRecordingGroupArgs\n {\n AllSupported = false,\n ExclusionByResourceTypes = new[]\n {\n new Aws.Cfg.Inputs.RecorderRecordingGroupExclusionByResourceTypeArgs\n {\n ResourceTypes = new[]\n {\n \"AWS::EC2::Instance\",\n },\n },\n },\n RecordingStrategies = new[]\n {\n new Aws.Cfg.Inputs.RecorderRecordingGroupRecordingStrategyArgs\n {\n UseOnly = \"EXCLUSION_BY_RESOURCE_TYPES\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(r.Arn),\n\t\t\tRecordingGroup: \u0026cfg.RecorderRecordingGroupArgs{\n\t\t\t\tAllSupported: pulumi.Bool(false),\n\t\t\t\tExclusionByResourceTypes: cfg.RecorderRecordingGroupExclusionByResourceTypeArray{\n\t\t\t\t\t\u0026cfg.RecorderRecordingGroupExclusionByResourceTypeArgs{\n\t\t\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"AWS::EC2::Instance\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tRecordingStrategies: cfg.RecorderRecordingGroupRecordingStrategyArray{\n\t\t\t\t\t\u0026cfg.RecorderRecordingGroupRecordingStrategyArgs{\n\t\t\t\t\t\tUseOnly: pulumi.String(\"EXCLUSION_BY_RESOURCE_TYPES\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .recordingGroup(RecorderRecordingGroupArgs.builder()\n .allSupported(false)\n .exclusionByResourceTypes(RecorderRecordingGroupExclusionByResourceTypeArgs.builder()\n .resourceTypes(\"AWS::EC2::Instance\")\n .build())\n .recordingStrategies(RecorderRecordingGroupRecordingStrategyArgs.builder()\n .useOnly(\"EXCLUSION_BY_RESOURCE_TYPES\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${r.arn}\n recordingGroup:\n allSupported: false\n exclusionByResourceTypes:\n - resourceTypes:\n - AWS::EC2::Instance\n recordingStrategies:\n - useOnly: EXCLUSION_BY_RESOURCE_TYPES\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Periodic Recording\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n recordingGroup: {\n allSupported: false,\n includeGlobalResourceTypes: false,\n resourceTypes: [\n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\",\n ],\n },\n recordingMode: {\n recordingFrequency: \"CONTINUOUS\",\n recordingModeOverride: {\n description: \"Only record EC2 network interfaces daily\",\n resourceTypes: [\"AWS::EC2::NetworkInterface\"],\n recordingFrequency: \"DAILY\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r[\"arn\"],\n recording_group=aws.cfg.RecorderRecordingGroupArgs(\n all_supported=False,\n include_global_resource_types=False,\n resource_types=[\n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\",\n ],\n ),\n recording_mode=aws.cfg.RecorderRecordingModeArgs(\n recording_frequency=\"CONTINUOUS\",\n recording_mode_override=aws.cfg.RecorderRecordingModeRecordingModeOverrideArgs(\n description=\"Only record EC2 network interfaces daily\",\n resource_types=[\"AWS::EC2::NetworkInterface\"],\n recording_frequency=\"DAILY\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n RecordingGroup = new Aws.Cfg.Inputs.RecorderRecordingGroupArgs\n {\n AllSupported = false,\n IncludeGlobalResourceTypes = false,\n ResourceTypes = new[]\n {\n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\",\n },\n },\n RecordingMode = new Aws.Cfg.Inputs.RecorderRecordingModeArgs\n {\n RecordingFrequency = \"CONTINUOUS\",\n RecordingModeOverride = new Aws.Cfg.Inputs.RecorderRecordingModeRecordingModeOverrideArgs\n {\n Description = \"Only record EC2 network interfaces daily\",\n ResourceTypes = new[]\n {\n \"AWS::EC2::NetworkInterface\",\n },\n RecordingFrequency = \"DAILY\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(r.Arn),\n\t\t\tRecordingGroup: \u0026cfg.RecorderRecordingGroupArgs{\n\t\t\t\tAllSupported: pulumi.Bool(false),\n\t\t\t\tIncludeGlobalResourceTypes: pulumi.Bool(false),\n\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"AWS::EC2::Instance\"),\n\t\t\t\t\tpulumi.String(\"AWS::EC2::NetworkInterface\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRecordingMode: \u0026cfg.RecorderRecordingModeArgs{\n\t\t\t\tRecordingFrequency: pulumi.String(\"CONTINUOUS\"),\n\t\t\t\tRecordingModeOverride: \u0026cfg.RecorderRecordingModeRecordingModeOverrideArgs{\n\t\t\t\t\tDescription: pulumi.String(\"Only record EC2 network interfaces daily\"),\n\t\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"AWS::EC2::NetworkInterface\"),\n\t\t\t\t\t},\n\t\t\t\t\tRecordingFrequency: pulumi.String(\"DAILY\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingGroupArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingModeArgs;\nimport com.pulumi.aws.cfg.inputs.RecorderRecordingModeRecordingModeOverrideArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .recordingGroup(RecorderRecordingGroupArgs.builder()\n .allSupported(false)\n .includeGlobalResourceTypes(false)\n .resourceTypes( \n \"AWS::EC2::Instance\",\n \"AWS::EC2::NetworkInterface\")\n .build())\n .recordingMode(RecorderRecordingModeArgs.builder()\n .recordingFrequency(\"CONTINUOUS\")\n .recordingModeOverride(RecorderRecordingModeRecordingModeOverrideArgs.builder()\n .description(\"Only record EC2 network interfaces daily\")\n .resourceTypes(\"AWS::EC2::NetworkInterface\")\n .recordingFrequency(\"DAILY\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${r.arn}\n recordingGroup:\n allSupported: false\n includeGlobalResourceTypes: false\n resourceTypes:\n - AWS::EC2::Instance\n - AWS::EC2::NetworkInterface\n recordingMode:\n recordingFrequency: CONTINUOUS\n recordingModeOverride:\n description: Only record EC2 network interfaces daily\n resourceTypes:\n - AWS::EC2::NetworkInterface\n recordingFrequency: DAILY\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Configuration Recorder using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/recorder:Recorder foo example\n```\n", "properties": { "name": { "type": "string", @@ -175603,7 +175603,7 @@ } }, "aws:cfg/recorderStatus:RecorderStatus": { - "description": "Manages status (recording / stopped) of an AWS Config Configuration Recorder.\n\n\u003e **Note:** Starting Configuration Recorder requires a Delivery Channel to be present. Use of `depends_on` (as shown below) is recommended to avoid race conditions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst r = new aws.iam.Role(\"r\", {\n name: \"example-awsconfig\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst fooRecorder = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n});\nconst foo = new aws.cfg.RecorderStatus(\"foo\", {\n name: fooRecorder.name,\n isEnabled: true,\n});\nconst a = new aws.iam.RolePolicyAttachment(\"a\", {\n role: r.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\",\n});\nconst b = new aws.s3.BucketV2(\"b\", {bucket: \"awsconfig-example\"});\nconst fooDeliveryChannel = new aws.cfg.DeliveryChannel(\"foo\", {\n name: \"example\",\n s3BucketName: b.bucket,\n});\nconst p = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n b.arn,\n pulumi.interpolate`${b.arn}/*`,\n ],\n }],\n});\nconst pRolePolicy = new aws.iam.RolePolicy(\"p\", {\n name: \"awsconfig-example\",\n role: r.id,\n policy: p.apply(p =\u003e p.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr = aws.iam.Role(\"r\",\n name=\"example-awsconfig\",\n assume_role_policy=assume_role.json)\nfoo_recorder = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r.arn)\nfoo = aws.cfg.RecorderStatus(\"foo\",\n name=foo_recorder.name,\n is_enabled=True)\na = aws.iam.RolePolicyAttachment(\"a\",\n role=r.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\")\nb = aws.s3.BucketV2(\"b\", bucket=\"awsconfig-example\")\nfoo_delivery_channel = aws.cfg.DeliveryChannel(\"foo\",\n name=\"example\",\n s3_bucket_name=b.bucket)\np = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n b.arn,\n b.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n)])\np_role_policy = aws.iam.RolePolicy(\"p\",\n name=\"awsconfig-example\",\n role=r.id,\n policy=p.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var r = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"example-awsconfig\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fooRecorder = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n });\n\n var foo = new Aws.Cfg.RecorderStatus(\"foo\", new()\n {\n Name = fooRecorder.Name,\n IsEnabled = true,\n });\n\n var a = new Aws.Iam.RolePolicyAttachment(\"a\", new()\n {\n Role = r.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\",\n });\n\n var b = new Aws.S3.BucketV2(\"b\", new()\n {\n Bucket = \"awsconfig-example\",\n });\n\n var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel(\"foo\", new()\n {\n Name = \"example\",\n S3BucketName = b.Bucket,\n });\n\n var p = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n b.Arn,\n $\"{b.Arn}/*\",\n },\n },\n },\n });\n\n var pRolePolicy = new Aws.Iam.RolePolicy(\"p\", new()\n {\n Name = \"awsconfig-example\",\n Role = r.Id,\n Policy = p.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tr, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example-awsconfig\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooRecorder, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: r.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorderStatus(ctx, \"foo\", \u0026cfg.RecorderStatusArgs{\n\t\t\tName: fooRecorder.Name,\n\t\t\tIsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"a\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: r.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tb, err := s3.NewBucketV2(ctx, \"b\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"awsconfig-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewDeliveryChannel(ctx, \"foo\", \u0026cfg.DeliveryChannelArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tS3BucketName: b.Bucket,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tb.Arn,\n\t\t\t\t\t\tb.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"p\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tRole: r.ID(),\n\t\t\tPolicy: p.ApplyT(func(p iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026p.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.RecorderStatus;\nimport com.pulumi.aws.cfg.RecorderStatusArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.cfg.DeliveryChannel;\nimport com.pulumi.aws.cfg.DeliveryChannelArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var r = new Role(\"r\", RoleArgs.builder() \n .name(\"example-awsconfig\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fooRecorder = new Recorder(\"fooRecorder\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .build());\n\n var foo = new RecorderStatus(\"foo\", RecorderStatusArgs.builder() \n .name(fooRecorder.name())\n .isEnabled(true)\n .build());\n\n var a = new RolePolicyAttachment(\"a\", RolePolicyAttachmentArgs.builder() \n .role(r.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\")\n .build());\n\n var b = new BucketV2(\"b\", BucketV2Args.builder() \n .bucket(\"awsconfig-example\")\n .build());\n\n var fooDeliveryChannel = new DeliveryChannel(\"fooDeliveryChannel\", DeliveryChannelArgs.builder() \n .name(\"example\")\n .s3BucketName(b.bucket())\n .build());\n\n final var p = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n b.arn(),\n b.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var pRolePolicy = new RolePolicy(\"pRolePolicy\", RolePolicyArgs.builder() \n .name(\"awsconfig-example\")\n .role(r.id())\n .policy(p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(p -\u003e p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:RecorderStatus\n properties:\n name: ${fooRecorder.name}\n isEnabled: true\n a:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${r.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\n b:\n type: aws:s3:BucketV2\n properties:\n bucket: awsconfig-example\n fooDeliveryChannel:\n type: aws:cfg:DeliveryChannel\n name: foo\n properties:\n name: example\n s3BucketName: ${b.bucket}\n fooRecorder:\n type: aws:cfg:Recorder\n name: foo\n properties:\n name: example\n roleArn: ${r.arn}\n r:\n type: aws:iam:Role\n properties:\n name: example-awsconfig\n assumeRolePolicy: ${assumeRole.json}\n pRolePolicy:\n type: aws:iam:RolePolicy\n name: p\n properties:\n name: awsconfig-example\n role: ${r.id}\n policy: ${p.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n p:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${b.arn}\n - ${b.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Configuration Recorder Status using the name of the Configuration Recorder. For example:\n\n```sh\n$ pulumi import aws:cfg/recorderStatus:RecorderStatus foo example\n```\n", + "description": "Manages status (recording / stopped) of an AWS Config Configuration Recorder.\n\n\u003e **Note:** Starting Configuration Recorder requires a Delivery Channel to be present. Use of `depends_on` (as shown below) is recommended to avoid race conditions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst r = new aws.iam.Role(\"r\", {\n name: \"example-awsconfig\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst fooRecorder = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: r.arn,\n});\nconst foo = new aws.cfg.RecorderStatus(\"foo\", {\n name: fooRecorder.name,\n isEnabled: true,\n});\nconst a = new aws.iam.RolePolicyAttachment(\"a\", {\n role: r.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\",\n});\nconst b = new aws.s3.BucketV2(\"b\", {bucket: \"awsconfig-example\"});\nconst fooDeliveryChannel = new aws.cfg.DeliveryChannel(\"foo\", {\n name: \"example\",\n s3BucketName: b.bucket,\n});\nconst p = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n b.arn,\n pulumi.interpolate`${b.arn}/*`,\n ],\n }],\n});\nconst pRolePolicy = new aws.iam.RolePolicy(\"p\", {\n name: \"awsconfig-example\",\n role: r.id,\n policy: p.apply(p =\u003e p.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr = aws.iam.Role(\"r\",\n name=\"example-awsconfig\",\n assume_role_policy=assume_role.json)\nfoo_recorder = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r.arn)\nfoo = aws.cfg.RecorderStatus(\"foo\",\n name=foo_recorder.name,\n is_enabled=True)\na = aws.iam.RolePolicyAttachment(\"a\",\n role=r.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\")\nb = aws.s3.BucketV2(\"b\", bucket=\"awsconfig-example\")\nfoo_delivery_channel = aws.cfg.DeliveryChannel(\"foo\",\n name=\"example\",\n s3_bucket_name=b.bucket)\np = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n b.arn,\n b.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n)])\np_role_policy = aws.iam.RolePolicy(\"p\",\n name=\"awsconfig-example\",\n role=r.id,\n policy=p.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var r = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"example-awsconfig\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fooRecorder = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = r.Arn,\n });\n\n var foo = new Aws.Cfg.RecorderStatus(\"foo\", new()\n {\n Name = fooRecorder.Name,\n IsEnabled = true,\n });\n\n var a = new Aws.Iam.RolePolicyAttachment(\"a\", new()\n {\n Role = r.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\",\n });\n\n var b = new Aws.S3.BucketV2(\"b\", new()\n {\n Bucket = \"awsconfig-example\",\n });\n\n var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel(\"foo\", new()\n {\n Name = \"example\",\n S3BucketName = b.Bucket,\n });\n\n var p = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n b.Arn,\n $\"{b.Arn}/*\",\n },\n },\n },\n });\n\n var pRolePolicy = new Aws.Iam.RolePolicy(\"p\", new()\n {\n Name = \"awsconfig-example\",\n Role = r.Id,\n Policy = p.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tr, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example-awsconfig\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooRecorder, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: r.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorderStatus(ctx, \"foo\", \u0026cfg.RecorderStatusArgs{\n\t\t\tName: fooRecorder.Name,\n\t\t\tIsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"a\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: r.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tb, err := s3.NewBucketV2(ctx, \"b\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"awsconfig-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewDeliveryChannel(ctx, \"foo\", \u0026cfg.DeliveryChannelArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tS3BucketName: b.Bucket,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tb.Arn,\n\t\t\t\t\t\tb.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"p\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"awsconfig-example\"),\n\t\t\tRole: r.ID(),\n\t\t\tPolicy: p.ApplyT(func(p iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026p.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.RecorderStatus;\nimport com.pulumi.aws.cfg.RecorderStatusArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.cfg.DeliveryChannel;\nimport com.pulumi.aws.cfg.DeliveryChannelArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var r = new Role(\"r\", RoleArgs.builder() \n .name(\"example-awsconfig\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fooRecorder = new Recorder(\"fooRecorder\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(r.arn())\n .build());\n\n var foo = new RecorderStatus(\"foo\", RecorderStatusArgs.builder() \n .name(fooRecorder.name())\n .isEnabled(true)\n .build());\n\n var a = new RolePolicyAttachment(\"a\", RolePolicyAttachmentArgs.builder() \n .role(r.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\")\n .build());\n\n var b = new BucketV2(\"b\", BucketV2Args.builder() \n .bucket(\"awsconfig-example\")\n .build());\n\n var fooDeliveryChannel = new DeliveryChannel(\"fooDeliveryChannel\", DeliveryChannelArgs.builder() \n .name(\"example\")\n .s3BucketName(b.bucket())\n .build());\n\n final var p = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n b.arn(),\n b.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var pRolePolicy = new RolePolicy(\"pRolePolicy\", RolePolicyArgs.builder() \n .name(\"awsconfig-example\")\n .role(r.id())\n .policy(p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(p -\u003e p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:cfg:RecorderStatus\n properties:\n name: ${fooRecorder.name}\n isEnabled: true\n a:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${r.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWS_ConfigRole\n b:\n type: aws:s3:BucketV2\n properties:\n bucket: awsconfig-example\n fooDeliveryChannel:\n type: aws:cfg:DeliveryChannel\n name: foo\n properties:\n name: example\n s3BucketName: ${b.bucket}\n fooRecorder:\n type: aws:cfg:Recorder\n name: foo\n properties:\n name: example\n roleArn: ${r.arn}\n r:\n type: aws:iam:Role\n properties:\n name: example-awsconfig\n assumeRolePolicy: ${assumeRole.json}\n pRolePolicy:\n type: aws:iam:RolePolicy\n name: p\n properties:\n name: awsconfig-example\n role: ${r.id}\n policy: ${p.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n p:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${b.arn}\n - ${b.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Configuration Recorder Status using the name of the Configuration Recorder. For example:\n\n```sh\n$ pulumi import aws:cfg/recorderStatus:RecorderStatus foo example\n```\n", "properties": { "isEnabled": { "type": "boolean", @@ -175850,7 +175850,7 @@ } }, "aws:cfg/rule:Rule": { - "description": "Provides an AWS Config Rule.\n\n\u003e **Note:** Config Rule requires an existing Configuration Recorder to be present. Use of `depends_on` is recommended (as shown below) to avoid race conditions.\n\n## Example Usage\n\n### AWS Managed Rules\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst r = new aws.cfg.Rule(\"r\", {\n name: \"example\",\n source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst rRole = new aws.iam.Role(\"r\", {\n name: \"my-awsconfig-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: rRole.arn,\n});\nconst p = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"config:Put*\"],\n resources: [\"*\"],\n }],\n});\nconst pRolePolicy = new aws.iam.RolePolicy(\"p\", {\n name: \"my-awsconfig-policy\",\n role: rRole.id,\n policy: p.then(p =\u003e p.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nr = aws.cfg.Rule(\"r\",\n name=\"example\",\n source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n ))\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr_role = aws.iam.Role(\"r\",\n name=\"my-awsconfig-role\",\n assume_role_policy=assume_role.json)\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r_role.arn)\np = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"config:Put*\"],\n resources=[\"*\"],\n)])\np_role_policy = aws.iam.RolePolicy(\"p\",\n name=\"my-awsconfig-policy\",\n role=r_role.id,\n policy=p.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var r = new Aws.Cfg.Rule(\"r\", new()\n {\n Name = \"example\",\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var rRole = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"my-awsconfig-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = rRole.Arn,\n });\n\n var p = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"config:Put*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var pRolePolicy = new Aws.Iam.RolePolicy(\"p\", new()\n {\n Name = \"my-awsconfig-policy\",\n Role = rRole.Id,\n Policy = p.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRule(ctx, \"r\", \u0026cfg.RuleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trRole, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"my-awsconfig-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: rRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"config:Put*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"p\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"my-awsconfig-policy\"),\n\t\t\tRole: rRole.ID(),\n\t\t\tPolicy: *pulumi.String(p.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var r = new Rule(\"r\", RuleArgs.builder() \n .name(\"example\")\n .source(RuleSourceArgs.builder()\n .owner(\"AWS\")\n .sourceIdentifier(\"S3_BUCKET_VERSIONING_ENABLED\")\n .build())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var rRole = new Role(\"rRole\", RoleArgs.builder() \n .name(\"my-awsconfig-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(rRole.arn())\n .build());\n\n final var p = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"config:Put*\")\n .resources(\"*\")\n .build())\n .build());\n\n var pRolePolicy = new RolePolicy(\"pRolePolicy\", RolePolicyArgs.builder() \n .name(\"my-awsconfig-policy\")\n .role(rRole.id())\n .policy(p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n r:\n type: aws:cfg:Rule\n properties:\n name: example\n source:\n owner: AWS\n sourceIdentifier: S3_BUCKET_VERSIONING_ENABLED\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${rRole.arn}\n rRole:\n type: aws:iam:Role\n name: r\n properties:\n name: my-awsconfig-role\n assumeRolePolicy: ${assumeRole.json}\n pRolePolicy:\n type: aws:iam:RolePolicy\n name: p\n properties:\n name: my-awsconfig-policy\n role: ${rRole.id}\n policy: ${p.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n p:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - config:Put*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Rules\n\nCustom rules can be used by setting the source owner to `CUSTOM_LAMBDA` and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g., via the `aws.lambda.Permission` resource. More information about custom rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.Recorder(\"example\", {});\nconst exampleFunction = new aws.lambda.Function(\"example\", {});\nconst examplePermission = new aws.lambda.Permission(\"example\", {\n action: \"lambda:InvokeFunction\",\n \"function\": exampleFunction.arn,\n principal: \"config.amazonaws.com\",\n statementId: \"AllowExecutionFromConfig\",\n});\nconst exampleRule = new aws.cfg.Rule(\"example\", {source: {\n owner: \"CUSTOM_LAMBDA\",\n sourceIdentifier: exampleFunction.arn,\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.Recorder(\"example\")\nexample_function = aws.lambda_.Function(\"example\")\nexample_permission = aws.lambda_.Permission(\"example\",\n action=\"lambda:InvokeFunction\",\n function=example_function.arn,\n principal=\"config.amazonaws.com\",\n statement_id=\"AllowExecutionFromConfig\")\nexample_rule = aws.cfg.Rule(\"example\", source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_LAMBDA\",\n source_identifier=example_function.arn,\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cfg.Recorder(\"example\");\n\n var exampleFunction = new Aws.Lambda.Function(\"example\");\n\n var examplePermission = new Aws.Lambda.Permission(\"example\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = exampleFunction.Arn,\n Principal = \"config.amazonaws.com\",\n StatementId = \"AllowExecutionFromConfig\",\n });\n\n var exampleRule = new Aws.Cfg.Rule(\"example\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_LAMBDA\",\n SourceIdentifier = exampleFunction.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRecorder(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleFunction, err := lambda.NewFunction(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"example\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: exampleFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"config.amazonaws.com\"),\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromConfig\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRule(ctx, \"example\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_LAMBDA\"),\n\t\t\t\tSourceIdentifier: exampleFunction.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Recorder(\"example\");\n\n var exampleFunction = new Function(\"exampleFunction\");\n\n var examplePermission = new Permission(\"examplePermission\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(exampleFunction.arn())\n .principal(\"config.amazonaws.com\")\n .statementId(\"AllowExecutionFromConfig\")\n .build());\n\n var exampleRule = new Rule(\"exampleRule\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_LAMBDA\")\n .sourceIdentifier(exampleFunction.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cfg:Recorder\n exampleFunction:\n type: aws:lambda:Function\n name: example\n examplePermission:\n type: aws:lambda:Permission\n name: example\n properties:\n action: lambda:InvokeFunction\n function: ${exampleFunction.arn}\n principal: config.amazonaws.com\n statementId: AllowExecutionFromConfig\n exampleRule:\n type: aws:cfg:Rule\n name: example\n properties:\n source:\n owner: CUSTOM_LAMBDA\n sourceIdentifier: ${exampleFunction.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Policies\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.Rule(\"example\", {\n name: \"example\",\n source: {\n owner: \"CUSTOM_POLICY\",\n sourceDetails: [{\n messageType: \"ConfigurationItemChangeNotification\",\n }],\n customPolicyDetails: {\n policyRuntime: \"guard-2.x.x\",\n policyText: `\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.Rule(\"example\",\n name=\"example\",\n source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_POLICY\",\n source_details=[aws.cfg.RuleSourceSourceDetailArgs(\n message_type=\"ConfigurationItemChangeNotification\",\n )],\n custom_policy_details=aws.cfg.RuleSourceCustomPolicyDetailsArgs(\n policy_runtime=\"guard-2.x.x\",\n policy_text=\"\"\"\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n\"\"\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cfg.Rule(\"example\", new()\n {\n Name = \"example\",\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_POLICY\",\n SourceDetails = new[]\n {\n new Aws.Cfg.Inputs.RuleSourceSourceDetailArgs\n {\n MessageType = \"ConfigurationItemChangeNotification\",\n },\n },\n CustomPolicyDetails = new Aws.Cfg.Inputs.RuleSourceCustomPolicyDetailsArgs\n {\n PolicyRuntime = \"guard-2.x.x\",\n PolicyText = @\"\t rule tableisactive when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"\"ENABLED\"\"\n\t }\n\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRule(ctx, \"example\", \u0026cfg.RuleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_POLICY\"),\n\t\t\t\tSourceDetails: cfg.RuleSourceSourceDetailArray{\n\t\t\t\t\t\u0026cfg.RuleSourceSourceDetailArgs{\n\t\t\t\t\t\tMessageType: pulumi.String(\"ConfigurationItemChangeNotification\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tCustomPolicyDetails: \u0026cfg.RuleSourceCustomPolicyDetailsArgs{\n\t\t\t\t\tPolicyRuntime: pulumi.String(\"guard-2.x.x\"),\n\t\t\t\t\tPolicyText: pulumi.String(`\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceCustomPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Rule(\"example\", RuleArgs.builder() \n .name(\"example\")\n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_POLICY\")\n .sourceDetails(RuleSourceSourceDetailArgs.builder()\n .messageType(\"ConfigurationItemChangeNotification\")\n .build())\n .customPolicyDetails(RuleSourceCustomPolicyDetailsArgs.builder()\n .policyRuntime(\"guard-2.x.x\")\n .policyText(\"\"\"\n\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n \"\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cfg:Rule\n properties:\n name: example\n source:\n owner: CUSTOM_POLICY\n sourceDetails:\n - messageType: ConfigurationItemChangeNotification\n customPolicyDetails:\n policyRuntime: guard-2.x.x\n policyText: \"\\t rule tableisactive when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\" {\\n\\t\\t configuration.tableStatus == ['ACTIVE']\\n\\t }\\n\\t \\n\\t rule checkcompliance when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\"\\n\\t\\t tableisactive {\\n\\t\\t\\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \\\"ENABLED\\\"\\n\\t }\\n\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Config Rule using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/rule:Rule foo example\n```\n", + "description": "Provides an AWS Config Rule.\n\n\u003e **Note:** Config Rule requires an existing Configuration Recorder to be present. Use of `depends_on` is recommended (as shown below) to avoid race conditions.\n\n## Example Usage\n\n### AWS Managed Rules\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst r = new aws.cfg.Rule(\"r\", {\n name: \"example\",\n source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst rRole = new aws.iam.Role(\"r\", {\n name: \"my-awsconfig-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst foo = new aws.cfg.Recorder(\"foo\", {\n name: \"example\",\n roleArn: rRole.arn,\n});\nconst p = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"config:Put*\"],\n resources: [\"*\"],\n }],\n});\nconst pRolePolicy = new aws.iam.RolePolicy(\"p\", {\n name: \"my-awsconfig-policy\",\n role: rRole.id,\n policy: p.then(p =\u003e p.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nr = aws.cfg.Rule(\"r\",\n name=\"example\",\n source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n ))\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nr_role = aws.iam.Role(\"r\",\n name=\"my-awsconfig-role\",\n assume_role_policy=assume_role.json)\nfoo = aws.cfg.Recorder(\"foo\",\n name=\"example\",\n role_arn=r_role.arn)\np = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"config:Put*\"],\n resources=[\"*\"],\n)])\np_role_policy = aws.iam.RolePolicy(\"p\",\n name=\"my-awsconfig-policy\",\n role=r_role.id,\n policy=p.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var r = new Aws.Cfg.Rule(\"r\", new()\n {\n Name = \"example\",\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var rRole = new Aws.Iam.Role(\"r\", new()\n {\n Name = \"my-awsconfig-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n Name = \"example\",\n RoleArn = rRole.Arn,\n });\n\n var p = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"config:Put*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var pRolePolicy = new Aws.Iam.RolePolicy(\"p\", new()\n {\n Name = \"my-awsconfig-policy\",\n Role = rRole.Id,\n Policy = p.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRule(ctx, \"r\", \u0026cfg.RuleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trRole, err := iam.NewRole(ctx, \"r\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"my-awsconfig-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: rRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tp, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"config:Put*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"p\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"my-awsconfig-policy\"),\n\t\t\tRole: rRole.ID(),\n\t\t\tPolicy: pulumi.String(p.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var r = new Rule(\"r\", RuleArgs.builder() \n .name(\"example\")\n .source(RuleSourceArgs.builder()\n .owner(\"AWS\")\n .sourceIdentifier(\"S3_BUCKET_VERSIONING_ENABLED\")\n .build())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var rRole = new Role(\"rRole\", RoleArgs.builder() \n .name(\"my-awsconfig-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .name(\"example\")\n .roleArn(rRole.arn())\n .build());\n\n final var p = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"config:Put*\")\n .resources(\"*\")\n .build())\n .build());\n\n var pRolePolicy = new RolePolicy(\"pRolePolicy\", RolePolicyArgs.builder() \n .name(\"my-awsconfig-policy\")\n .role(rRole.id())\n .policy(p.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n r:\n type: aws:cfg:Rule\n properties:\n name: example\n source:\n owner: AWS\n sourceIdentifier: S3_BUCKET_VERSIONING_ENABLED\n foo:\n type: aws:cfg:Recorder\n properties:\n name: example\n roleArn: ${rRole.arn}\n rRole:\n type: aws:iam:Role\n name: r\n properties:\n name: my-awsconfig-role\n assumeRolePolicy: ${assumeRole.json}\n pRolePolicy:\n type: aws:iam:RolePolicy\n name: p\n properties:\n name: my-awsconfig-policy\n role: ${rRole.id}\n policy: ${p.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n p:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - config:Put*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Rules\n\nCustom rules can be used by setting the source owner to `CUSTOM_LAMBDA` and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g., via the `aws.lambda.Permission` resource. More information about custom rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.Recorder(\"example\", {});\nconst exampleFunction = new aws.lambda.Function(\"example\", {});\nconst examplePermission = new aws.lambda.Permission(\"example\", {\n action: \"lambda:InvokeFunction\",\n \"function\": exampleFunction.arn,\n principal: \"config.amazonaws.com\",\n statementId: \"AllowExecutionFromConfig\",\n});\nconst exampleRule = new aws.cfg.Rule(\"example\", {source: {\n owner: \"CUSTOM_LAMBDA\",\n sourceIdentifier: exampleFunction.arn,\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.Recorder(\"example\")\nexample_function = aws.lambda_.Function(\"example\")\nexample_permission = aws.lambda_.Permission(\"example\",\n action=\"lambda:InvokeFunction\",\n function=example_function.arn,\n principal=\"config.amazonaws.com\",\n statement_id=\"AllowExecutionFromConfig\")\nexample_rule = aws.cfg.Rule(\"example\", source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_LAMBDA\",\n source_identifier=example_function.arn,\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cfg.Recorder(\"example\");\n\n var exampleFunction = new Aws.Lambda.Function(\"example\");\n\n var examplePermission = new Aws.Lambda.Permission(\"example\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = exampleFunction.Arn,\n Principal = \"config.amazonaws.com\",\n StatementId = \"AllowExecutionFromConfig\",\n });\n\n var exampleRule = new Aws.Cfg.Rule(\"example\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_LAMBDA\",\n SourceIdentifier = exampleFunction.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRecorder(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleFunction, err := lambda.NewFunction(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"example\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: exampleFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"config.amazonaws.com\"),\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromConfig\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRule(ctx, \"example\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_LAMBDA\"),\n\t\t\t\tSourceIdentifier: exampleFunction.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Recorder(\"example\");\n\n var exampleFunction = new Function(\"exampleFunction\");\n\n var examplePermission = new Permission(\"examplePermission\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(exampleFunction.arn())\n .principal(\"config.amazonaws.com\")\n .statementId(\"AllowExecutionFromConfig\")\n .build());\n\n var exampleRule = new Rule(\"exampleRule\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_LAMBDA\")\n .sourceIdentifier(exampleFunction.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cfg:Recorder\n exampleFunction:\n type: aws:lambda:Function\n name: example\n examplePermission:\n type: aws:lambda:Permission\n name: example\n properties:\n action: lambda:InvokeFunction\n function: ${exampleFunction.arn}\n principal: config.amazonaws.com\n statementId: AllowExecutionFromConfig\n exampleRule:\n type: aws:cfg:Rule\n name: example\n properties:\n source:\n owner: CUSTOM_LAMBDA\n sourceIdentifier: ${exampleFunction.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Policies\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.Rule(\"example\", {\n name: \"example\",\n source: {\n owner: \"CUSTOM_POLICY\",\n sourceDetails: [{\n messageType: \"ConfigurationItemChangeNotification\",\n }],\n customPolicyDetails: {\n policyRuntime: \"guard-2.x.x\",\n policyText: `\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.Rule(\"example\",\n name=\"example\",\n source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_POLICY\",\n source_details=[aws.cfg.RuleSourceSourceDetailArgs(\n message_type=\"ConfigurationItemChangeNotification\",\n )],\n custom_policy_details=aws.cfg.RuleSourceCustomPolicyDetailsArgs(\n policy_runtime=\"guard-2.x.x\",\n policy_text=\"\"\"\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n\"\"\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cfg.Rule(\"example\", new()\n {\n Name = \"example\",\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_POLICY\",\n SourceDetails = new[]\n {\n new Aws.Cfg.Inputs.RuleSourceSourceDetailArgs\n {\n MessageType = \"ConfigurationItemChangeNotification\",\n },\n },\n CustomPolicyDetails = new Aws.Cfg.Inputs.RuleSourceCustomPolicyDetailsArgs\n {\n PolicyRuntime = \"guard-2.x.x\",\n PolicyText = @\"\t rule tableisactive when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"\"ENABLED\"\"\n\t }\n\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRule(ctx, \"example\", \u0026cfg.RuleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_POLICY\"),\n\t\t\t\tSourceDetails: cfg.RuleSourceSourceDetailArray{\n\t\t\t\t\t\u0026cfg.RuleSourceSourceDetailArgs{\n\t\t\t\t\t\tMessageType: pulumi.String(\"ConfigurationItemChangeNotification\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tCustomPolicyDetails: \u0026cfg.RuleSourceCustomPolicyDetailsArgs{\n\t\t\t\t\tPolicyRuntime: pulumi.String(\"guard-2.x.x\"),\n\t\t\t\t\tPolicyText: pulumi.String(`\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceCustomPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Rule(\"example\", RuleArgs.builder() \n .name(\"example\")\n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_POLICY\")\n .sourceDetails(RuleSourceSourceDetailArgs.builder()\n .messageType(\"ConfigurationItemChangeNotification\")\n .build())\n .customPolicyDetails(RuleSourceCustomPolicyDetailsArgs.builder()\n .policyRuntime(\"guard-2.x.x\")\n .policyText(\"\"\"\n\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n \"\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cfg:Rule\n properties:\n name: example\n source:\n owner: CUSTOM_POLICY\n sourceDetails:\n - messageType: ConfigurationItemChangeNotification\n customPolicyDetails:\n policyRuntime: guard-2.x.x\n policyText: \"\\t rule tableisactive when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\" {\\n\\t\\t configuration.tableStatus == ['ACTIVE']\\n\\t }\\n\\t \\n\\t rule checkcompliance when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\"\\n\\t\\t tableisactive {\\n\\t\\t\\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \\\"ENABLED\\\"\\n\\t }\\n\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Config Rule using the name. For example:\n\n```sh\n$ pulumi import aws:cfg/rule:Rule foo example\n```\n", "properties": { "arn": { "type": "string", @@ -176640,7 +176640,7 @@ } }, "aws:chime/voiceConnectorStreaming:VoiceConnectorStreaming": { - "description": "Adds a streaming configuration for the specified Amazon Chime Voice Connector. The streaming configuration specifies whether media streaming is enabled for sending to Amazon Kinesis.\nIt also sets the retention period, in hours, for the Amazon Kinesis data.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.chime.VoiceConnector(\"default\", {\n name: \"vc-name-test\",\n requireEncryption: true,\n});\nconst defaultVoiceConnectorStreaming = new aws.chime.VoiceConnectorStreaming(\"default\", {\n disabled: false,\n voiceConnectorId: _default.id,\n dataRetention: 7,\n streamingNotificationTargets: [\"SQS\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.chime.VoiceConnector(\"default\",\n name=\"vc-name-test\",\n require_encryption=True)\ndefault_voice_connector_streaming = aws.chime.VoiceConnectorStreaming(\"default\",\n disabled=False,\n voice_connector_id=default.id,\n data_retention=7,\n streaming_notification_targets=[\"SQS\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Chime.VoiceConnector(\"default\", new()\n {\n Name = \"vc-name-test\",\n RequireEncryption = true,\n });\n\n var defaultVoiceConnectorStreaming = new Aws.Chime.VoiceConnectorStreaming(\"default\", new()\n {\n Disabled = false,\n VoiceConnectorId = @default.Id,\n DataRetention = 7,\n StreamingNotificationTargets = new[]\n {\n \"SQS\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chime\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chime.NewVoiceConnector(ctx, \"default\", \u0026chime.VoiceConnectorArgs{\n\t\t\tName: pulumi.String(\"vc-name-test\"),\n\t\t\tRequireEncryption: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chime.NewVoiceConnectorStreaming(ctx, \"default\", \u0026chime.VoiceConnectorStreamingArgs{\n\t\t\tDisabled: pulumi.Bool(false),\n\t\t\tVoiceConnectorId: _default.ID(),\n\t\t\tDataRetention: pulumi.Int(7),\n\t\t\tStreamingNotificationTargets: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SQS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chime.VoiceConnector;\nimport com.pulumi.aws.chime.VoiceConnectorArgs;\nimport com.pulumi.aws.chime.VoiceConnectorStreaming;\nimport com.pulumi.aws.chime.VoiceConnectorStreamingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new VoiceConnector(\"default\", VoiceConnectorArgs.builder() \n .name(\"vc-name-test\")\n .requireEncryption(true)\n .build());\n\n var defaultVoiceConnectorStreaming = new VoiceConnectorStreaming(\"defaultVoiceConnectorStreaming\", VoiceConnectorStreamingArgs.builder() \n .disabled(false)\n .voiceConnectorId(default_.id())\n .dataRetention(7)\n .streamingNotificationTargets(\"SQS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:chime:VoiceConnector\n properties:\n name: vc-name-test\n requireEncryption: true\n defaultVoiceConnectorStreaming:\n type: aws:chime:VoiceConnectorStreaming\n name: default\n properties:\n disabled: false\n voiceConnectorId: ${default.id}\n dataRetention: 7\n streamingNotificationTargets:\n - SQS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage With Media Insights\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.chime.VoiceConnector(\"default\", {\n name: \"vc-name-test\",\n requireEncryption: true,\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"mediapipelines.chime.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"ExampleResourceAccessRole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleStream = new aws.kinesis.Stream(\"example\", {\n name: \"ExampleStream\",\n shardCount: 2,\n});\nconst example = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"example\", {\n name: \"ExampleConfig\",\n resourceAccessRoleArn: exampleRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n languageCode: \"en-US\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: exampleStream.arn,\n },\n },\n ],\n});\nconst defaultVoiceConnectorStreaming = new aws.chime.VoiceConnectorStreaming(\"default\", {\n disabled: false,\n voiceConnectorId: _default.id,\n dataRetention: 7,\n streamingNotificationTargets: [\"SQS\"],\n mediaInsightsConfiguration: {\n disabled: false,\n configurationArn: example.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.chime.VoiceConnector(\"default\",\n name=\"vc-name-test\",\n require_encryption=True)\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"mediapipelines.chime.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"ExampleResourceAccessRole\",\n assume_role_policy=assume_role.json)\nexample_stream = aws.kinesis.Stream(\"example\",\n name=\"ExampleStream\",\n shard_count=2)\nexample = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"example\",\n name=\"ExampleConfig\",\n resource_access_role_arn=example_role.arn,\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n language_code=\"en-US\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example_stream.arn,\n ),\n ),\n ])\ndefault_voice_connector_streaming = aws.chime.VoiceConnectorStreaming(\"default\",\n disabled=False,\n voice_connector_id=default.id,\n data_retention=7,\n streaming_notification_targets=[\"SQS\"],\n media_insights_configuration=aws.chime.VoiceConnectorStreamingMediaInsightsConfigurationArgs(\n disabled=False,\n configuration_arn=example.arn,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Chime.VoiceConnector(\"default\", new()\n {\n Name = \"vc-name-test\",\n RequireEncryption = true,\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"mediapipelines.chime.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"ExampleResourceAccessRole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleStream = new Aws.Kinesis.Stream(\"example\", new()\n {\n Name = \"ExampleStream\",\n ShardCount = 2,\n });\n\n var example = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"example\", new()\n {\n Name = \"ExampleConfig\",\n ResourceAccessRoleArn = exampleRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n LanguageCode = \"en-US\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = exampleStream.Arn,\n },\n },\n },\n });\n\n var defaultVoiceConnectorStreaming = new Aws.Chime.VoiceConnectorStreaming(\"default\", new()\n {\n Disabled = false,\n VoiceConnectorId = @default.Id,\n DataRetention = 7,\n StreamingNotificationTargets = new[]\n {\n \"SQS\",\n },\n MediaInsightsConfiguration = new Aws.Chime.Inputs.VoiceConnectorStreamingMediaInsightsConfigurationArgs\n {\n Disabled = false,\n ConfigurationArn = example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chime\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chime.NewVoiceConnector(ctx, \"default\", \u0026chime.VoiceConnectorArgs{\n\t\t\tName: pulumi.String(\"vc-name-test\"),\n\t\t\tRequireEncryption: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"mediapipelines.chime.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"ExampleResourceAccessRole\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStream, err := kinesis.NewStream(ctx, \"example\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"ExampleStream\"),\n\t\t\tShardCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"example\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"ExampleConfig\"),\n\t\t\tResourceAccessRoleArn: exampleRole.Arn,\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: exampleStream.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chime.NewVoiceConnectorStreaming(ctx, \"default\", \u0026chime.VoiceConnectorStreamingArgs{\n\t\t\tDisabled: pulumi.Bool(false),\n\t\t\tVoiceConnectorId: _default.ID(),\n\t\t\tDataRetention: pulumi.Int(7),\n\t\t\tStreamingNotificationTargets: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SQS\"),\n\t\t\t},\n\t\t\tMediaInsightsConfiguration: \u0026chime.VoiceConnectorStreamingMediaInsightsConfigurationArgs{\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tConfigurationArn: example.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chime.VoiceConnector;\nimport com.pulumi.aws.chime.VoiceConnectorArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport com.pulumi.aws.chime.VoiceConnectorStreaming;\nimport com.pulumi.aws.chime.VoiceConnectorStreamingArgs;\nimport com.pulumi.aws.chime.inputs.VoiceConnectorStreamingMediaInsightsConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new VoiceConnector(\"default\", VoiceConnectorArgs.builder() \n .name(\"vc-name-test\")\n .requireEncryption(true)\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"mediapipelines.chime.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"ExampleResourceAccessRole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleStream = new Stream(\"exampleStream\", StreamArgs.builder() \n .name(\"ExampleStream\")\n .shardCount(2)\n .build());\n\n var example = new MediaInsightsPipelineConfiguration(\"example\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"ExampleConfig\")\n .resourceAccessRoleArn(exampleRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .languageCode(\"en-US\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(exampleStream.arn())\n .build())\n .build())\n .build());\n\n var defaultVoiceConnectorStreaming = new VoiceConnectorStreaming(\"defaultVoiceConnectorStreaming\", VoiceConnectorStreamingArgs.builder() \n .disabled(false)\n .voiceConnectorId(default_.id())\n .dataRetention(7)\n .streamingNotificationTargets(\"SQS\")\n .mediaInsightsConfiguration(VoiceConnectorStreamingMediaInsightsConfigurationArgs.builder()\n .disabled(false)\n .configurationArn(example.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:chime:VoiceConnector\n properties:\n name: vc-name-test\n requireEncryption: true\n defaultVoiceConnectorStreaming:\n type: aws:chime:VoiceConnectorStreaming\n name: default\n properties:\n disabled: false\n voiceConnectorId: ${default.id}\n dataRetention: 7\n streamingNotificationTargets:\n - SQS\n mediaInsightsConfiguration:\n disabled: false\n configurationArn: ${example.arn}\n example:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n properties:\n name: ExampleConfig\n resourceAccessRoleArn: ${exampleRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n languageCode: en-US\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${exampleStream.arn}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: ExampleResourceAccessRole\n assumeRolePolicy: ${assumeRole.json}\n exampleStream:\n type: aws:kinesis:Stream\n name: example\n properties:\n name: ExampleStream\n shardCount: 2\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - mediapipelines.chime.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Chime Voice Connector Streaming using the `voice_connector_id`. For example:\n\n```sh\n$ pulumi import aws:chime/voiceConnectorStreaming:VoiceConnectorStreaming default abcdef1ghij2klmno3pqr4\n```\n", + "description": "Adds a streaming configuration for the specified Amazon Chime Voice Connector. The streaming configuration specifies whether media streaming is enabled for sending to Amazon Kinesis.\nIt also sets the retention period, in hours, for the Amazon Kinesis data.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.chime.VoiceConnector(\"default\", {\n name: \"vc-name-test\",\n requireEncryption: true,\n});\nconst defaultVoiceConnectorStreaming = new aws.chime.VoiceConnectorStreaming(\"default\", {\n disabled: false,\n voiceConnectorId: _default.id,\n dataRetention: 7,\n streamingNotificationTargets: [\"SQS\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.chime.VoiceConnector(\"default\",\n name=\"vc-name-test\",\n require_encryption=True)\ndefault_voice_connector_streaming = aws.chime.VoiceConnectorStreaming(\"default\",\n disabled=False,\n voice_connector_id=default.id,\n data_retention=7,\n streaming_notification_targets=[\"SQS\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Chime.VoiceConnector(\"default\", new()\n {\n Name = \"vc-name-test\",\n RequireEncryption = true,\n });\n\n var defaultVoiceConnectorStreaming = new Aws.Chime.VoiceConnectorStreaming(\"default\", new()\n {\n Disabled = false,\n VoiceConnectorId = @default.Id,\n DataRetention = 7,\n StreamingNotificationTargets = new[]\n {\n \"SQS\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chime\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chime.NewVoiceConnector(ctx, \"default\", \u0026chime.VoiceConnectorArgs{\n\t\t\tName: pulumi.String(\"vc-name-test\"),\n\t\t\tRequireEncryption: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chime.NewVoiceConnectorStreaming(ctx, \"default\", \u0026chime.VoiceConnectorStreamingArgs{\n\t\t\tDisabled: pulumi.Bool(false),\n\t\t\tVoiceConnectorId: _default.ID(),\n\t\t\tDataRetention: pulumi.Int(7),\n\t\t\tStreamingNotificationTargets: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SQS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chime.VoiceConnector;\nimport com.pulumi.aws.chime.VoiceConnectorArgs;\nimport com.pulumi.aws.chime.VoiceConnectorStreaming;\nimport com.pulumi.aws.chime.VoiceConnectorStreamingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new VoiceConnector(\"default\", VoiceConnectorArgs.builder() \n .name(\"vc-name-test\")\n .requireEncryption(true)\n .build());\n\n var defaultVoiceConnectorStreaming = new VoiceConnectorStreaming(\"defaultVoiceConnectorStreaming\", VoiceConnectorStreamingArgs.builder() \n .disabled(false)\n .voiceConnectorId(default_.id())\n .dataRetention(7)\n .streamingNotificationTargets(\"SQS\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:chime:VoiceConnector\n properties:\n name: vc-name-test\n requireEncryption: true\n defaultVoiceConnectorStreaming:\n type: aws:chime:VoiceConnectorStreaming\n name: default\n properties:\n disabled: false\n voiceConnectorId: ${default.id}\n dataRetention: 7\n streamingNotificationTargets:\n - SQS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage With Media Insights\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.chime.VoiceConnector(\"default\", {\n name: \"vc-name-test\",\n requireEncryption: true,\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"mediapipelines.chime.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"ExampleResourceAccessRole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleStream = new aws.kinesis.Stream(\"example\", {\n name: \"ExampleStream\",\n shardCount: 2,\n});\nconst example = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"example\", {\n name: \"ExampleConfig\",\n resourceAccessRoleArn: exampleRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n languageCode: \"en-US\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: exampleStream.arn,\n },\n },\n ],\n});\nconst defaultVoiceConnectorStreaming = new aws.chime.VoiceConnectorStreaming(\"default\", {\n disabled: false,\n voiceConnectorId: _default.id,\n dataRetention: 7,\n streamingNotificationTargets: [\"SQS\"],\n mediaInsightsConfiguration: {\n disabled: false,\n configurationArn: example.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.chime.VoiceConnector(\"default\",\n name=\"vc-name-test\",\n require_encryption=True)\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"mediapipelines.chime.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"ExampleResourceAccessRole\",\n assume_role_policy=assume_role.json)\nexample_stream = aws.kinesis.Stream(\"example\",\n name=\"ExampleStream\",\n shard_count=2)\nexample = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"example\",\n name=\"ExampleConfig\",\n resource_access_role_arn=example_role.arn,\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n language_code=\"en-US\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example_stream.arn,\n ),\n ),\n ])\ndefault_voice_connector_streaming = aws.chime.VoiceConnectorStreaming(\"default\",\n disabled=False,\n voice_connector_id=default.id,\n data_retention=7,\n streaming_notification_targets=[\"SQS\"],\n media_insights_configuration=aws.chime.VoiceConnectorStreamingMediaInsightsConfigurationArgs(\n disabled=False,\n configuration_arn=example.arn,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Chime.VoiceConnector(\"default\", new()\n {\n Name = \"vc-name-test\",\n RequireEncryption = true,\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"mediapipelines.chime.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"ExampleResourceAccessRole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleStream = new Aws.Kinesis.Stream(\"example\", new()\n {\n Name = \"ExampleStream\",\n ShardCount = 2,\n });\n\n var example = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"example\", new()\n {\n Name = \"ExampleConfig\",\n ResourceAccessRoleArn = exampleRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n LanguageCode = \"en-US\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = exampleStream.Arn,\n },\n },\n },\n });\n\n var defaultVoiceConnectorStreaming = new Aws.Chime.VoiceConnectorStreaming(\"default\", new()\n {\n Disabled = false,\n VoiceConnectorId = @default.Id,\n DataRetention = 7,\n StreamingNotificationTargets = new[]\n {\n \"SQS\",\n },\n MediaInsightsConfiguration = new Aws.Chime.Inputs.VoiceConnectorStreamingMediaInsightsConfigurationArgs\n {\n Disabled = false,\n ConfigurationArn = example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chime\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chime.NewVoiceConnector(ctx, \"default\", \u0026chime.VoiceConnectorArgs{\n\t\t\tName: pulumi.String(\"vc-name-test\"),\n\t\t\tRequireEncryption: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"mediapipelines.chime.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"ExampleResourceAccessRole\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStream, err := kinesis.NewStream(ctx, \"example\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"ExampleStream\"),\n\t\t\tShardCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"example\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"ExampleConfig\"),\n\t\t\tResourceAccessRoleArn: exampleRole.Arn,\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: exampleStream.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chime.NewVoiceConnectorStreaming(ctx, \"default\", \u0026chime.VoiceConnectorStreamingArgs{\n\t\t\tDisabled: pulumi.Bool(false),\n\t\t\tVoiceConnectorId: _default.ID(),\n\t\t\tDataRetention: pulumi.Int(7),\n\t\t\tStreamingNotificationTargets: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SQS\"),\n\t\t\t},\n\t\t\tMediaInsightsConfiguration: \u0026chime.VoiceConnectorStreamingMediaInsightsConfigurationArgs{\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tConfigurationArn: example.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chime.VoiceConnector;\nimport com.pulumi.aws.chime.VoiceConnectorArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport com.pulumi.aws.chime.VoiceConnectorStreaming;\nimport com.pulumi.aws.chime.VoiceConnectorStreamingArgs;\nimport com.pulumi.aws.chime.inputs.VoiceConnectorStreamingMediaInsightsConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new VoiceConnector(\"default\", VoiceConnectorArgs.builder() \n .name(\"vc-name-test\")\n .requireEncryption(true)\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"mediapipelines.chime.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"ExampleResourceAccessRole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleStream = new Stream(\"exampleStream\", StreamArgs.builder() \n .name(\"ExampleStream\")\n .shardCount(2)\n .build());\n\n var example = new MediaInsightsPipelineConfiguration(\"example\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"ExampleConfig\")\n .resourceAccessRoleArn(exampleRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .languageCode(\"en-US\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(exampleStream.arn())\n .build())\n .build())\n .build());\n\n var defaultVoiceConnectorStreaming = new VoiceConnectorStreaming(\"defaultVoiceConnectorStreaming\", VoiceConnectorStreamingArgs.builder() \n .disabled(false)\n .voiceConnectorId(default_.id())\n .dataRetention(7)\n .streamingNotificationTargets(\"SQS\")\n .mediaInsightsConfiguration(VoiceConnectorStreamingMediaInsightsConfigurationArgs.builder()\n .disabled(false)\n .configurationArn(example.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:chime:VoiceConnector\n properties:\n name: vc-name-test\n requireEncryption: true\n defaultVoiceConnectorStreaming:\n type: aws:chime:VoiceConnectorStreaming\n name: default\n properties:\n disabled: false\n voiceConnectorId: ${default.id}\n dataRetention: 7\n streamingNotificationTargets:\n - SQS\n mediaInsightsConfiguration:\n disabled: false\n configurationArn: ${example.arn}\n example:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n properties:\n name: ExampleConfig\n resourceAccessRoleArn: ${exampleRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n languageCode: en-US\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${exampleStream.arn}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: ExampleResourceAccessRole\n assumeRolePolicy: ${assumeRole.json}\n exampleStream:\n type: aws:kinesis:Stream\n name: example\n properties:\n name: ExampleStream\n shardCount: 2\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - mediapipelines.chime.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Chime Voice Connector Streaming using the `voice_connector_id`. For example:\n\n```sh\n$ pulumi import aws:chime/voiceConnectorStreaming:VoiceConnectorStreaming default abcdef1ghij2klmno3pqr4\n```\n", "properties": { "dataRetention": { "type": "integer", @@ -176903,7 +176903,7 @@ } }, "aws:chimesdkmediapipelines/mediaInsightsPipelineConfiguration:MediaInsightsPipelineConfiguration": { - "description": "Resource for managing an AWS Chime SDK Media Pipelines Media Insights Pipeline Configuration.\nConsult the [Call analytics developer guide](https://docs.aws.amazon.com/chime-sdk/latest/dg/call-analytics.html) for more detailed information about usage.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kinesis.Stream(\"example\", {\n name: \"example\",\n shardCount: 2,\n});\nconst mediaPipelinesAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"mediapipelines.chime.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst callAnalyticsRole = new aws.iam.Role(\"call_analytics_role\", {\n name: \"CallAnalyticsRole\",\n assumeRolePolicy: mediaPipelinesAssumeRole.then(mediaPipelinesAssumeRole =\u003e mediaPipelinesAssumeRole.json),\n});\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyBasicConfiguration\",\n resourceAccessRoleArn: callAnalyticsRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n languageCode: \"en-US\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n tags: {\n Key1: \"Value1\",\n Key2: \"Value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kinesis.Stream(\"example\",\n name=\"example\",\n shard_count=2)\nmedia_pipelines_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"mediapipelines.chime.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ncall_analytics_role = aws.iam.Role(\"call_analytics_role\",\n name=\"CallAnalyticsRole\",\n assume_role_policy=media_pipelines_assume_role.json)\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyBasicConfiguration\",\n resource_access_role_arn=call_analytics_role.arn,\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n language_code=\"en-US\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example.arn,\n ),\n ),\n ],\n tags={\n \"Key1\": \"Value1\",\n \"Key2\": \"Value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kinesis.Stream(\"example\", new()\n {\n Name = \"example\",\n ShardCount = 2,\n });\n\n var mediaPipelinesAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"mediapipelines.chime.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var callAnalyticsRole = new Aws.Iam.Role(\"call_analytics_role\", new()\n {\n Name = \"CallAnalyticsRole\",\n AssumeRolePolicy = mediaPipelinesAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyBasicConfiguration\",\n ResourceAccessRoleArn = callAnalyticsRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n LanguageCode = \"en-US\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n Tags = \n {\n { \"Key1\", \"Value1\" },\n { \"Key2\", \"Value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kinesis.NewStream(ctx, \"example\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tShardCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmediaPipelinesAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"mediapipelines.chime.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcallAnalyticsRole, err := iam.NewRole(ctx, \"call_analytics_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"CallAnalyticsRole\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(mediaPipelinesAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyBasicConfiguration\"),\n\t\t\tResourceAccessRoleArn: callAnalyticsRole.Arn,\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: example.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Key1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Key2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Stream(\"example\", StreamArgs.builder() \n .name(\"example\")\n .shardCount(2)\n .build());\n\n final var mediaPipelinesAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"mediapipelines.chime.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var callAnalyticsRole = new Role(\"callAnalyticsRole\", RoleArgs.builder() \n .name(\"CallAnalyticsRole\")\n .assumeRolePolicy(mediaPipelinesAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyBasicConfiguration\")\n .resourceAccessRoleArn(callAnalyticsRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .languageCode(\"en-US\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"Key1\", \"Value1\"),\n Map.entry(\"Key2\", \"Value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyBasicConfiguration\n resourceAccessRoleArn: ${callAnalyticsRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n languageCode: en-US\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n tags:\n Key1: Value1\n Key2: Value2\n example:\n type: aws:kinesis:Stream\n properties:\n name: example\n shardCount: 2\n callAnalyticsRole:\n type: aws:iam:Role\n name: call_analytics_role\n properties:\n name: CallAnalyticsRole\n assumeRolePolicy: ${mediaPipelinesAssumeRole.json}\nvariables:\n mediaPipelinesAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - mediapipelines.chime.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n- The required policies on `call_analytics_role` will vary based on the selected processors. See [Call analytics resource access role](https://docs.aws.amazon.com/chime-sdk/latest/dg/ca-resource-access-role.html) for directions on choosing appropriate policies.\n\n### Transcribe Call Analytics processor usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst transcribeAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transcribe.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst postCallRole = new aws.iam.Role(\"post_call_role\", {\n name: \"PostCallAccessRole\",\n assumeRolePolicy: transcribeAssumeRole.then(transcribeAssumeRole =\u003e transcribeAssumeRole.json),\n});\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyCallAnalyticsConfiguration\",\n resourceAccessRoleArn: exampleAwsIamRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n callAnalyticsStreamCategories: [\n \"category_1\",\n \"category_2\",\n ],\n contentRedactionType: \"PII\",\n enablePartialResultsStabilization: true,\n filterPartialResults: true,\n languageCode: \"en-US\",\n languageModelName: \"MyLanguageModel\",\n partialResultsStability: \"high\",\n piiEntityTypes: \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n postCallAnalyticsSettings: {\n contentRedactionOutput: \"redacted\",\n dataAccessRoleArn: postCallRole.arn,\n outputEncryptionKmsKeyId: \"MyKmsKeyId\",\n outputLocation: \"s3://MyBucket\",\n },\n vocabularyFilterMethod: \"mask\",\n vocabularyFilterName: \"MyVocabularyFilter\",\n vocabularyName: \"MyVocabulary\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntranscribe_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transcribe.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\npost_call_role = aws.iam.Role(\"post_call_role\",\n name=\"PostCallAccessRole\",\n assume_role_policy=transcribe_assume_role.json)\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyCallAnalyticsConfiguration\",\n resource_access_role_arn=example_aws_iam_role[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n call_analytics_stream_categories=[\n \"category_1\",\n \"category_2\",\n ],\n content_redaction_type=\"PII\",\n enable_partial_results_stabilization=True,\n filter_partial_results=True,\n language_code=\"en-US\",\n language_model_name=\"MyLanguageModel\",\n partial_results_stability=\"high\",\n pii_entity_types=\"ADDRESS,BANK_ACCOUNT_NUMBER\",\n post_call_analytics_settings=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs(\n content_redaction_output=\"redacted\",\n data_access_role_arn=post_call_role.arn,\n output_encryption_kms_key_id=\"MyKmsKeyId\",\n output_location=\"s3://MyBucket\",\n ),\n vocabulary_filter_method=\"mask\",\n vocabulary_filter_name=\"MyVocabularyFilter\",\n vocabulary_name=\"MyVocabulary\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example[\"arn\"],\n ),\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var transcribeAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transcribe.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var postCallRole = new Aws.Iam.Role(\"post_call_role\", new()\n {\n Name = \"PostCallAccessRole\",\n AssumeRolePolicy = transcribeAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyCallAnalyticsConfiguration\",\n ResourceAccessRoleArn = exampleAwsIamRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n CallAnalyticsStreamCategories = new[]\n {\n \"category_1\",\n \"category_2\",\n },\n ContentRedactionType = \"PII\",\n EnablePartialResultsStabilization = true,\n FilterPartialResults = true,\n LanguageCode = \"en-US\",\n LanguageModelName = \"MyLanguageModel\",\n PartialResultsStability = \"high\",\n PiiEntityTypes = \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n PostCallAnalyticsSettings = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs\n {\n ContentRedactionOutput = \"redacted\",\n DataAccessRoleArn = postCallRole.Arn,\n OutputEncryptionKmsKeyId = \"MyKmsKeyId\",\n OutputLocation = \"s3://MyBucket\",\n },\n VocabularyFilterMethod = \"mask\",\n VocabularyFilterName = \"MyVocabularyFilter\",\n VocabularyName = \"MyVocabulary\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttranscribeAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transcribe.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpostCallRole, err := iam.NewRole(ctx, \"post_call_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"PostCallAccessRole\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(transcribeAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyCallAnalyticsConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tCallAnalyticsStreamCategories: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"category_1\"),\n\t\t\t\t\t\t\tpulumi.String(\"category_2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tContentRedactionType: pulumi.String(\"PII\"),\n\t\t\t\t\t\tEnablePartialResultsStabilization: pulumi.Bool(true),\n\t\t\t\t\t\tFilterPartialResults: pulumi.Bool(true),\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t\tLanguageModelName: pulumi.String(\"MyLanguageModel\"),\n\t\t\t\t\t\tPartialResultsStability: pulumi.String(\"high\"),\n\t\t\t\t\t\tPiiEntityTypes: pulumi.String(\"ADDRESS,BANK_ACCOUNT_NUMBER\"),\n\t\t\t\t\t\tPostCallAnalyticsSettings: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs{\n\t\t\t\t\t\t\tContentRedactionOutput: pulumi.String(\"redacted\"),\n\t\t\t\t\t\t\tDataAccessRoleArn: postCallRole.Arn,\n\t\t\t\t\t\t\tOutputEncryptionKmsKeyId: pulumi.String(\"MyKmsKeyId\"),\n\t\t\t\t\t\t\tOutputLocation: pulumi.String(\"s3://MyBucket\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVocabularyFilterMethod: pulumi.String(\"mask\"),\n\t\t\t\t\t\tVocabularyFilterName: pulumi.String(\"MyVocabularyFilter\"),\n\t\t\t\t\t\tVocabularyName: pulumi.String(\"MyVocabulary\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var transcribeAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transcribe.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var postCallRole = new Role(\"postCallRole\", RoleArgs.builder() \n .name(\"PostCallAccessRole\")\n .assumeRolePolicy(transcribeAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyCallAnalyticsConfiguration\")\n .resourceAccessRoleArn(exampleAwsIamRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .callAnalyticsStreamCategories( \n \"category_1\",\n \"category_2\")\n .contentRedactionType(\"PII\")\n .enablePartialResultsStabilization(true)\n .filterPartialResults(true)\n .languageCode(\"en-US\")\n .languageModelName(\"MyLanguageModel\")\n .partialResultsStability(\"high\")\n .piiEntityTypes(\"ADDRESS,BANK_ACCOUNT_NUMBER\")\n .postCallAnalyticsSettings(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs.builder()\n .contentRedactionOutput(\"redacted\")\n .dataAccessRoleArn(postCallRole.arn())\n .outputEncryptionKmsKeyId(\"MyKmsKeyId\")\n .outputLocation(\"s3://MyBucket\")\n .build())\n .vocabularyFilterMethod(\"mask\")\n .vocabularyFilterName(\"MyVocabularyFilter\")\n .vocabularyName(\"MyVocabulary\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyCallAnalyticsConfiguration\n resourceAccessRoleArn: ${exampleAwsIamRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n callAnalyticsStreamCategories:\n - category_1\n - category_2\n contentRedactionType: PII\n enablePartialResultsStabilization: true\n filterPartialResults: true\n languageCode: en-US\n languageModelName: MyLanguageModel\n partialResultsStability: high\n piiEntityTypes: ADDRESS,BANK_ACCOUNT_NUMBER\n postCallAnalyticsSettings:\n contentRedactionOutput: redacted\n dataAccessRoleArn: ${postCallRole.arn}\n outputEncryptionKmsKeyId: MyKmsKeyId\n outputLocation: s3://MyBucket\n vocabularyFilterMethod: mask\n vocabularyFilterName: MyVocabularyFilter\n vocabularyName: MyVocabulary\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n postCallRole:\n type: aws:iam:Role\n name: post_call_role\n properties:\n name: PostCallAccessRole\n assumeRolePolicy: ${transcribeAssumeRole.json}\nvariables:\n transcribeAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transcribe.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Real time alerts usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyRealTimeAlertConfiguration\",\n resourceAccessRoleArn: callAnalyticsRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n languageCode: \"en-US\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n realTimeAlertConfiguration: {\n disabled: false,\n rules: [\n {\n type: \"IssueDetection\",\n issueDetectionConfiguration: {\n ruleName: \"MyIssueDetectionRule\",\n },\n },\n {\n type: \"KeywordMatch\",\n keywordMatchConfiguration: {\n keywords: [\n \"keyword1\",\n \"keyword2\",\n ],\n negate: false,\n ruleName: \"MyKeywordMatchRule\",\n },\n },\n {\n type: \"Sentiment\",\n sentimentConfiguration: {\n ruleName: \"MySentimentRule\",\n sentimentType: \"NEGATIVE\",\n timePeriod: 60,\n },\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyRealTimeAlertConfiguration\",\n resource_access_role_arn=call_analytics_role[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n language_code=\"en-US\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example[\"arn\"],\n ),\n ),\n ],\n real_time_alert_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs(\n disabled=False,\n rules=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs(\n type=\"IssueDetection\",\n issue_detection_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs(\n rule_name=\"MyIssueDetectionRule\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs(\n type=\"KeywordMatch\",\n keyword_match_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs(\n keywords=[\n \"keyword1\",\n \"keyword2\",\n ],\n negate=False,\n rule_name=\"MyKeywordMatchRule\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs(\n type=\"Sentiment\",\n sentiment_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs(\n rule_name=\"MySentimentRule\",\n sentiment_type=\"NEGATIVE\",\n time_period=60,\n ),\n ),\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyRealTimeAlertConfiguration\",\n ResourceAccessRoleArn = callAnalyticsRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n LanguageCode = \"en-US\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n RealTimeAlertConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs\n {\n Disabled = false,\n Rules = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs\n {\n Type = \"IssueDetection\",\n IssueDetectionConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs\n {\n RuleName = \"MyIssueDetectionRule\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs\n {\n Type = \"KeywordMatch\",\n KeywordMatchConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs\n {\n Keywords = new[]\n {\n \"keyword1\",\n \"keyword2\",\n },\n Negate = false,\n RuleName = \"MyKeywordMatchRule\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs\n {\n Type = \"Sentiment\",\n SentimentConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs\n {\n RuleName = \"MySentimentRule\",\n SentimentType = \"NEGATIVE\",\n TimePeriod = 60,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyRealTimeAlertConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(callAnalyticsRole.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRealTimeAlertConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs{\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tRules: chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArray{\n\t\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs{\n\t\t\t\t\t\tType: pulumi.String(\"IssueDetection\"),\n\t\t\t\t\t\tIssueDetectionConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs{\n\t\t\t\t\t\t\tRuleName: pulumi.String(\"MyIssueDetectionRule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs{\n\t\t\t\t\t\tType: pulumi.String(\"KeywordMatch\"),\n\t\t\t\t\t\tKeywordMatchConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs{\n\t\t\t\t\t\t\tKeywords: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"keyword1\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"keyword2\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tNegate: pulumi.Bool(false),\n\t\t\t\t\t\t\tRuleName: pulumi.String(\"MyKeywordMatchRule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs{\n\t\t\t\t\t\tType: pulumi.String(\"Sentiment\"),\n\t\t\t\t\t\tSentimentConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs{\n\t\t\t\t\t\t\tRuleName: pulumi.String(\"MySentimentRule\"),\n\t\t\t\t\t\t\tSentimentType: pulumi.String(\"NEGATIVE\"),\n\t\t\t\t\t\t\tTimePeriod: pulumi.Int(60),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyRealTimeAlertConfiguration\")\n .resourceAccessRoleArn(callAnalyticsRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .languageCode(\"en-US\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .realTimeAlertConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs.builder()\n .disabled(false)\n .rules( \n MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs.builder()\n .type(\"IssueDetection\")\n .issueDetectionConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs.builder()\n .ruleName(\"MyIssueDetectionRule\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs.builder()\n .type(\"KeywordMatch\")\n .keywordMatchConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs.builder()\n .keywords( \n \"keyword1\",\n \"keyword2\")\n .negate(false)\n .ruleName(\"MyKeywordMatchRule\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs.builder()\n .type(\"Sentiment\")\n .sentimentConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs.builder()\n .ruleName(\"MySentimentRule\")\n .sentimentType(\"NEGATIVE\")\n .timePeriod(60)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyRealTimeAlertConfiguration\n resourceAccessRoleArn: ${callAnalyticsRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n languageCode: en-US\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n realTimeAlertConfiguration:\n disabled: false\n rules:\n - type: IssueDetection\n issueDetectionConfiguration:\n ruleName: MyIssueDetectionRule\n - type: KeywordMatch\n keywordMatchConfiguration:\n keywords:\n - keyword1\n - keyword2\n negate: false\n ruleName: MyKeywordMatchRule\n - type: Sentiment\n sentimentConfiguration:\n ruleName: MySentimentRule\n sentimentType: NEGATIVE\n timePeriod: 60\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Transcribe processor usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyTranscribeConfiguration\",\n resourceAccessRoleArn: exampleAwsIamRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeProcessor\",\n amazonTranscribeProcessorConfiguration: {\n contentIdentificationType: \"PII\",\n enablePartialResultsStabilization: true,\n filterPartialResults: true,\n languageCode: \"en-US\",\n languageModelName: \"MyLanguageModel\",\n partialResultsStability: \"high\",\n piiEntityTypes: \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n showSpeakerLabel: true,\n vocabularyFilterMethod: \"mask\",\n vocabularyFilterName: \"MyVocabularyFilter\",\n vocabularyName: \"MyVocabulary\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyTranscribeConfiguration\",\n resource_access_role_arn=example_aws_iam_role[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeProcessor\",\n amazon_transcribe_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs(\n content_identification_type=\"PII\",\n enable_partial_results_stabilization=True,\n filter_partial_results=True,\n language_code=\"en-US\",\n language_model_name=\"MyLanguageModel\",\n partial_results_stability=\"high\",\n pii_entity_types=\"ADDRESS,BANK_ACCOUNT_NUMBER\",\n show_speaker_label=True,\n vocabulary_filter_method=\"mask\",\n vocabulary_filter_name=\"MyVocabularyFilter\",\n vocabulary_name=\"MyVocabulary\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example[\"arn\"],\n ),\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyTranscribeConfiguration\",\n ResourceAccessRoleArn = exampleAwsIamRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeProcessor\",\n AmazonTranscribeProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs\n {\n ContentIdentificationType = \"PII\",\n EnablePartialResultsStabilization = true,\n FilterPartialResults = true,\n LanguageCode = \"en-US\",\n LanguageModelName = \"MyLanguageModel\",\n PartialResultsStability = \"high\",\n PiiEntityTypes = \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n ShowSpeakerLabel = true,\n VocabularyFilterMethod = \"mask\",\n VocabularyFilterName = \"MyVocabularyFilter\",\n VocabularyName = \"MyVocabulary\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyTranscribeConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeProcessor\"),\n\t\t\t\t\tAmazonTranscribeProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs{\n\t\t\t\t\t\tContentIdentificationType: pulumi.String(\"PII\"),\n\t\t\t\t\t\tEnablePartialResultsStabilization: pulumi.Bool(true),\n\t\t\t\t\t\tFilterPartialResults: pulumi.Bool(true),\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t\tLanguageModelName: pulumi.String(\"MyLanguageModel\"),\n\t\t\t\t\t\tPartialResultsStability: pulumi.String(\"high\"),\n\t\t\t\t\t\tPiiEntityTypes: pulumi.String(\"ADDRESS,BANK_ACCOUNT_NUMBER\"),\n\t\t\t\t\t\tShowSpeakerLabel: pulumi.Bool(true),\n\t\t\t\t\t\tVocabularyFilterMethod: pulumi.String(\"mask\"),\n\t\t\t\t\t\tVocabularyFilterName: pulumi.String(\"MyVocabularyFilter\"),\n\t\t\t\t\t\tVocabularyName: pulumi.String(\"MyVocabulary\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyTranscribeConfiguration\")\n .resourceAccessRoleArn(exampleAwsIamRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeProcessor\")\n .amazonTranscribeProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs.builder()\n .contentIdentificationType(\"PII\")\n .enablePartialResultsStabilization(true)\n .filterPartialResults(true)\n .languageCode(\"en-US\")\n .languageModelName(\"MyLanguageModel\")\n .partialResultsStability(\"high\")\n .piiEntityTypes(\"ADDRESS,BANK_ACCOUNT_NUMBER\")\n .showSpeakerLabel(true)\n .vocabularyFilterMethod(\"mask\")\n .vocabularyFilterName(\"MyVocabularyFilter\")\n .vocabularyName(\"MyVocabulary\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyTranscribeConfiguration\n resourceAccessRoleArn: ${exampleAwsIamRole.arn}\n elements:\n - type: AmazonTranscribeProcessor\n amazonTranscribeProcessorConfiguration:\n contentIdentificationType: PII\n enablePartialResultsStabilization: true\n filterPartialResults: true\n languageCode: en-US\n languageModelName: MyLanguageModel\n partialResultsStability: high\n piiEntityTypes: ADDRESS,BANK_ACCOUNT_NUMBER\n showSpeakerLabel: true\n vocabularyFilterMethod: mask\n vocabularyFilterName: MyVocabularyFilter\n vocabularyName: MyVocabulary\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Voice analytics processor usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyVoiceAnalyticsConfiguration\",\n resourceAccessRoleArn: example.arn,\n elements: [\n {\n type: \"VoiceAnalyticsProcessor\",\n voiceAnalyticsProcessorConfiguration: {\n speakerSearchStatus: \"Enabled\",\n voiceToneAnalysisStatus: \"Enabled\",\n },\n },\n {\n type: \"LambdaFunctionSink\",\n lambdaFunctionSinkConfiguration: {\n insightsTarget: \"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\",\n },\n },\n {\n type: \"SnsTopicSink\",\n snsTopicSinkConfiguration: {\n insightsTarget: \"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\",\n },\n },\n {\n type: \"SqsQueueSink\",\n sqsQueueSinkConfiguration: {\n insightsTarget: \"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: test.arn,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyVoiceAnalyticsConfiguration\",\n resource_access_role_arn=example[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"VoiceAnalyticsProcessor\",\n voice_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs(\n speaker_search_status=\"Enabled\",\n voice_tone_analysis_status=\"Enabled\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"LambdaFunctionSink\",\n lambda_function_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs(\n insights_target=\"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"SnsTopicSink\",\n sns_topic_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs(\n insights_target=\"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"SqsQueueSink\",\n sqs_queue_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs(\n insights_target=\"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=test[\"arn\"],\n ),\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyVoiceAnalyticsConfiguration\",\n ResourceAccessRoleArn = example.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"VoiceAnalyticsProcessor\",\n VoiceAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs\n {\n SpeakerSearchStatus = \"Enabled\",\n VoiceToneAnalysisStatus = \"Enabled\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"LambdaFunctionSink\",\n LambdaFunctionSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs\n {\n InsightsTarget = \"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"SnsTopicSink\",\n SnsTopicSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs\n {\n InsightsTarget = \"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"SqsQueueSink\",\n SqsQueueSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs\n {\n InsightsTarget = \"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = test.Arn,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyVoiceAnalyticsConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(example.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"VoiceAnalyticsProcessor\"),\n\t\t\t\t\tVoiceAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tSpeakerSearchStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\tVoiceToneAnalysisStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"LambdaFunctionSink\"),\n\t\t\t\t\tLambdaFunctionSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.String(\"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"SnsTopicSink\"),\n\t\t\t\t\tSnsTopicSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.String(\"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"SqsQueueSink\"),\n\t\t\t\t\tSqsQueueSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.String(\"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(test.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyVoiceAnalyticsConfiguration\")\n .resourceAccessRoleArn(example.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"VoiceAnalyticsProcessor\")\n .voiceAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs.builder()\n .speakerSearchStatus(\"Enabled\")\n .voiceToneAnalysisStatus(\"Enabled\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"LambdaFunctionSink\")\n .lambdaFunctionSinkConfiguration(MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs.builder()\n .insightsTarget(\"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"SnsTopicSink\")\n .snsTopicSinkConfiguration(MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs.builder()\n .insightsTarget(\"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"SqsQueueSink\")\n .sqsQueueSinkConfiguration(MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs.builder()\n .insightsTarget(\"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(test.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyVoiceAnalyticsConfiguration\n resourceAccessRoleArn: ${example.arn}\n elements:\n - type: VoiceAnalyticsProcessor\n voiceAnalyticsProcessorConfiguration:\n speakerSearchStatus: Enabled\n voiceToneAnalysisStatus: Enabled\n - type: LambdaFunctionSink\n lambdaFunctionSinkConfiguration:\n insightsTarget: arn:aws:lambda:us-west-2:1111111111:function:MyFunction\n - type: SnsTopicSink\n snsTopicSinkConfiguration:\n insightsTarget: arn:aws:sns:us-west-2:1111111111:topic/MyTopic\n - type: SqsQueueSink\n sqsQueueSinkConfiguration:\n insightsTarget: arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${test.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 Recording sink usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyS3RecordingConfiguration\",\n resourceAccessRoleArn: example.arn,\n elements: [{\n type: \"S3RecordingSink\",\n s3RecordingSinkConfiguration: {\n destination: \"arn:aws:s3:::MyBucket\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyS3RecordingConfiguration\",\n resource_access_role_arn=example[\"arn\"],\n elements=[aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"S3RecordingSink\",\n s3_recording_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs(\n destination=\"arn:aws:s3:::MyBucket\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyS3RecordingConfiguration\",\n ResourceAccessRoleArn = example.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"S3RecordingSink\",\n S3RecordingSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs\n {\n Destination = \"arn:aws:s3:::MyBucket\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyS3RecordingConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(example.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"S3RecordingSink\"),\n\t\t\t\t\tS3RecordingSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs{\n\t\t\t\t\t\tDestination: pulumi.String(\"arn:aws:s3:::MyBucket\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyS3RecordingConfiguration\")\n .resourceAccessRoleArn(example.arn())\n .elements(MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"S3RecordingSink\")\n .s3RecordingSinkConfiguration(MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs.builder()\n .destination(\"arn:aws:s3:::MyBucket\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyS3RecordingConfiguration\n resourceAccessRoleArn: ${example.arn}\n elements:\n - type: S3RecordingSink\n s3RecordingSinkConfiguration:\n destination: arn:aws:s3:::MyBucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Chime SDK Media Pipelines Media Insights Pipeline Configuration using the `id`. For example:\n\n```sh\n$ pulumi import aws:chimesdkmediapipelines/mediaInsightsPipelineConfiguration:MediaInsightsPipelineConfiguration example abcdef123456\n```\n", + "description": "Resource for managing an AWS Chime SDK Media Pipelines Media Insights Pipeline Configuration.\nConsult the [Call analytics developer guide](https://docs.aws.amazon.com/chime-sdk/latest/dg/call-analytics.html) for more detailed information about usage.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kinesis.Stream(\"example\", {\n name: \"example\",\n shardCount: 2,\n});\nconst mediaPipelinesAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"mediapipelines.chime.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst callAnalyticsRole = new aws.iam.Role(\"call_analytics_role\", {\n name: \"CallAnalyticsRole\",\n assumeRolePolicy: mediaPipelinesAssumeRole.then(mediaPipelinesAssumeRole =\u003e mediaPipelinesAssumeRole.json),\n});\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyBasicConfiguration\",\n resourceAccessRoleArn: callAnalyticsRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n languageCode: \"en-US\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n tags: {\n Key1: \"Value1\",\n Key2: \"Value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kinesis.Stream(\"example\",\n name=\"example\",\n shard_count=2)\nmedia_pipelines_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"mediapipelines.chime.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ncall_analytics_role = aws.iam.Role(\"call_analytics_role\",\n name=\"CallAnalyticsRole\",\n assume_role_policy=media_pipelines_assume_role.json)\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyBasicConfiguration\",\n resource_access_role_arn=call_analytics_role.arn,\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n language_code=\"en-US\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example.arn,\n ),\n ),\n ],\n tags={\n \"Key1\": \"Value1\",\n \"Key2\": \"Value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kinesis.Stream(\"example\", new()\n {\n Name = \"example\",\n ShardCount = 2,\n });\n\n var mediaPipelinesAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"mediapipelines.chime.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var callAnalyticsRole = new Aws.Iam.Role(\"call_analytics_role\", new()\n {\n Name = \"CallAnalyticsRole\",\n AssumeRolePolicy = mediaPipelinesAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyBasicConfiguration\",\n ResourceAccessRoleArn = callAnalyticsRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n LanguageCode = \"en-US\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n Tags = \n {\n { \"Key1\", \"Value1\" },\n { \"Key2\", \"Value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kinesis.NewStream(ctx, \"example\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tShardCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmediaPipelinesAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"mediapipelines.chime.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcallAnalyticsRole, err := iam.NewRole(ctx, \"call_analytics_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"CallAnalyticsRole\"),\n\t\t\tAssumeRolePolicy: pulumi.String(mediaPipelinesAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyBasicConfiguration\"),\n\t\t\tResourceAccessRoleArn: callAnalyticsRole.Arn,\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: example.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Key1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Key2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Stream(\"example\", StreamArgs.builder() \n .name(\"example\")\n .shardCount(2)\n .build());\n\n final var mediaPipelinesAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"mediapipelines.chime.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var callAnalyticsRole = new Role(\"callAnalyticsRole\", RoleArgs.builder() \n .name(\"CallAnalyticsRole\")\n .assumeRolePolicy(mediaPipelinesAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyBasicConfiguration\")\n .resourceAccessRoleArn(callAnalyticsRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .languageCode(\"en-US\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"Key1\", \"Value1\"),\n Map.entry(\"Key2\", \"Value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyBasicConfiguration\n resourceAccessRoleArn: ${callAnalyticsRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n languageCode: en-US\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n tags:\n Key1: Value1\n Key2: Value2\n example:\n type: aws:kinesis:Stream\n properties:\n name: example\n shardCount: 2\n callAnalyticsRole:\n type: aws:iam:Role\n name: call_analytics_role\n properties:\n name: CallAnalyticsRole\n assumeRolePolicy: ${mediaPipelinesAssumeRole.json}\nvariables:\n mediaPipelinesAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - mediapipelines.chime.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n- The required policies on `call_analytics_role` will vary based on the selected processors. See [Call analytics resource access role](https://docs.aws.amazon.com/chime-sdk/latest/dg/ca-resource-access-role.html) for directions on choosing appropriate policies.\n\n### Transcribe Call Analytics processor usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst transcribeAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transcribe.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst postCallRole = new aws.iam.Role(\"post_call_role\", {\n name: \"PostCallAccessRole\",\n assumeRolePolicy: transcribeAssumeRole.then(transcribeAssumeRole =\u003e transcribeAssumeRole.json),\n});\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyCallAnalyticsConfiguration\",\n resourceAccessRoleArn: exampleAwsIamRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n callAnalyticsStreamCategories: [\n \"category_1\",\n \"category_2\",\n ],\n contentRedactionType: \"PII\",\n enablePartialResultsStabilization: true,\n filterPartialResults: true,\n languageCode: \"en-US\",\n languageModelName: \"MyLanguageModel\",\n partialResultsStability: \"high\",\n piiEntityTypes: \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n postCallAnalyticsSettings: {\n contentRedactionOutput: \"redacted\",\n dataAccessRoleArn: postCallRole.arn,\n outputEncryptionKmsKeyId: \"MyKmsKeyId\",\n outputLocation: \"s3://MyBucket\",\n },\n vocabularyFilterMethod: \"mask\",\n vocabularyFilterName: \"MyVocabularyFilter\",\n vocabularyName: \"MyVocabulary\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntranscribe_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transcribe.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\npost_call_role = aws.iam.Role(\"post_call_role\",\n name=\"PostCallAccessRole\",\n assume_role_policy=transcribe_assume_role.json)\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyCallAnalyticsConfiguration\",\n resource_access_role_arn=example_aws_iam_role[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n call_analytics_stream_categories=[\n \"category_1\",\n \"category_2\",\n ],\n content_redaction_type=\"PII\",\n enable_partial_results_stabilization=True,\n filter_partial_results=True,\n language_code=\"en-US\",\n language_model_name=\"MyLanguageModel\",\n partial_results_stability=\"high\",\n pii_entity_types=\"ADDRESS,BANK_ACCOUNT_NUMBER\",\n post_call_analytics_settings=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs(\n content_redaction_output=\"redacted\",\n data_access_role_arn=post_call_role.arn,\n output_encryption_kms_key_id=\"MyKmsKeyId\",\n output_location=\"s3://MyBucket\",\n ),\n vocabulary_filter_method=\"mask\",\n vocabulary_filter_name=\"MyVocabularyFilter\",\n vocabulary_name=\"MyVocabulary\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example[\"arn\"],\n ),\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var transcribeAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transcribe.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var postCallRole = new Aws.Iam.Role(\"post_call_role\", new()\n {\n Name = \"PostCallAccessRole\",\n AssumeRolePolicy = transcribeAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyCallAnalyticsConfiguration\",\n ResourceAccessRoleArn = exampleAwsIamRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n CallAnalyticsStreamCategories = new[]\n {\n \"category_1\",\n \"category_2\",\n },\n ContentRedactionType = \"PII\",\n EnablePartialResultsStabilization = true,\n FilterPartialResults = true,\n LanguageCode = \"en-US\",\n LanguageModelName = \"MyLanguageModel\",\n PartialResultsStability = \"high\",\n PiiEntityTypes = \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n PostCallAnalyticsSettings = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs\n {\n ContentRedactionOutput = \"redacted\",\n DataAccessRoleArn = postCallRole.Arn,\n OutputEncryptionKmsKeyId = \"MyKmsKeyId\",\n OutputLocation = \"s3://MyBucket\",\n },\n VocabularyFilterMethod = \"mask\",\n VocabularyFilterName = \"MyVocabularyFilter\",\n VocabularyName = \"MyVocabulary\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttranscribeAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transcribe.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpostCallRole, err := iam.NewRole(ctx, \"post_call_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"PostCallAccessRole\"),\n\t\t\tAssumeRolePolicy: pulumi.String(transcribeAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyCallAnalyticsConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tCallAnalyticsStreamCategories: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"category_1\"),\n\t\t\t\t\t\t\tpulumi.String(\"category_2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tContentRedactionType: pulumi.String(\"PII\"),\n\t\t\t\t\t\tEnablePartialResultsStabilization: pulumi.Bool(true),\n\t\t\t\t\t\tFilterPartialResults: pulumi.Bool(true),\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t\tLanguageModelName: pulumi.String(\"MyLanguageModel\"),\n\t\t\t\t\t\tPartialResultsStability: pulumi.String(\"high\"),\n\t\t\t\t\t\tPiiEntityTypes: pulumi.String(\"ADDRESS,BANK_ACCOUNT_NUMBER\"),\n\t\t\t\t\t\tPostCallAnalyticsSettings: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs{\n\t\t\t\t\t\t\tContentRedactionOutput: pulumi.String(\"redacted\"),\n\t\t\t\t\t\t\tDataAccessRoleArn: postCallRole.Arn,\n\t\t\t\t\t\t\tOutputEncryptionKmsKeyId: pulumi.String(\"MyKmsKeyId\"),\n\t\t\t\t\t\t\tOutputLocation: pulumi.String(\"s3://MyBucket\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVocabularyFilterMethod: pulumi.String(\"mask\"),\n\t\t\t\t\t\tVocabularyFilterName: pulumi.String(\"MyVocabularyFilter\"),\n\t\t\t\t\t\tVocabularyName: pulumi.String(\"MyVocabulary\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var transcribeAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transcribe.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var postCallRole = new Role(\"postCallRole\", RoleArgs.builder() \n .name(\"PostCallAccessRole\")\n .assumeRolePolicy(transcribeAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyCallAnalyticsConfiguration\")\n .resourceAccessRoleArn(exampleAwsIamRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .callAnalyticsStreamCategories( \n \"category_1\",\n \"category_2\")\n .contentRedactionType(\"PII\")\n .enablePartialResultsStabilization(true)\n .filterPartialResults(true)\n .languageCode(\"en-US\")\n .languageModelName(\"MyLanguageModel\")\n .partialResultsStability(\"high\")\n .piiEntityTypes(\"ADDRESS,BANK_ACCOUNT_NUMBER\")\n .postCallAnalyticsSettings(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettingsArgs.builder()\n .contentRedactionOutput(\"redacted\")\n .dataAccessRoleArn(postCallRole.arn())\n .outputEncryptionKmsKeyId(\"MyKmsKeyId\")\n .outputLocation(\"s3://MyBucket\")\n .build())\n .vocabularyFilterMethod(\"mask\")\n .vocabularyFilterName(\"MyVocabularyFilter\")\n .vocabularyName(\"MyVocabulary\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyCallAnalyticsConfiguration\n resourceAccessRoleArn: ${exampleAwsIamRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n callAnalyticsStreamCategories:\n - category_1\n - category_2\n contentRedactionType: PII\n enablePartialResultsStabilization: true\n filterPartialResults: true\n languageCode: en-US\n languageModelName: MyLanguageModel\n partialResultsStability: high\n piiEntityTypes: ADDRESS,BANK_ACCOUNT_NUMBER\n postCallAnalyticsSettings:\n contentRedactionOutput: redacted\n dataAccessRoleArn: ${postCallRole.arn}\n outputEncryptionKmsKeyId: MyKmsKeyId\n outputLocation: s3://MyBucket\n vocabularyFilterMethod: mask\n vocabularyFilterName: MyVocabularyFilter\n vocabularyName: MyVocabulary\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n postCallRole:\n type: aws:iam:Role\n name: post_call_role\n properties:\n name: PostCallAccessRole\n assumeRolePolicy: ${transcribeAssumeRole.json}\nvariables:\n transcribeAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transcribe.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Real time alerts usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyRealTimeAlertConfiguration\",\n resourceAccessRoleArn: callAnalyticsRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeCallAnalyticsProcessor\",\n amazonTranscribeCallAnalyticsProcessorConfiguration: {\n languageCode: \"en-US\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n realTimeAlertConfiguration: {\n disabled: false,\n rules: [\n {\n type: \"IssueDetection\",\n issueDetectionConfiguration: {\n ruleName: \"MyIssueDetectionRule\",\n },\n },\n {\n type: \"KeywordMatch\",\n keywordMatchConfiguration: {\n keywords: [\n \"keyword1\",\n \"keyword2\",\n ],\n negate: false,\n ruleName: \"MyKeywordMatchRule\",\n },\n },\n {\n type: \"Sentiment\",\n sentimentConfiguration: {\n ruleName: \"MySentimentRule\",\n sentimentType: \"NEGATIVE\",\n timePeriod: 60,\n },\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyRealTimeAlertConfiguration\",\n resource_access_role_arn=call_analytics_role[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeCallAnalyticsProcessor\",\n amazon_transcribe_call_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs(\n language_code=\"en-US\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example[\"arn\"],\n ),\n ),\n ],\n real_time_alert_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs(\n disabled=False,\n rules=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs(\n type=\"IssueDetection\",\n issue_detection_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs(\n rule_name=\"MyIssueDetectionRule\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs(\n type=\"KeywordMatch\",\n keyword_match_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs(\n keywords=[\n \"keyword1\",\n \"keyword2\",\n ],\n negate=False,\n rule_name=\"MyKeywordMatchRule\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs(\n type=\"Sentiment\",\n sentiment_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs(\n rule_name=\"MySentimentRule\",\n sentiment_type=\"NEGATIVE\",\n time_period=60,\n ),\n ),\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyRealTimeAlertConfiguration\",\n ResourceAccessRoleArn = callAnalyticsRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeCallAnalyticsProcessor\",\n AmazonTranscribeCallAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs\n {\n LanguageCode = \"en-US\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n RealTimeAlertConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs\n {\n Disabled = false,\n Rules = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs\n {\n Type = \"IssueDetection\",\n IssueDetectionConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs\n {\n RuleName = \"MyIssueDetectionRule\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs\n {\n Type = \"KeywordMatch\",\n KeywordMatchConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs\n {\n Keywords = new[]\n {\n \"keyword1\",\n \"keyword2\",\n },\n Negate = false,\n RuleName = \"MyKeywordMatchRule\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs\n {\n Type = \"Sentiment\",\n SentimentConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs\n {\n RuleName = \"MySentimentRule\",\n SentimentType = \"NEGATIVE\",\n TimePeriod = 60,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyRealTimeAlertConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(callAnalyticsRole.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeCallAnalyticsProcessor\"),\n\t\t\t\t\tAmazonTranscribeCallAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRealTimeAlertConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs{\n\t\t\t\tDisabled: pulumi.Bool(false),\n\t\t\t\tRules: chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArray{\n\t\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs{\n\t\t\t\t\t\tType: pulumi.String(\"IssueDetection\"),\n\t\t\t\t\t\tIssueDetectionConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs{\n\t\t\t\t\t\t\tRuleName: pulumi.String(\"MyIssueDetectionRule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs{\n\t\t\t\t\t\tType: pulumi.String(\"KeywordMatch\"),\n\t\t\t\t\t\tKeywordMatchConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs{\n\t\t\t\t\t\t\tKeywords: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"keyword1\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"keyword2\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tNegate: pulumi.Bool(false),\n\t\t\t\t\t\t\tRuleName: pulumi.String(\"MyKeywordMatchRule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs{\n\t\t\t\t\t\tType: pulumi.String(\"Sentiment\"),\n\t\t\t\t\t\tSentimentConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs{\n\t\t\t\t\t\t\tRuleName: pulumi.String(\"MySentimentRule\"),\n\t\t\t\t\t\t\tSentimentType: pulumi.String(\"NEGATIVE\"),\n\t\t\t\t\t\t\tTimePeriod: pulumi.Int(60),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyRealTimeAlertConfiguration\")\n .resourceAccessRoleArn(callAnalyticsRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeCallAnalyticsProcessor\")\n .amazonTranscribeCallAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationArgs.builder()\n .languageCode(\"en-US\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .realTimeAlertConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationArgs.builder()\n .disabled(false)\n .rules( \n MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs.builder()\n .type(\"IssueDetection\")\n .issueDetectionConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfigurationArgs.builder()\n .ruleName(\"MyIssueDetectionRule\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs.builder()\n .type(\"KeywordMatch\")\n .keywordMatchConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfigurationArgs.builder()\n .keywords( \n \"keyword1\",\n \"keyword2\")\n .negate(false)\n .ruleName(\"MyKeywordMatchRule\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleArgs.builder()\n .type(\"Sentiment\")\n .sentimentConfiguration(MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfigurationArgs.builder()\n .ruleName(\"MySentimentRule\")\n .sentimentType(\"NEGATIVE\")\n .timePeriod(60)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyRealTimeAlertConfiguration\n resourceAccessRoleArn: ${callAnalyticsRole.arn}\n elements:\n - type: AmazonTranscribeCallAnalyticsProcessor\n amazonTranscribeCallAnalyticsProcessorConfiguration:\n languageCode: en-US\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n realTimeAlertConfiguration:\n disabled: false\n rules:\n - type: IssueDetection\n issueDetectionConfiguration:\n ruleName: MyIssueDetectionRule\n - type: KeywordMatch\n keywordMatchConfiguration:\n keywords:\n - keyword1\n - keyword2\n negate: false\n ruleName: MyKeywordMatchRule\n - type: Sentiment\n sentimentConfiguration:\n ruleName: MySentimentRule\n sentimentType: NEGATIVE\n timePeriod: 60\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Transcribe processor usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyTranscribeConfiguration\",\n resourceAccessRoleArn: exampleAwsIamRole.arn,\n elements: [\n {\n type: \"AmazonTranscribeProcessor\",\n amazonTranscribeProcessorConfiguration: {\n contentIdentificationType: \"PII\",\n enablePartialResultsStabilization: true,\n filterPartialResults: true,\n languageCode: \"en-US\",\n languageModelName: \"MyLanguageModel\",\n partialResultsStability: \"high\",\n piiEntityTypes: \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n showSpeakerLabel: true,\n vocabularyFilterMethod: \"mask\",\n vocabularyFilterName: \"MyVocabularyFilter\",\n vocabularyName: \"MyVocabulary\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: example.arn,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyTranscribeConfiguration\",\n resource_access_role_arn=example_aws_iam_role[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"AmazonTranscribeProcessor\",\n amazon_transcribe_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs(\n content_identification_type=\"PII\",\n enable_partial_results_stabilization=True,\n filter_partial_results=True,\n language_code=\"en-US\",\n language_model_name=\"MyLanguageModel\",\n partial_results_stability=\"high\",\n pii_entity_types=\"ADDRESS,BANK_ACCOUNT_NUMBER\",\n show_speaker_label=True,\n vocabulary_filter_method=\"mask\",\n vocabulary_filter_name=\"MyVocabularyFilter\",\n vocabulary_name=\"MyVocabulary\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=example[\"arn\"],\n ),\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyTranscribeConfiguration\",\n ResourceAccessRoleArn = exampleAwsIamRole.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"AmazonTranscribeProcessor\",\n AmazonTranscribeProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs\n {\n ContentIdentificationType = \"PII\",\n EnablePartialResultsStabilization = true,\n FilterPartialResults = true,\n LanguageCode = \"en-US\",\n LanguageModelName = \"MyLanguageModel\",\n PartialResultsStability = \"high\",\n PiiEntityTypes = \"ADDRESS,BANK_ACCOUNT_NUMBER\",\n ShowSpeakerLabel = true,\n VocabularyFilterMethod = \"mask\",\n VocabularyFilterName = \"MyVocabularyFilter\",\n VocabularyName = \"MyVocabulary\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = example.Arn,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyTranscribeConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"AmazonTranscribeProcessor\"),\n\t\t\t\t\tAmazonTranscribeProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs{\n\t\t\t\t\t\tContentIdentificationType: pulumi.String(\"PII\"),\n\t\t\t\t\t\tEnablePartialResultsStabilization: pulumi.Bool(true),\n\t\t\t\t\t\tFilterPartialResults: pulumi.Bool(true),\n\t\t\t\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\t\t\t\tLanguageModelName: pulumi.String(\"MyLanguageModel\"),\n\t\t\t\t\t\tPartialResultsStability: pulumi.String(\"high\"),\n\t\t\t\t\t\tPiiEntityTypes: pulumi.String(\"ADDRESS,BANK_ACCOUNT_NUMBER\"),\n\t\t\t\t\t\tShowSpeakerLabel: pulumi.Bool(true),\n\t\t\t\t\t\tVocabularyFilterMethod: pulumi.String(\"mask\"),\n\t\t\t\t\t\tVocabularyFilterName: pulumi.String(\"MyVocabularyFilter\"),\n\t\t\t\t\t\tVocabularyName: pulumi.String(\"MyVocabulary\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyTranscribeConfiguration\")\n .resourceAccessRoleArn(exampleAwsIamRole.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"AmazonTranscribeProcessor\")\n .amazonTranscribeProcessorConfiguration(MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfigurationArgs.builder()\n .contentIdentificationType(\"PII\")\n .enablePartialResultsStabilization(true)\n .filterPartialResults(true)\n .languageCode(\"en-US\")\n .languageModelName(\"MyLanguageModel\")\n .partialResultsStability(\"high\")\n .piiEntityTypes(\"ADDRESS,BANK_ACCOUNT_NUMBER\")\n .showSpeakerLabel(true)\n .vocabularyFilterMethod(\"mask\")\n .vocabularyFilterName(\"MyVocabularyFilter\")\n .vocabularyName(\"MyVocabulary\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(example.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyTranscribeConfiguration\n resourceAccessRoleArn: ${exampleAwsIamRole.arn}\n elements:\n - type: AmazonTranscribeProcessor\n amazonTranscribeProcessorConfiguration:\n contentIdentificationType: PII\n enablePartialResultsStabilization: true\n filterPartialResults: true\n languageCode: en-US\n languageModelName: MyLanguageModel\n partialResultsStability: high\n piiEntityTypes: ADDRESS,BANK_ACCOUNT_NUMBER\n showSpeakerLabel: true\n vocabularyFilterMethod: mask\n vocabularyFilterName: MyVocabularyFilter\n vocabularyName: MyVocabulary\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Voice analytics processor usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyVoiceAnalyticsConfiguration\",\n resourceAccessRoleArn: example.arn,\n elements: [\n {\n type: \"VoiceAnalyticsProcessor\",\n voiceAnalyticsProcessorConfiguration: {\n speakerSearchStatus: \"Enabled\",\n voiceToneAnalysisStatus: \"Enabled\",\n },\n },\n {\n type: \"LambdaFunctionSink\",\n lambdaFunctionSinkConfiguration: {\n insightsTarget: \"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\",\n },\n },\n {\n type: \"SnsTopicSink\",\n snsTopicSinkConfiguration: {\n insightsTarget: \"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\",\n },\n },\n {\n type: \"SqsQueueSink\",\n sqsQueueSinkConfiguration: {\n insightsTarget: \"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\",\n },\n },\n {\n type: \"KinesisDataStreamSink\",\n kinesisDataStreamSinkConfiguration: {\n insightsTarget: test.arn,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyVoiceAnalyticsConfiguration\",\n resource_access_role_arn=example[\"arn\"],\n elements=[\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"VoiceAnalyticsProcessor\",\n voice_analytics_processor_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs(\n speaker_search_status=\"Enabled\",\n voice_tone_analysis_status=\"Enabled\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"LambdaFunctionSink\",\n lambda_function_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs(\n insights_target=\"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"SnsTopicSink\",\n sns_topic_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs(\n insights_target=\"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"SqsQueueSink\",\n sqs_queue_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs(\n insights_target=\"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\",\n ),\n ),\n aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"KinesisDataStreamSink\",\n kinesis_data_stream_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs(\n insights_target=test[\"arn\"],\n ),\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyVoiceAnalyticsConfiguration\",\n ResourceAccessRoleArn = example.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"VoiceAnalyticsProcessor\",\n VoiceAnalyticsProcessorConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs\n {\n SpeakerSearchStatus = \"Enabled\",\n VoiceToneAnalysisStatus = \"Enabled\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"LambdaFunctionSink\",\n LambdaFunctionSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs\n {\n InsightsTarget = \"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"SnsTopicSink\",\n SnsTopicSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs\n {\n InsightsTarget = \"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"SqsQueueSink\",\n SqsQueueSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs\n {\n InsightsTarget = \"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\",\n },\n },\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"KinesisDataStreamSink\",\n KinesisDataStreamSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs\n {\n InsightsTarget = test.Arn,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyVoiceAnalyticsConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(example.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"VoiceAnalyticsProcessor\"),\n\t\t\t\t\tVoiceAnalyticsProcessorConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs{\n\t\t\t\t\t\tSpeakerSearchStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\tVoiceToneAnalysisStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"LambdaFunctionSink\"),\n\t\t\t\t\tLambdaFunctionSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.String(\"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"SnsTopicSink\"),\n\t\t\t\t\tSnsTopicSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.String(\"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"SqsQueueSink\"),\n\t\t\t\t\tSqsQueueSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.String(\"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"KinesisDataStreamSink\"),\n\t\t\t\t\tKinesisDataStreamSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs{\n\t\t\t\t\t\tInsightsTarget: pulumi.Any(test.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyVoiceAnalyticsConfiguration\")\n .resourceAccessRoleArn(example.arn())\n .elements( \n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"VoiceAnalyticsProcessor\")\n .voiceAnalyticsProcessorConfiguration(MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfigurationArgs.builder()\n .speakerSearchStatus(\"Enabled\")\n .voiceToneAnalysisStatus(\"Enabled\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"LambdaFunctionSink\")\n .lambdaFunctionSinkConfiguration(MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfigurationArgs.builder()\n .insightsTarget(\"arn:aws:lambda:us-west-2:1111111111:function:MyFunction\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"SnsTopicSink\")\n .snsTopicSinkConfiguration(MediaInsightsPipelineConfigurationElementSnsTopicSinkConfigurationArgs.builder()\n .insightsTarget(\"arn:aws:sns:us-west-2:1111111111:topic/MyTopic\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"SqsQueueSink\")\n .sqsQueueSinkConfiguration(MediaInsightsPipelineConfigurationElementSqsQueueSinkConfigurationArgs.builder()\n .insightsTarget(\"arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\")\n .build())\n .build(),\n MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"KinesisDataStreamSink\")\n .kinesisDataStreamSinkConfiguration(MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfigurationArgs.builder()\n .insightsTarget(test.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyVoiceAnalyticsConfiguration\n resourceAccessRoleArn: ${example.arn}\n elements:\n - type: VoiceAnalyticsProcessor\n voiceAnalyticsProcessorConfiguration:\n speakerSearchStatus: Enabled\n voiceToneAnalysisStatus: Enabled\n - type: LambdaFunctionSink\n lambdaFunctionSinkConfiguration:\n insightsTarget: arn:aws:lambda:us-west-2:1111111111:function:MyFunction\n - type: SnsTopicSink\n snsTopicSinkConfiguration:\n insightsTarget: arn:aws:sns:us-west-2:1111111111:topic/MyTopic\n - type: SqsQueueSink\n sqsQueueSinkConfiguration:\n insightsTarget: arn:aws:sqs:us-west-2:1111111111:queue/MyQueue\n - type: KinesisDataStreamSink\n kinesisDataStreamSinkConfiguration:\n insightsTarget: ${test.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 Recording sink usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myConfiguration = new aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", {\n name: \"MyS3RecordingConfiguration\",\n resourceAccessRoleArn: example.arn,\n elements: [{\n type: \"S3RecordingSink\",\n s3RecordingSinkConfiguration: {\n destination: \"arn:aws:s3:::MyBucket\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_configuration = aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration(\"my_configuration\",\n name=\"MyS3RecordingConfiguration\",\n resource_access_role_arn=example[\"arn\"],\n elements=[aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs(\n type=\"S3RecordingSink\",\n s3_recording_sink_configuration=aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs(\n destination=\"arn:aws:s3:::MyBucket\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myConfiguration = new Aws.ChimeSDKMediaPipelines.MediaInsightsPipelineConfiguration(\"my_configuration\", new()\n {\n Name = \"MyS3RecordingConfiguration\",\n ResourceAccessRoleArn = example.Arn,\n Elements = new[]\n {\n new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementArgs\n {\n Type = \"S3RecordingSink\",\n S3RecordingSinkConfiguration = new Aws.ChimeSDKMediaPipelines.Inputs.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs\n {\n Destination = \"arn:aws:s3:::MyBucket\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/chimesdkmediapipelines\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := chimesdkmediapipelines.NewMediaInsightsPipelineConfiguration(ctx, \"my_configuration\", \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs{\n\t\t\tName: pulumi.String(\"MyS3RecordingConfiguration\"),\n\t\t\tResourceAccessRoleArn: pulumi.Any(example.Arn),\n\t\t\tElements: chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArray{\n\t\t\t\t\u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementArgs{\n\t\t\t\t\tType: pulumi.String(\"S3RecordingSink\"),\n\t\t\t\t\tS3RecordingSinkConfiguration: \u0026chimesdkmediapipelines.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs{\n\t\t\t\t\t\tDestination: pulumi.String(\"arn:aws:s3:::MyBucket\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfiguration;\nimport com.pulumi.aws.chimesdkmediapipelines.MediaInsightsPipelineConfigurationArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementArgs;\nimport com.pulumi.aws.chimesdkmediapipelines.inputs.MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myConfiguration = new MediaInsightsPipelineConfiguration(\"myConfiguration\", MediaInsightsPipelineConfigurationArgs.builder() \n .name(\"MyS3RecordingConfiguration\")\n .resourceAccessRoleArn(example.arn())\n .elements(MediaInsightsPipelineConfigurationElementArgs.builder()\n .type(\"S3RecordingSink\")\n .s3RecordingSinkConfiguration(MediaInsightsPipelineConfigurationElementS3RecordingSinkConfigurationArgs.builder()\n .destination(\"arn:aws:s3:::MyBucket\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myConfiguration:\n type: aws:chimesdkmediapipelines:MediaInsightsPipelineConfiguration\n name: my_configuration\n properties:\n name: MyS3RecordingConfiguration\n resourceAccessRoleArn: ${example.arn}\n elements:\n - type: S3RecordingSink\n s3RecordingSinkConfiguration:\n destination: arn:aws:s3:::MyBucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Chime SDK Media Pipelines Media Insights Pipeline Configuration using the `id`. For example:\n\n```sh\n$ pulumi import aws:chimesdkmediapipelines/mediaInsightsPipelineConfiguration:MediaInsightsPipelineConfiguration example abcdef123456\n```\n", "properties": { "arn": { "type": "string", @@ -178192,7 +178192,7 @@ } }, "aws:cloudformation/stackSet:StackSet": { - "description": "Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (`aws.cloudformation.StackSetInstance` resource). Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n\u003e **NOTE:** All template parameters, including those with a `Default`, must be configured or ignored with the `lifecycle` configuration block `ignore_changes` argument.\n\n\u003e **NOTE:** All `NoEcho` template parameters must be ignored with the `lifecycle` configuration block `ignore_changes` argument.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n identifiers: [\"cloudformation.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst aWSCloudFormationStackSetAdministrationRole = new aws.iam.Role(\"AWSCloudFormationStackSetAdministrationRole\", {\n assumeRolePolicy: aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.then(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy =\u003e aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json),\n name: \"AWSCloudFormationStackSetAdministrationRole\",\n});\nconst example = new aws.cloudformation.StackSet(\"example\", {\n administrationRoleArn: aWSCloudFormationStackSetAdministrationRole.arn,\n name: \"example\",\n parameters: {\n VPCCidr: \"10.0.0.0/16\",\n },\n templateBody: JSON.stringify({\n parameters: {\n vPCCidr: {\n type: \"String\",\n \"default\": \"10.0.0.0/16\",\n description: \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n },\n },\n resources: {\n myVpc: {\n type: \"AWS::EC2::VPC\",\n properties: {\n cidrBlock: {\n ref: \"VPCCidr\",\n },\n tags: [{\n key: \"Name\",\n value: \"Primary_CF_VPC\",\n }],\n },\n },\n },\n }),\n});\nconst aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n resources: [pulumi.interpolate`arn:aws:iam::*:role/${example.executionRoleName}`],\n }],\n});\nconst aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new aws.iam.RolePolicy(\"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\", {\n name: \"ExecutionPolicy\",\n policy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy =\u003e aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json),\n role: aWSCloudFormationStackSetAdministrationRole.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\na_ws_cloud_formation_stack_set_administration_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"cloudformation.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\na_ws_cloud_formation_stack_set_administration_role = aws.iam.Role(\"AWSCloudFormationStackSetAdministrationRole\",\n assume_role_policy=a_ws_cloud_formation_stack_set_administration_role_assume_role_policy.json,\n name=\"AWSCloudFormationStackSetAdministrationRole\")\nexample = aws.cloudformation.StackSet(\"example\",\n administration_role_arn=a_ws_cloud_formation_stack_set_administration_role.arn,\n name=\"example\",\n parameters={\n \"VPCCidr\": \"10.0.0.0/16\",\n },\n template_body=json.dumps({\n \"parameters\": {\n \"vPCCidr\": {\n \"type\": \"String\",\n \"default\": \"10.0.0.0/16\",\n \"description\": \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n },\n },\n \"resources\": {\n \"myVpc\": {\n \"type\": \"AWS::EC2::VPC\",\n \"properties\": {\n \"cidrBlock\": {\n \"ref\": \"VPCCidr\",\n },\n \"tags\": [{\n \"key\": \"Name\",\n \"value\": \"Primary_CF_VPC\",\n }],\n },\n },\n },\n }))\na_ws_cloud_formation_stack_set_administration_role_execution_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n resources=[example.execution_role_name.apply(lambda execution_role_name: f\"arn:aws:iam::*:role/{execution_role_name}\")],\n)])\na_ws_cloud_formation_stack_set_administration_role_execution_policy_role_policy = aws.iam.RolePolicy(\"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\",\n name=\"ExecutionPolicy\",\n policy=a_ws_cloud_formation_stack_set_administration_role_execution_policy.json,\n role=a_ws_cloud_formation_stack_set_administration_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"cloudformation.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role(\"AWSCloudFormationStackSetAdministrationRole\", new()\n {\n AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"AWSCloudFormationStackSetAdministrationRole\",\n });\n\n var example = new Aws.CloudFormation.StackSet(\"example\", new()\n {\n AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,\n Name = \"example\",\n Parameters = \n {\n { \"VPCCidr\", \"10.0.0.0/16\" },\n },\n TemplateBody = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"parameters\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"vPCCidr\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"String\",\n [\"default\"] = \"10.0.0.0/16\",\n [\"description\"] = \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n },\n },\n [\"resources\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"myVpc\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"AWS::EC2::VPC\",\n [\"properties\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"cidrBlock\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"ref\"] = \"VPCCidr\",\n },\n [\"tags\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"Name\",\n [\"value\"] = \"Primary_CF_VPC\",\n },\n },\n },\n },\n },\n }),\n });\n\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Resources = new[]\n {\n $\"arn:aws:iam::*:role/{example.ExecutionRoleName}\",\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy(\"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\", new()\n {\n Name = \"ExecutionPolicy\",\n Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Role = aWSCloudFormationStackSetAdministrationRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"cloudformation.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taWSCloudFormationStackSetAdministrationRole, err := iam.NewRole(ctx, \"AWSCloudFormationStackSetAdministrationRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),\n\t\t\tName: pulumi.String(\"AWSCloudFormationStackSetAdministrationRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"parameters\": map[string]interface{}{\n\t\t\t\t\"vPCCidr\": map[string]interface{}{\n\t\t\t\t\t\"type\": \"String\",\n\t\t\t\t\t\"default\": \"10.0.0.0/16\",\n\t\t\t\t\t\"description\": \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"resources\": map[string]interface{}{\n\t\t\t\t\"myVpc\": map[string]interface{}{\n\t\t\t\t\t\"type\": \"AWS::EC2::VPC\",\n\t\t\t\t\t\"properties\": map[string]interface{}{\n\t\t\t\t\t\t\"cidrBlock\": map[string]interface{}{\n\t\t\t\t\t\t\t\"ref\": \"VPCCidr\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"tags\": []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"key\": \"Name\",\n\t\t\t\t\t\t\t\t\"value\": \"Primary_CF_VPC\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := cloudformation.NewStackSet(ctx, \"example\", \u0026cloudformation.StackSetArgs{\n\t\t\tAdministrationRoleArn: aWSCloudFormationStackSetAdministrationRole.Arn,\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"VPCCidr\": pulumi.String(\"10.0.0.0/16\"),\n\t\t\t},\n\t\t\tTemplateBody: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taWSCloudFormationStackSetAdministrationRoleExecutionPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sts:AssumeRole\"),\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.ExecutionRoleName.ApplyT(func(executionRoleName string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"arn:aws:iam::*:role/%v\", executionRoleName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"ExecutionPolicy\"),\n\t\t\tPolicy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.ApplyT(func(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tRole: aWSCloudFormationStackSetAdministrationRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cloudformation.StackSet;\nimport com.pulumi.aws.cloudformation.StackSetArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"cloudformation.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var aWSCloudFormationStackSetAdministrationRole = new Role(\"aWSCloudFormationStackSetAdministrationRole\", RoleArgs.builder() \n .assumeRolePolicy(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"AWSCloudFormationStackSetAdministrationRole\")\n .build());\n\n var example = new StackSet(\"example\", StackSetArgs.builder() \n .administrationRoleArn(aWSCloudFormationStackSetAdministrationRole.arn())\n .name(\"example\")\n .parameters(Map.of(\"VPCCidr\", \"10.0.0.0/16\"))\n .templateBody(serializeJson(\n jsonObject(\n jsonProperty(\"parameters\", jsonObject(\n jsonProperty(\"vPCCidr\", jsonObject(\n jsonProperty(\"type\", \"String\"),\n jsonProperty(\"default\", \"10.0.0.0/16\"),\n jsonProperty(\"description\", \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\")\n ))\n )),\n jsonProperty(\"resources\", jsonObject(\n jsonProperty(\"myVpc\", jsonObject(\n jsonProperty(\"type\", \"AWS::EC2::VPC\"),\n jsonProperty(\"properties\", jsonObject(\n jsonProperty(\"cidrBlock\", jsonObject(\n jsonProperty(\"ref\", \"VPCCidr\")\n )),\n jsonProperty(\"tags\", jsonArray(jsonObject(\n jsonProperty(\"key\", \"Name\"),\n jsonProperty(\"value\", \"Primary_CF_VPC\")\n )))\n ))\n ))\n ))\n )))\n .build());\n\n final var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .resources(example.executionRoleName().applyValue(executionRoleName -\u003e String.format(\"arn:aws:iam::*:role/%s\", executionRoleName)))\n .build())\n .build());\n\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new RolePolicy(\"aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"ExecutionPolicy\")\n .policy(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy -\u003e aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .role(aWSCloudFormationStackSetAdministrationRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n aWSCloudFormationStackSetAdministrationRole:\n type: aws:iam:Role\n name: AWSCloudFormationStackSetAdministrationRole\n properties:\n assumeRolePolicy: ${aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json}\n name: AWSCloudFormationStackSetAdministrationRole\n example:\n type: aws:cloudformation:StackSet\n properties:\n administrationRoleArn: ${aWSCloudFormationStackSetAdministrationRole.arn}\n name: example\n parameters:\n VPCCidr: 10.0.0.0/16\n templateBody:\n fn::toJSON:\n parameters:\n vPCCidr:\n type: String\n default: 10.0.0.0/16\n description: Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\n resources:\n myVpc:\n type: AWS::EC2::VPC\n properties:\n cidrBlock:\n ref: VPCCidr\n tags:\n - key: Name\n value: Primary_CF_VPC\n aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\n properties:\n name: ExecutionPolicy\n policy: ${aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json}\n role: ${aWSCloudFormationStackSetAdministrationRole.name}\nvariables:\n aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - identifiers:\n - cloudformation.amazonaws.com\n type: Service\n aWSCloudFormationStackSetAdministrationRoleExecutionPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n resources:\n - arn:aws:iam::*:role/${example.executionRoleName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImport CloudFormation StackSets when acting a delegated administrator in a member account using the `name` and `call_as` values separated by a comma (`,`). For example:\n\nUsing `pulumi import`, import CloudFormation StackSets using the `name`. For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSet:StackSet example example\n```\nUsing `pulumi import`, import CloudFormation StackSets when acting a delegated administrator in a member account using the `name` and `call_as` values separated by a comma (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSet:StackSet example example,DELEGATED_ADMIN\n```\n", + "description": "Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (`aws.cloudformation.StackSetInstance` resource). Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n\u003e **NOTE:** All template parameters, including those with a `Default`, must be configured or ignored with the `lifecycle` configuration block `ignore_changes` argument.\n\n\u003e **NOTE:** All `NoEcho` template parameters must be ignored with the `lifecycle` configuration block `ignore_changes` argument.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n identifiers: [\"cloudformation.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst aWSCloudFormationStackSetAdministrationRole = new aws.iam.Role(\"AWSCloudFormationStackSetAdministrationRole\", {\n assumeRolePolicy: aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.then(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy =\u003e aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json),\n name: \"AWSCloudFormationStackSetAdministrationRole\",\n});\nconst example = new aws.cloudformation.StackSet(\"example\", {\n administrationRoleArn: aWSCloudFormationStackSetAdministrationRole.arn,\n name: \"example\",\n parameters: {\n VPCCidr: \"10.0.0.0/16\",\n },\n templateBody: JSON.stringify({\n parameters: {\n vPCCidr: {\n type: \"String\",\n \"default\": \"10.0.0.0/16\",\n description: \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n },\n },\n resources: {\n myVpc: {\n type: \"AWS::EC2::VPC\",\n properties: {\n cidrBlock: {\n ref: \"VPCCidr\",\n },\n tags: [{\n key: \"Name\",\n value: \"Primary_CF_VPC\",\n }],\n },\n },\n },\n }),\n});\nconst aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n resources: [pulumi.interpolate`arn:aws:iam::*:role/${example.executionRoleName}`],\n }],\n});\nconst aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new aws.iam.RolePolicy(\"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\", {\n name: \"ExecutionPolicy\",\n policy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy =\u003e aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json),\n role: aWSCloudFormationStackSetAdministrationRole.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\na_ws_cloud_formation_stack_set_administration_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"cloudformation.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\na_ws_cloud_formation_stack_set_administration_role = aws.iam.Role(\"AWSCloudFormationStackSetAdministrationRole\",\n assume_role_policy=a_ws_cloud_formation_stack_set_administration_role_assume_role_policy.json,\n name=\"AWSCloudFormationStackSetAdministrationRole\")\nexample = aws.cloudformation.StackSet(\"example\",\n administration_role_arn=a_ws_cloud_formation_stack_set_administration_role.arn,\n name=\"example\",\n parameters={\n \"VPCCidr\": \"10.0.0.0/16\",\n },\n template_body=json.dumps({\n \"parameters\": {\n \"vPCCidr\": {\n \"type\": \"String\",\n \"default\": \"10.0.0.0/16\",\n \"description\": \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n },\n },\n \"resources\": {\n \"myVpc\": {\n \"type\": \"AWS::EC2::VPC\",\n \"properties\": {\n \"cidrBlock\": {\n \"ref\": \"VPCCidr\",\n },\n \"tags\": [{\n \"key\": \"Name\",\n \"value\": \"Primary_CF_VPC\",\n }],\n },\n },\n },\n }))\na_ws_cloud_formation_stack_set_administration_role_execution_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n resources=[example.execution_role_name.apply(lambda execution_role_name: f\"arn:aws:iam::*:role/{execution_role_name}\")],\n)])\na_ws_cloud_formation_stack_set_administration_role_execution_policy_role_policy = aws.iam.RolePolicy(\"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\",\n name=\"ExecutionPolicy\",\n policy=a_ws_cloud_formation_stack_set_administration_role_execution_policy.json,\n role=a_ws_cloud_formation_stack_set_administration_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"cloudformation.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role(\"AWSCloudFormationStackSetAdministrationRole\", new()\n {\n AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"AWSCloudFormationStackSetAdministrationRole\",\n });\n\n var example = new Aws.CloudFormation.StackSet(\"example\", new()\n {\n AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,\n Name = \"example\",\n Parameters = \n {\n { \"VPCCidr\", \"10.0.0.0/16\" },\n },\n TemplateBody = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"parameters\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"vPCCidr\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"String\",\n [\"default\"] = \"10.0.0.0/16\",\n [\"description\"] = \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n },\n },\n [\"resources\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"myVpc\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"AWS::EC2::VPC\",\n [\"properties\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"cidrBlock\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"ref\"] = \"VPCCidr\",\n },\n [\"tags\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"Name\",\n [\"value\"] = \"Primary_CF_VPC\",\n },\n },\n },\n },\n },\n }),\n });\n\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Resources = new[]\n {\n $\"arn:aws:iam::*:role/{example.ExecutionRoleName}\",\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy(\"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\", new()\n {\n Name = \"ExecutionPolicy\",\n Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Role = aWSCloudFormationStackSetAdministrationRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"cloudformation.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taWSCloudFormationStackSetAdministrationRole, err := iam.NewRole(ctx, \"AWSCloudFormationStackSetAdministrationRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),\n\t\t\tName: pulumi.String(\"AWSCloudFormationStackSetAdministrationRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"parameters\": map[string]interface{}{\n\t\t\t\t\"vPCCidr\": map[string]interface{}{\n\t\t\t\t\t\"type\": \"String\",\n\t\t\t\t\t\"default\": \"10.0.0.0/16\",\n\t\t\t\t\t\"description\": \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"resources\": map[string]interface{}{\n\t\t\t\t\"myVpc\": map[string]interface{}{\n\t\t\t\t\t\"type\": \"AWS::EC2::VPC\",\n\t\t\t\t\t\"properties\": map[string]interface{}{\n\t\t\t\t\t\t\"cidrBlock\": map[string]interface{}{\n\t\t\t\t\t\t\t\"ref\": \"VPCCidr\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"tags\": []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"key\": \"Name\",\n\t\t\t\t\t\t\t\t\"value\": \"Primary_CF_VPC\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := cloudformation.NewStackSet(ctx, \"example\", \u0026cloudformation.StackSetArgs{\n\t\t\tAdministrationRoleArn: aWSCloudFormationStackSetAdministrationRole.Arn,\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"VPCCidr\": pulumi.String(\"10.0.0.0/16\"),\n\t\t\t},\n\t\t\tTemplateBody: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taWSCloudFormationStackSetAdministrationRoleExecutionPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sts:AssumeRole\"),\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.ExecutionRoleName.ApplyT(func(executionRoleName string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"arn:aws:iam::*:role/%v\", executionRoleName), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"ExecutionPolicy\"),\n\t\t\tPolicy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.ApplyT(func(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tRole: aWSCloudFormationStackSetAdministrationRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cloudformation.StackSet;\nimport com.pulumi.aws.cloudformation.StackSetArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"cloudformation.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var aWSCloudFormationStackSetAdministrationRole = new Role(\"aWSCloudFormationStackSetAdministrationRole\", RoleArgs.builder() \n .assumeRolePolicy(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"AWSCloudFormationStackSetAdministrationRole\")\n .build());\n\n var example = new StackSet(\"example\", StackSetArgs.builder() \n .administrationRoleArn(aWSCloudFormationStackSetAdministrationRole.arn())\n .name(\"example\")\n .parameters(Map.of(\"VPCCidr\", \"10.0.0.0/16\"))\n .templateBody(serializeJson(\n jsonObject(\n jsonProperty(\"parameters\", jsonObject(\n jsonProperty(\"vPCCidr\", jsonObject(\n jsonProperty(\"type\", \"String\"),\n jsonProperty(\"default\", \"10.0.0.0/16\"),\n jsonProperty(\"description\", \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\")\n ))\n )),\n jsonProperty(\"resources\", jsonObject(\n jsonProperty(\"myVpc\", jsonObject(\n jsonProperty(\"type\", \"AWS::EC2::VPC\"),\n jsonProperty(\"properties\", jsonObject(\n jsonProperty(\"cidrBlock\", jsonObject(\n jsonProperty(\"ref\", \"VPCCidr\")\n )),\n jsonProperty(\"tags\", jsonArray(jsonObject(\n jsonProperty(\"key\", \"Name\"),\n jsonProperty(\"value\", \"Primary_CF_VPC\")\n )))\n ))\n ))\n ))\n )))\n .build());\n\n final var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .resources(example.executionRoleName().applyValue(executionRoleName -\u003e String.format(\"arn:aws:iam::*:role/%s\", executionRoleName)))\n .build())\n .build());\n\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new RolePolicy(\"aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"ExecutionPolicy\")\n .policy(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy -\u003e aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .role(aWSCloudFormationStackSetAdministrationRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n aWSCloudFormationStackSetAdministrationRole:\n type: aws:iam:Role\n name: AWSCloudFormationStackSetAdministrationRole\n properties:\n assumeRolePolicy: ${aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json}\n name: AWSCloudFormationStackSetAdministrationRole\n example:\n type: aws:cloudformation:StackSet\n properties:\n administrationRoleArn: ${aWSCloudFormationStackSetAdministrationRole.arn}\n name: example\n parameters:\n VPCCidr: 10.0.0.0/16\n templateBody:\n fn::toJSON:\n parameters:\n vPCCidr:\n type: String\n default: 10.0.0.0/16\n description: Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\n resources:\n myVpc:\n type: AWS::EC2::VPC\n properties:\n cidrBlock:\n ref: VPCCidr\n tags:\n - key: Name\n value: Primary_CF_VPC\n aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy\n properties:\n name: ExecutionPolicy\n policy: ${aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json}\n role: ${aWSCloudFormationStackSetAdministrationRole.name}\nvariables:\n aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - identifiers:\n - cloudformation.amazonaws.com\n type: Service\n aWSCloudFormationStackSetAdministrationRoleExecutionPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n resources:\n - arn:aws:iam::*:role/${example.executionRoleName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImport CloudFormation StackSets when acting a delegated administrator in a member account using the `name` and `call_as` values separated by a comma (`,`). For example:\n\nUsing `pulumi import`, import CloudFormation StackSets using the `name`. For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSet:StackSet example example\n```\nUsing `pulumi import`, import CloudFormation StackSets when acting a delegated administrator in a member account using the `name` and `call_as` values separated by a comma (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSet:StackSet example example,DELEGATED_ADMIN\n```\n", "properties": { "administrationRoleArn": { "type": "string", @@ -178444,7 +178444,7 @@ } }, "aws:cloudformation/stackSetInstance:StackSetInstance": { - "description": "Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n\u003e **NOTE:** All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the `execution_role_name` argument in the `aws.cloudformation.StackSet` resource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html) for more details.\n\n\u003e **NOTE:** To retain the Stack during resource destroy, ensure `retain_stack` has been set to `true` in the state first. This must be completed _before_ a deployment that would destroy the resource.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n accountId: \"123456789012\",\n region: \"us-east-1\",\n stackSetName: exampleAwsCloudformationStackSet.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n account_id=\"123456789012\",\n region=\"us-east-1\",\n stack_set_name=example_aws_cloudformation_stack_set[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n AccountId = \"123456789012\",\n Region = \"us-east-1\",\n StackSetName = exampleAwsCloudformationStackSet.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(exampleAwsCloudformationStackSet.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .accountId(\"123456789012\")\n .region(\"us-east-1\")\n .stackSetName(exampleAwsCloudformationStackSet.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n accountId: '123456789012'\n region: us-east-1\n stackSetName: ${exampleAwsCloudformationStackSet.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example IAM Setup in Target Account\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n identifiers: [aWSCloudFormationStackSetAdministrationRole.arn],\n type: \"AWS\",\n }],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRole = new aws.iam.Role(\"AWSCloudFormationStackSetExecutionRole\", {\n assumeRolePolicy: aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.then(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy =\u003e aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json),\n name: \"AWSCloudFormationStackSetExecutionRole\",\n});\n// Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n// Additional IAM permissions necessary depend on the resources defined in the StackSet template\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect: \"Allow\",\n resources: [\"*\"],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new aws.iam.RolePolicy(\"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\", {\n name: \"MinimumExecutionPolicy\",\n policy: aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.then(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy =\u003e aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.json),\n role: aWSCloudFormationStackSetExecutionRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\na_ws_cloud_formation_stack_set_execution_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[a_ws_cloud_formation_stack_set_administration_role[\"arn\"]],\n type=\"AWS\",\n )],\n)])\na_ws_cloud_formation_stack_set_execution_role = aws.iam.Role(\"AWSCloudFormationStackSetExecutionRole\",\n assume_role_policy=a_ws_cloud_formation_stack_set_execution_role_assume_role_policy.json,\n name=\"AWSCloudFormationStackSetExecutionRole\")\n# Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n# Additional IAM permissions necessary depend on the resources defined in the StackSet template\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect=\"Allow\",\n resources=[\"*\"],\n)])\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_role_policy = aws.iam.RolePolicy(\"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\",\n name=\"MinimumExecutionPolicy\",\n policy=a_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy.json,\n role=a_ws_cloud_formation_stack_set_execution_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n aWSCloudFormationStackSetAdministrationRole.Arn,\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role(\"AWSCloudFormationStackSetExecutionRole\", new()\n {\n AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"AWSCloudFormationStackSetExecutionRole\",\n });\n\n // Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n // Additional IAM permissions necessary depend on the resources defined in the StackSet template\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n },\n Effect = \"Allow\",\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy(\"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\", new()\n {\n Name = \"MinimumExecutionPolicy\",\n Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Role = aWSCloudFormationStackSetExecutionRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\naWSCloudFormationStackSetExecutionRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nIdentifiers: interface{}{\naWSCloudFormationStackSetAdministrationRole.Arn,\n},\nType: \"AWS\",\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\naWSCloudFormationStackSetExecutionRole, err := iam.NewRole(ctx, \"AWSCloudFormationStackSetExecutionRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),\nName: pulumi.String(\"AWSCloudFormationStackSetExecutionRole\"),\n})\nif err != nil {\nreturn err\n}\n// Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n// Additional IAM permissions necessary depend on the resources defined in the StackSet template\naWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"cloudformation:*\",\n\"s3:*\",\n\"sns:*\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"MinimumExecutionPolicy\"),\nPolicy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.Json),\nRole: aWSCloudFormationStackSetExecutionRole.Name,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(aWSCloudFormationStackSetAdministrationRole.arn())\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRole = new Role(\"aWSCloudFormationStackSetExecutionRole\", RoleArgs.builder() \n .assumeRolePolicy(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"AWSCloudFormationStackSetExecutionRole\")\n .build());\n\n final var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\")\n .effect(\"Allow\")\n .resources(\"*\")\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"MinimumExecutionPolicy\")\n .policy(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .role(aWSCloudFormationStackSetExecutionRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n aWSCloudFormationStackSetExecutionRole:\n type: aws:iam:Role\n name: AWSCloudFormationStackSetExecutionRole\n properties:\n assumeRolePolicy: ${aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json}\n name: AWSCloudFormationStackSetExecutionRole\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\n properties:\n name: MinimumExecutionPolicy\n policy: ${aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.json}\n role: ${aWSCloudFormationStackSetExecutionRole.name}\nvariables:\n aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - identifiers:\n - ${aWSCloudFormationStackSetAdministrationRole.arn}\n type: AWS\n # Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n # Additional IAM permissions necessary depend on the resources defined in the StackSet template\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - cloudformation:*\n - s3:*\n - sns:*\n effect: Allow\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Deployment across Organizations account\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n deploymentTargets: {\n organizationalUnitIds: [exampleAwsOrganizationsOrganization.roots[0].id],\n },\n region: \"us-east-1\",\n stackSetName: exampleAwsCloudformationStackSet.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n deployment_targets=aws.cloudformation.StackSetInstanceDeploymentTargetsArgs(\n organizational_unit_ids=[example_aws_organizations_organization[\"roots\"][0][\"id\"]],\n ),\n region=\"us-east-1\",\n stack_set_name=example_aws_cloudformation_stack_set[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n DeploymentTargets = new Aws.CloudFormation.Inputs.StackSetInstanceDeploymentTargetsArgs\n {\n OrganizationalUnitIds = new[]\n {\n exampleAwsOrganizationsOrganization.Roots[0].Id,\n },\n },\n Region = \"us-east-1\",\n StackSetName = exampleAwsCloudformationStackSet.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tDeploymentTargets: \u0026cloudformation.StackSetInstanceDeploymentTargetsArgs{\n\t\t\t\tOrganizationalUnitIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsOrganizationsOrganization.Roots[0].Id,\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(exampleAwsCloudformationStackSet.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport com.pulumi.aws.cloudformation.inputs.StackSetInstanceDeploymentTargetsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .deploymentTargets(StackSetInstanceDeploymentTargetsArgs.builder()\n .organizationalUnitIds(exampleAwsOrganizationsOrganization.roots()[0].id())\n .build())\n .region(\"us-east-1\")\n .stackSetName(exampleAwsCloudformationStackSet.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n deploymentTargets:\n organizationalUnitIds:\n - ${exampleAwsOrganizationsOrganization.roots[0].id}\n region: us-east-1\n stackSetName: ${exampleAwsCloudformationStackSet.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImport CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS Region separated by commas (`,`). For example:\n\nImport CloudFormation StackSet Instances when acting a delegated administrator in a member account using the StackSet name, target AWS account ID or slash (`/`) separated list of organizational unit IDs, target AWS Region and `call_as` value separated by commas (`,`). For example:\n\nUsing `pulumi import`, import CloudFormation StackSet Instances that target an AWS Account ID using the StackSet name, target AWS account ID, and target AWS Region separated by commas (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,123456789012,us-east-1\n```\nUsing `pulumi import`, import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS Region separated by commas (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1\n```\nUsing `pulumi import`, import CloudFormation StackSet Instances when acting a delegated administrator in a member account using the StackSet name, target AWS account ID or slash (`/`) separated list of organizational unit IDs, target AWS Region and `call_as` value separated by commas (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1,DELEGATED_ADMIN\n```\n", + "description": "Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n\u003e **NOTE:** All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the `execution_role_name` argument in the `aws.cloudformation.StackSet` resource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html) for more details.\n\n\u003e **NOTE:** To retain the Stack during resource destroy, ensure `retain_stack` has been set to `true` in the state first. This must be completed _before_ a deployment that would destroy the resource.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n accountId: \"123456789012\",\n region: \"us-east-1\",\n stackSetName: exampleAwsCloudformationStackSet.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n account_id=\"123456789012\",\n region=\"us-east-1\",\n stack_set_name=example_aws_cloudformation_stack_set[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n AccountId = \"123456789012\",\n Region = \"us-east-1\",\n StackSetName = exampleAwsCloudformationStackSet.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(exampleAwsCloudformationStackSet.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .accountId(\"123456789012\")\n .region(\"us-east-1\")\n .stackSetName(exampleAwsCloudformationStackSet.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n accountId: '123456789012'\n region: us-east-1\n stackSetName: ${exampleAwsCloudformationStackSet.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example IAM Setup in Target Account\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n identifiers: [aWSCloudFormationStackSetAdministrationRole.arn],\n type: \"AWS\",\n }],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRole = new aws.iam.Role(\"AWSCloudFormationStackSetExecutionRole\", {\n assumeRolePolicy: aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.then(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy =\u003e aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json),\n name: \"AWSCloudFormationStackSetExecutionRole\",\n});\n// Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n// Additional IAM permissions necessary depend on the resources defined in the StackSet template\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect: \"Allow\",\n resources: [\"*\"],\n }],\n});\nconst aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new aws.iam.RolePolicy(\"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\", {\n name: \"MinimumExecutionPolicy\",\n policy: aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.then(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy =\u003e aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.json),\n role: aWSCloudFormationStackSetExecutionRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\na_ws_cloud_formation_stack_set_execution_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[a_ws_cloud_formation_stack_set_administration_role[\"arn\"]],\n type=\"AWS\",\n )],\n)])\na_ws_cloud_formation_stack_set_execution_role = aws.iam.Role(\"AWSCloudFormationStackSetExecutionRole\",\n assume_role_policy=a_ws_cloud_formation_stack_set_execution_role_assume_role_policy.json,\n name=\"AWSCloudFormationStackSetExecutionRole\")\n# Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n# Additional IAM permissions necessary depend on the resources defined in the StackSet template\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n ],\n effect=\"Allow\",\n resources=[\"*\"],\n)])\na_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy_role_policy = aws.iam.RolePolicy(\"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\",\n name=\"MinimumExecutionPolicy\",\n policy=a_ws_cloud_formation_stack_set_execution_role_minimum_execution_policy.json,\n role=a_ws_cloud_formation_stack_set_execution_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n aWSCloudFormationStackSetAdministrationRole.Arn,\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role(\"AWSCloudFormationStackSetExecutionRole\", new()\n {\n AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"AWSCloudFormationStackSetExecutionRole\",\n });\n\n // Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n // Additional IAM permissions necessary depend on the resources defined in the StackSet template\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\",\n },\n Effect = \"Allow\",\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy(\"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\", new()\n {\n Name = \"MinimumExecutionPolicy\",\n Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Role = aWSCloudFormationStackSetExecutionRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\naWSCloudFormationStackSetExecutionRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nIdentifiers: interface{}{\naWSCloudFormationStackSetAdministrationRole.Arn,\n},\nType: \"AWS\",\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\naWSCloudFormationStackSetExecutionRole, err := iam.NewRole(ctx, \"AWSCloudFormationStackSetExecutionRole\", \u0026iam.RoleArgs{\nAssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),\nName: pulumi.String(\"AWSCloudFormationStackSetExecutionRole\"),\n})\nif err != nil {\nreturn err\n}\n// Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n// Additional IAM permissions necessary depend on the resources defined in the StackSet template\naWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"cloudformation:*\",\n\"s3:*\",\n\"sns:*\",\n},\nEffect: pulumi.StringRef(\"Allow\"),\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"MinimumExecutionPolicy\"),\nPolicy: pulumi.String(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.Json),\nRole: aWSCloudFormationStackSetExecutionRole.Name,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(aWSCloudFormationStackSetAdministrationRole.arn())\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRole = new Role(\"aWSCloudFormationStackSetExecutionRole\", RoleArgs.builder() \n .assumeRolePolicy(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"AWSCloudFormationStackSetExecutionRole\")\n .build());\n\n final var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"cloudformation:*\",\n \"s3:*\",\n \"sns:*\")\n .effect(\"Allow\")\n .resources(\"*\")\n .build())\n .build());\n\n var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new RolePolicy(\"aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"MinimumExecutionPolicy\")\n .policy(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .role(aWSCloudFormationStackSetExecutionRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n aWSCloudFormationStackSetExecutionRole:\n type: aws:iam:Role\n name: AWSCloudFormationStackSetExecutionRole\n properties:\n assumeRolePolicy: ${aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.json}\n name: AWSCloudFormationStackSetExecutionRole\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy\n properties:\n name: MinimumExecutionPolicy\n policy: ${aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.json}\n role: ${aWSCloudFormationStackSetExecutionRole.name}\nvariables:\n aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - identifiers:\n - ${aWSCloudFormationStackSetAdministrationRole.arn}\n type: AWS\n # Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\n # Additional IAM permissions necessary depend on the resources defined in the StackSet template\n aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - cloudformation:*\n - s3:*\n - sns:*\n effect: Allow\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Deployment across Organizations account\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n deploymentTargets: {\n organizationalUnitIds: [exampleAwsOrganizationsOrganization.roots[0].id],\n },\n region: \"us-east-1\",\n stackSetName: exampleAwsCloudformationStackSet.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n deployment_targets=aws.cloudformation.StackSetInstanceDeploymentTargetsArgs(\n organizational_unit_ids=[example_aws_organizations_organization[\"roots\"][0][\"id\"]],\n ),\n region=\"us-east-1\",\n stack_set_name=example_aws_cloudformation_stack_set[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new()\n {\n DeploymentTargets = new Aws.CloudFormation.Inputs.StackSetInstanceDeploymentTargetsArgs\n {\n OrganizationalUnitIds = new[]\n {\n exampleAwsOrganizationsOrganization.Roots[0].Id,\n },\n },\n Region = \"us-east-1\",\n StackSetName = exampleAwsCloudformationStackSet.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", \u0026cloudformation.StackSetInstanceArgs{\n\t\t\tDeploymentTargets: \u0026cloudformation.StackSetInstanceDeploymentTargetsArgs{\n\t\t\t\tOrganizationalUnitIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsOrganizationsOrganization.Roots[0].Id,\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(exampleAwsCloudformationStackSet.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.StackSetInstance;\nimport com.pulumi.aws.cloudformation.StackSetInstanceArgs;\nimport com.pulumi.aws.cloudformation.inputs.StackSetInstanceDeploymentTargetsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new StackSetInstance(\"example\", StackSetInstanceArgs.builder() \n .deploymentTargets(StackSetInstanceDeploymentTargetsArgs.builder()\n .organizationalUnitIds(exampleAwsOrganizationsOrganization.roots()[0].id())\n .build())\n .region(\"us-east-1\")\n .stackSetName(exampleAwsCloudformationStackSet.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudformation:StackSetInstance\n properties:\n deploymentTargets:\n organizationalUnitIds:\n - ${exampleAwsOrganizationsOrganization.roots[0].id}\n region: us-east-1\n stackSetName: ${exampleAwsCloudformationStackSet.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImport CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS Region separated by commas (`,`). For example:\n\nImport CloudFormation StackSet Instances when acting a delegated administrator in a member account using the StackSet name, target AWS account ID or slash (`/`) separated list of organizational unit IDs, target AWS Region and `call_as` value separated by commas (`,`). For example:\n\nUsing `pulumi import`, import CloudFormation StackSet Instances that target an AWS Account ID using the StackSet name, target AWS account ID, and target AWS Region separated by commas (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,123456789012,us-east-1\n```\nUsing `pulumi import`, import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (`/`) separated list of organizational unit IDs, and target AWS Region separated by commas (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1\n```\nUsing `pulumi import`, import CloudFormation StackSet Instances when acting a delegated administrator in a member account using the StackSet name, target AWS account ID or slash (`/`) separated list of organizational unit IDs, target AWS Region and `call_as` value separated by commas (`,`). For example:\n\n```sh\n$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1,DELEGATED_ADMIN\n```\n", "properties": { "accountId": { "type": "string", @@ -179812,7 +179812,7 @@ } }, "aws:cloudfront/originAccessIdentity:OriginAccessIdentity": { - "description": "Creates an Amazon CloudFront origin access identity.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating\norigin access identities, see\n[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].\n\n## Example Usage\n\nThe following example below creates a CloudFront origin access identity.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginAccessIdentity(\"example\", {comment: \"Some comment\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginAccessIdentity(\"example\", comment=\"Some comment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.OriginAccessIdentity(\"example\", new()\n {\n Comment = \"Some comment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginAccessIdentity(ctx, \"example\", \u0026cloudfront.OriginAccessIdentityArgs{\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentity;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new OriginAccessIdentity(\"example\", OriginAccessIdentityArgs.builder() \n .comment(\"Some comment\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:OriginAccessIdentity\n properties:\n comment: Some comment\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Using With CloudFront\n\nNormally, when referencing an origin access identity in CloudFront, you need to\nprefix the ID with the `origin-access-identity/cloudfront/` special path.\nThe `cloudfront_access_identity_path` allows this to be circumvented.\nThe below snippet demonstrates use with the `s3_origin_config` structure for the\n`aws.cloudfront.Distribution` resource:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.Distribution(\"example\", {origins: [{\n s3OriginConfig: {\n originAccessIdentity: exampleAwsCloudfrontOriginAccessIdentity.cloudfrontAccessIdentityPath,\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.Distribution(\"example\", origins=[aws.cloudfront.DistributionOriginArgs(\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=example_aws_cloudfront_origin_access_identity[\"cloudfrontAccessIdentityPath\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.Distribution(\"example\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = exampleAwsCloudfrontOriginAccessIdentity.CloudfrontAccessIdentityPath,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewDistribution(ctx, \"example\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tS3OriginConfig: \u0026cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(exampleAwsCloudfrontOriginAccessIdentity.CloudfrontAccessIdentityPath),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Distribution(\"example\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()\n .originAccessIdentity(exampleAwsCloudfrontOriginAccessIdentity.cloudfrontAccessIdentityPath())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - s3OriginConfig:\n originAccessIdentity: ${exampleAwsCloudfrontOriginAccessIdentity.cloudfrontAccessIdentityPath}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Updating your bucket policy\n\nNote that the AWS API may translate the `s3_canonical_user_id` `CanonicalUser`\nprincipal into an `AWS` IAM ARN principal when supplied in an\n`aws.s3.BucketV2` bucket policy, causing spurious diffs. If\nyou see this behaviour, use the `iam_arn` instead:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3Policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"s3:GetObject\"],\n resources: [`${exampleAwsS3Bucket.arn}/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [exampleAwsCloudfrontOriginAccessIdentity.iamArn],\n }],\n }],\n});\nconst example = new aws.s3.BucketPolicy(\"example\", {\n bucket: exampleAwsS3Bucket.id,\n policy: s3Policy.then(s3Policy =\u003e s3Policy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:GetObject\"],\n resources=[f\"{example_aws_s3_bucket['arn']}/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[example_aws_cloudfront_origin_access_identity[\"iamArn\"]],\n )],\n)])\nexample = aws.s3.BucketPolicy(\"example\",\n bucket=example_aws_s3_bucket[\"id\"],\n policy=s3_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3Policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n $\"{exampleAwsS3Bucket.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n exampleAwsCloudfrontOriginAccessIdentity.IamArn,\n },\n },\n },\n },\n },\n });\n\n var example = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = exampleAwsS3Bucket.Id,\n Policy = s3Policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ns3Policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", exampleAwsS3Bucket.Arn),\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nexampleAwsCloudfrontOriginAccessIdentity.IamArn,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\nBucket: pulumi.Any(exampleAwsS3Bucket.Id),\nPolicy: *pulumi.String(s3Policy.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3Policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:GetObject\")\n .resources(String.format(\"%s/*\", exampleAwsS3Bucket.arn()))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(exampleAwsCloudfrontOriginAccessIdentity.iamArn())\n .build())\n .build())\n .build());\n\n var example = new BucketPolicy(\"example\", BucketPolicyArgs.builder() \n .bucket(exampleAwsS3Bucket.id())\n .policy(s3Policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${exampleAwsS3Bucket.id}\n policy: ${s3Policy.json}\nvariables:\n s3Policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:GetObject\n resources:\n - ${exampleAwsS3Bucket.arn}/*\n principals:\n - type: AWS\n identifiers:\n - ${exampleAwsCloudfrontOriginAccessIdentity.iamArn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html\n[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\n## Import\n\nUsing `pulumi import`, import Cloudfront Origin Access Identities using the `id`. For example:\n\n```sh\n$ pulumi import aws:cloudfront/originAccessIdentity:OriginAccessIdentity origin_access E74FTE3AEXAMPLE\n```\n", + "description": "Creates an Amazon CloudFront origin access identity.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating\norigin access identities, see\n[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].\n\n## Example Usage\n\nThe following example below creates a CloudFront origin access identity.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginAccessIdentity(\"example\", {comment: \"Some comment\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginAccessIdentity(\"example\", comment=\"Some comment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.OriginAccessIdentity(\"example\", new()\n {\n Comment = \"Some comment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginAccessIdentity(ctx, \"example\", \u0026cloudfront.OriginAccessIdentityArgs{\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentity;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new OriginAccessIdentity(\"example\", OriginAccessIdentityArgs.builder() \n .comment(\"Some comment\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:OriginAccessIdentity\n properties:\n comment: Some comment\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Using With CloudFront\n\nNormally, when referencing an origin access identity in CloudFront, you need to\nprefix the ID with the `origin-access-identity/cloudfront/` special path.\nThe `cloudfront_access_identity_path` allows this to be circumvented.\nThe below snippet demonstrates use with the `s3_origin_config` structure for the\n`aws.cloudfront.Distribution` resource:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.Distribution(\"example\", {origins: [{\n s3OriginConfig: {\n originAccessIdentity: exampleAwsCloudfrontOriginAccessIdentity.cloudfrontAccessIdentityPath,\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.Distribution(\"example\", origins=[aws.cloudfront.DistributionOriginArgs(\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=example_aws_cloudfront_origin_access_identity[\"cloudfrontAccessIdentityPath\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.Distribution(\"example\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = exampleAwsCloudfrontOriginAccessIdentity.CloudfrontAccessIdentityPath,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewDistribution(ctx, \"example\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tS3OriginConfig: \u0026cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(exampleAwsCloudfrontOriginAccessIdentity.CloudfrontAccessIdentityPath),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Distribution(\"example\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()\n .originAccessIdentity(exampleAwsCloudfrontOriginAccessIdentity.cloudfrontAccessIdentityPath())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - s3OriginConfig:\n originAccessIdentity: ${exampleAwsCloudfrontOriginAccessIdentity.cloudfrontAccessIdentityPath}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Updating your bucket policy\n\nNote that the AWS API may translate the `s3_canonical_user_id` `CanonicalUser`\nprincipal into an `AWS` IAM ARN principal when supplied in an\n`aws.s3.BucketV2` bucket policy, causing spurious diffs. If\nyou see this behaviour, use the `iam_arn` instead:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3Policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"s3:GetObject\"],\n resources: [`${exampleAwsS3Bucket.arn}/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [exampleAwsCloudfrontOriginAccessIdentity.iamArn],\n }],\n }],\n});\nconst example = new aws.s3.BucketPolicy(\"example\", {\n bucket: exampleAwsS3Bucket.id,\n policy: s3Policy.then(s3Policy =\u003e s3Policy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:GetObject\"],\n resources=[f\"{example_aws_s3_bucket['arn']}/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[example_aws_cloudfront_origin_access_identity[\"iamArn\"]],\n )],\n)])\nexample = aws.s3.BucketPolicy(\"example\",\n bucket=example_aws_s3_bucket[\"id\"],\n policy=s3_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3Policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n $\"{exampleAwsS3Bucket.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n exampleAwsCloudfrontOriginAccessIdentity.IamArn,\n },\n },\n },\n },\n },\n });\n\n var example = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = exampleAwsS3Bucket.Id,\n Policy = s3Policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ns3Policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", exampleAwsS3Bucket.Arn),\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nexampleAwsCloudfrontOriginAccessIdentity.IamArn,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\nBucket: pulumi.Any(exampleAwsS3Bucket.Id),\nPolicy: pulumi.String(s3Policy.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3Policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:GetObject\")\n .resources(String.format(\"%s/*\", exampleAwsS3Bucket.arn()))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(exampleAwsCloudfrontOriginAccessIdentity.iamArn())\n .build())\n .build())\n .build());\n\n var example = new BucketPolicy(\"example\", BucketPolicyArgs.builder() \n .bucket(exampleAwsS3Bucket.id())\n .policy(s3Policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${exampleAwsS3Bucket.id}\n policy: ${s3Policy.json}\nvariables:\n s3Policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:GetObject\n resources:\n - ${exampleAwsS3Bucket.arn}/*\n principals:\n - type: AWS\n identifiers:\n - ${exampleAwsCloudfrontOriginAccessIdentity.iamArn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html\n[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\n## Import\n\nUsing `pulumi import`, import Cloudfront Origin Access Identities using the `id`. For example:\n\n```sh\n$ pulumi import aws:cloudfront/originAccessIdentity:OriginAccessIdentity origin_access E74FTE3AEXAMPLE\n```\n", "properties": { "callerReference": { "type": "string", @@ -180070,7 +180070,7 @@ } }, "aws:cloudfront/realtimeLogConfig:RealtimeLogConfig": { - "description": "Provides a CloudFront real-time log configuration resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudfront.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"cloudfront-realtime-log-config-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources: [exampleAwsKinesisStream.arn],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"cloudfront-realtime-log-config-example\",\n role: exampleRole.id,\n policy: example.then(example =\u003e example.json),\n});\nconst exampleRealtimeLogConfig = new aws.cloudfront.RealtimeLogConfig(\"example\", {\n name: \"example\",\n samplingRate: 75,\n fields: [\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint: {\n streamType: \"Kinesis\",\n kinesisStreamConfig: {\n roleArn: exampleRole.arn,\n streamArn: exampleAwsKinesisStream.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"cloudfront.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"cloudfront-realtime-log-config-example\",\n assume_role_policy=assume_role.json)\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources=[example_aws_kinesis_stream[\"arn\"]],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"cloudfront-realtime-log-config-example\",\n role=example_role.id,\n policy=example.json)\nexample_realtime_log_config = aws.cloudfront.RealtimeLogConfig(\"example\",\n name=\"example\",\n sampling_rate=75,\n fields=[\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint=aws.cloudfront.RealtimeLogConfigEndpointArgs(\n stream_type=\"Kinesis\",\n kinesis_stream_config=aws.cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs(\n role_arn=example_role.arn,\n stream_arn=example_aws_kinesis_stream[\"arn\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudfront.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"cloudfront-realtime-log-config-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n },\n Resources = new[]\n {\n exampleAwsKinesisStream.Arn,\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"cloudfront-realtime-log-config-example\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRealtimeLogConfig = new Aws.CloudFront.RealtimeLogConfig(\"example\", new()\n {\n Name = \"example\",\n SamplingRate = 75,\n Fields = new[]\n {\n \"timestamp\",\n \"c-ip\",\n },\n Endpoint = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointArgs\n {\n StreamType = \"Kinesis\",\n KinesisStreamConfig = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs\n {\n RoleArn = exampleRole.Arn,\n StreamArn = exampleAwsKinesisStream.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"cloudfront.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\nName: pulumi.String(\"cloudfront-realtime-log-config-example\"),\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"kinesis:DescribeStreamSummary\",\n\"kinesis:DescribeStream\",\n\"kinesis:PutRecord\",\n\"kinesis:PutRecords\",\n},\nResources: interface{}{\nexampleAwsKinesisStream.Arn,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"cloudfront-realtime-log-config-example\"),\nRole: exampleRole.ID(),\nPolicy: *pulumi.String(example.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = cloudfront.NewRealtimeLogConfig(ctx, \"example\", \u0026cloudfront.RealtimeLogConfigArgs{\nName: pulumi.String(\"example\"),\nSamplingRate: pulumi.Int(75),\nFields: pulumi.StringArray{\npulumi.String(\"timestamp\"),\npulumi.String(\"c-ip\"),\n},\nEndpoint: \u0026cloudfront.RealtimeLogConfigEndpointArgs{\nStreamType: pulumi.String(\"Kinesis\"),\nKinesisStreamConfig: \u0026cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs{\nRoleArn: exampleRole.Arn,\nStreamArn: pulumi.Any(exampleAwsKinesisStream.Arn),\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfig;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfigArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudfront.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"cloudfront-realtime-log-config-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\")\n .resources(exampleAwsKinesisStream.arn())\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"cloudfront-realtime-log-config-example\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRealtimeLogConfig = new RealtimeLogConfig(\"exampleRealtimeLogConfig\", RealtimeLogConfigArgs.builder() \n .name(\"example\")\n .samplingRate(75)\n .fields( \n \"timestamp\",\n \"c-ip\")\n .endpoint(RealtimeLogConfigEndpointArgs.builder()\n .streamType(\"Kinesis\")\n .kinesisStreamConfig(RealtimeLogConfigEndpointKinesisStreamConfigArgs.builder()\n .roleArn(exampleRole.arn())\n .streamArn(exampleAwsKinesisStream.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: cloudfront-realtime-log-config-example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: cloudfront-realtime-log-config-example\n role: ${exampleRole.id}\n policy: ${example.json}\n exampleRealtimeLogConfig:\n type: aws:cloudfront:RealtimeLogConfig\n name: example\n properties:\n name: example\n samplingRate: 75\n fields:\n - timestamp\n - c-ip\n endpoint:\n streamType: Kinesis\n kinesisStreamConfig:\n roleArn: ${exampleRole.arn}\n streamArn: ${exampleAwsKinesisStream.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudfront.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - kinesis:DescribeStreamSummary\n - kinesis:DescribeStream\n - kinesis:PutRecord\n - kinesis:PutRecords\n resources:\n - ${exampleAwsKinesisStream.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudFront real-time log configurations using the ARN. For example:\n\n```sh\n$ pulumi import aws:cloudfront/realtimeLogConfig:RealtimeLogConfig example arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig\n```\n", + "description": "Provides a CloudFront real-time log configuration resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudfront.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"cloudfront-realtime-log-config-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources: [exampleAwsKinesisStream.arn],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"cloudfront-realtime-log-config-example\",\n role: exampleRole.id,\n policy: example.then(example =\u003e example.json),\n});\nconst exampleRealtimeLogConfig = new aws.cloudfront.RealtimeLogConfig(\"example\", {\n name: \"example\",\n samplingRate: 75,\n fields: [\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint: {\n streamType: \"Kinesis\",\n kinesisStreamConfig: {\n roleArn: exampleRole.arn,\n streamArn: exampleAwsKinesisStream.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"cloudfront.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"cloudfront-realtime-log-config-example\",\n assume_role_policy=assume_role.json)\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n ],\n resources=[example_aws_kinesis_stream[\"arn\"]],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"cloudfront-realtime-log-config-example\",\n role=example_role.id,\n policy=example.json)\nexample_realtime_log_config = aws.cloudfront.RealtimeLogConfig(\"example\",\n name=\"example\",\n sampling_rate=75,\n fields=[\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint=aws.cloudfront.RealtimeLogConfigEndpointArgs(\n stream_type=\"Kinesis\",\n kinesis_stream_config=aws.cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs(\n role_arn=example_role.arn,\n stream_arn=example_aws_kinesis_stream[\"arn\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudfront.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"cloudfront-realtime-log-config-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\",\n },\n Resources = new[]\n {\n exampleAwsKinesisStream.Arn,\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"cloudfront-realtime-log-config-example\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRealtimeLogConfig = new Aws.CloudFront.RealtimeLogConfig(\"example\", new()\n {\n Name = \"example\",\n SamplingRate = 75,\n Fields = new[]\n {\n \"timestamp\",\n \"c-ip\",\n },\n Endpoint = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointArgs\n {\n StreamType = \"Kinesis\",\n KinesisStreamConfig = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs\n {\n RoleArn = exampleRole.Arn,\n StreamArn = exampleAwsKinesisStream.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"cloudfront.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\nName: pulumi.String(\"cloudfront-realtime-log-config-example\"),\nAssumeRolePolicy: pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"kinesis:DescribeStreamSummary\",\n\"kinesis:DescribeStream\",\n\"kinesis:PutRecord\",\n\"kinesis:PutRecords\",\n},\nResources: interface{}{\nexampleAwsKinesisStream.Arn,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"cloudfront-realtime-log-config-example\"),\nRole: exampleRole.ID(),\nPolicy: pulumi.String(example.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = cloudfront.NewRealtimeLogConfig(ctx, \"example\", \u0026cloudfront.RealtimeLogConfigArgs{\nName: pulumi.String(\"example\"),\nSamplingRate: pulumi.Int(75),\nFields: pulumi.StringArray{\npulumi.String(\"timestamp\"),\npulumi.String(\"c-ip\"),\n},\nEndpoint: \u0026cloudfront.RealtimeLogConfigEndpointArgs{\nStreamType: pulumi.String(\"Kinesis\"),\nKinesisStreamConfig: \u0026cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs{\nRoleArn: exampleRole.Arn,\nStreamArn: pulumi.Any(exampleAwsKinesisStream.Arn),\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfig;\nimport com.pulumi.aws.cloudfront.RealtimeLogConfigArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointArgs;\nimport com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudfront.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"cloudfront-realtime-log-config-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\")\n .resources(exampleAwsKinesisStream.arn())\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"cloudfront-realtime-log-config-example\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRealtimeLogConfig = new RealtimeLogConfig(\"exampleRealtimeLogConfig\", RealtimeLogConfigArgs.builder() \n .name(\"example\")\n .samplingRate(75)\n .fields( \n \"timestamp\",\n \"c-ip\")\n .endpoint(RealtimeLogConfigEndpointArgs.builder()\n .streamType(\"Kinesis\")\n .kinesisStreamConfig(RealtimeLogConfigEndpointKinesisStreamConfigArgs.builder()\n .roleArn(exampleRole.arn())\n .streamArn(exampleAwsKinesisStream.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: cloudfront-realtime-log-config-example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: cloudfront-realtime-log-config-example\n role: ${exampleRole.id}\n policy: ${example.json}\n exampleRealtimeLogConfig:\n type: aws:cloudfront:RealtimeLogConfig\n name: example\n properties:\n name: example\n samplingRate: 75\n fields:\n - timestamp\n - c-ip\n endpoint:\n streamType: Kinesis\n kinesisStreamConfig:\n roleArn: ${exampleRole.arn}\n streamArn: ${exampleAwsKinesisStream.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudfront.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - kinesis:DescribeStreamSummary\n - kinesis:DescribeStream\n - kinesis:PutRecord\n - kinesis:PutRecords\n resources:\n - ${exampleAwsKinesisStream.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudFront real-time log configurations using the ARN. For example:\n\n```sh\n$ pulumi import aws:cloudfront/realtimeLogConfig:RealtimeLogConfig example arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig\n```\n", "properties": { "arn": { "type": "string", @@ -180446,7 +180446,7 @@ } }, "aws:cloudhsmv2/hsm:Hsm": { - "description": "Creates an HSM module in Amazon CloudHSM v2 cluster.\n\n## Example Usage\n\nThe following example below creates an HSM module in CloudHSM cluster.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = aws.cloudhsmv2.getCluster({\n clusterId: cloudhsmClusterId,\n});\nconst cloudhsmV2Hsm = new aws.cloudhsmv2.Hsm(\"cloudhsm_v2_hsm\", {\n subnetId: cluster.then(cluster =\u003e cluster.subnetIds?.[0]),\n clusterId: cluster.then(cluster =\u003e cluster.clusterId),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster = aws.cloudhsmv2.get_cluster(cluster_id=cloudhsm_cluster_id)\ncloudhsm_v2_hsm = aws.cloudhsmv2.Hsm(\"cloudhsm_v2_hsm\",\n subnet_id=cluster.subnet_ids[0],\n cluster_id=cluster.cluster_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cluster = Aws.CloudHsmV2.GetCluster.Invoke(new()\n {\n ClusterId = cloudhsmClusterId,\n });\n\n var cloudhsmV2Hsm = new Aws.CloudHsmV2.Hsm(\"cloudhsm_v2_hsm\", new()\n {\n SubnetId = cluster.Apply(getClusterResult =\u003e getClusterResult.SubnetIds[0]),\n ClusterId = cluster.Apply(getClusterResult =\u003e getClusterResult.ClusterId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudhsmv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcluster, err := cloudhsmv2.LookupCluster(ctx, \u0026cloudhsmv2.LookupClusterArgs{\n\t\t\tClusterId: cloudhsmClusterId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudhsmv2.NewHsm(ctx, \"cloudhsm_v2_hsm\", \u0026cloudhsmv2.HsmArgs{\n\t\t\tSubnetId: *pulumi.String(cluster.SubnetIds[0]),\n\t\t\tClusterId: *pulumi.String(cluster.ClusterId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudhsmv2.Cloudhsmv2Functions;\nimport com.pulumi.aws.cloudhsmv2.inputs.GetClusterArgs;\nimport com.pulumi.aws.cloudhsmv2.Hsm;\nimport com.pulumi.aws.cloudhsmv2.HsmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cluster = Cloudhsmv2Functions.getCluster(GetClusterArgs.builder()\n .clusterId(cloudhsmClusterId)\n .build());\n\n var cloudhsmV2Hsm = new Hsm(\"cloudhsmV2Hsm\", HsmArgs.builder() \n .subnetId(cluster.applyValue(getClusterResult -\u003e getClusterResult.subnetIds()[0]))\n .clusterId(cluster.applyValue(getClusterResult -\u003e getClusterResult.clusterId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudhsmV2Hsm:\n type: aws:cloudhsmv2:Hsm\n name: cloudhsm_v2_hsm\n properties:\n subnetId: ${cluster.subnetIds[0]}\n clusterId: ${cluster.clusterId}\nvariables:\n cluster:\n fn::invoke:\n Function: aws:cloudhsmv2:getCluster\n Arguments:\n clusterId: ${cloudhsmClusterId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import HSM modules using their HSM ID. For example:\n\n```sh\n$ pulumi import aws:cloudhsmv2/hsm:Hsm bar hsm-quo8dahtaca\n```\n", + "description": "Creates an HSM module in Amazon CloudHSM v2 cluster.\n\n## Example Usage\n\nThe following example below creates an HSM module in CloudHSM cluster.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = aws.cloudhsmv2.getCluster({\n clusterId: cloudhsmClusterId,\n});\nconst cloudhsmV2Hsm = new aws.cloudhsmv2.Hsm(\"cloudhsm_v2_hsm\", {\n subnetId: cluster.then(cluster =\u003e cluster.subnetIds?.[0]),\n clusterId: cluster.then(cluster =\u003e cluster.clusterId),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster = aws.cloudhsmv2.get_cluster(cluster_id=cloudhsm_cluster_id)\ncloudhsm_v2_hsm = aws.cloudhsmv2.Hsm(\"cloudhsm_v2_hsm\",\n subnet_id=cluster.subnet_ids[0],\n cluster_id=cluster.cluster_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cluster = Aws.CloudHsmV2.GetCluster.Invoke(new()\n {\n ClusterId = cloudhsmClusterId,\n });\n\n var cloudhsmV2Hsm = new Aws.CloudHsmV2.Hsm(\"cloudhsm_v2_hsm\", new()\n {\n SubnetId = cluster.Apply(getClusterResult =\u003e getClusterResult.SubnetIds[0]),\n ClusterId = cluster.Apply(getClusterResult =\u003e getClusterResult.ClusterId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudhsmv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcluster, err := cloudhsmv2.LookupCluster(ctx, \u0026cloudhsmv2.LookupClusterArgs{\n\t\t\tClusterId: cloudhsmClusterId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudhsmv2.NewHsm(ctx, \"cloudhsm_v2_hsm\", \u0026cloudhsmv2.HsmArgs{\n\t\t\tSubnetId: pulumi.String(cluster.SubnetIds[0]),\n\t\t\tClusterId: pulumi.String(cluster.ClusterId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudhsmv2.Cloudhsmv2Functions;\nimport com.pulumi.aws.cloudhsmv2.inputs.GetClusterArgs;\nimport com.pulumi.aws.cloudhsmv2.Hsm;\nimport com.pulumi.aws.cloudhsmv2.HsmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var cluster = Cloudhsmv2Functions.getCluster(GetClusterArgs.builder()\n .clusterId(cloudhsmClusterId)\n .build());\n\n var cloudhsmV2Hsm = new Hsm(\"cloudhsmV2Hsm\", HsmArgs.builder() \n .subnetId(cluster.applyValue(getClusterResult -\u003e getClusterResult.subnetIds()[0]))\n .clusterId(cluster.applyValue(getClusterResult -\u003e getClusterResult.clusterId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cloudhsmV2Hsm:\n type: aws:cloudhsmv2:Hsm\n name: cloudhsm_v2_hsm\n properties:\n subnetId: ${cluster.subnetIds[0]}\n clusterId: ${cluster.clusterId}\nvariables:\n cluster:\n fn::invoke:\n Function: aws:cloudhsmv2:getCluster\n Arguments:\n clusterId: ${cloudhsmClusterId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import HSM modules using their HSM ID. For example:\n\n```sh\n$ pulumi import aws:cloudhsmv2/hsm:Hsm bar hsm-quo8dahtaca\n```\n", "properties": { "availabilityZone": { "type": "string", @@ -180687,7 +180687,7 @@ } }, "aws:cloudsearch/domainServiceAccessPolicy:DomainServiceAccessPolicy": { - "description": "Provides an CloudSearch domain service access policy resource.\n\nThe provider waits for the domain service access policy to become `Active` when applying a configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomain = new aws.cloudsearch.Domain(\"example\", {name: \"example-domain\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"search_only\",\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\n \"cloudsearch:search\",\n \"cloudsearch:document\",\n ],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"192.0.2.0/32\"],\n }],\n }],\n});\nconst exampleDomainServiceAccessPolicy = new aws.cloudsearch.DomainServiceAccessPolicy(\"example\", {\n domainName: exampleDomain.id,\n accessPolicy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain = aws.cloudsearch.Domain(\"example\", name=\"example-domain\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"search_only\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\n \"cloudsearch:search\",\n \"cloudsearch:document\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"192.0.2.0/32\"],\n )],\n)])\nexample_domain_service_access_policy = aws.cloudsearch.DomainServiceAccessPolicy(\"example\",\n domain_name=example_domain.id,\n access_policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomain = new Aws.CloudSearch.Domain(\"example\", new()\n {\n Name = \"example-domain\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"search_only\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"cloudsearch:search\",\n \"cloudsearch:document\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"192.0.2.0/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomainServiceAccessPolicy = new Aws.CloudSearch.DomainServiceAccessPolicy(\"example\", new()\n {\n DomainName = exampleDomain.Id,\n AccessPolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomain, err := cloudsearch.NewDomain(ctx, \"example\", \u0026cloudsearch.DomainArgs{\n\t\t\tName: pulumi.String(\"example-domain\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"search_only\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"cloudsearch:search\",\n\t\t\t\t\t\t\"cloudsearch:document\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"192.0.2.0/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudsearch.NewDomainServiceAccessPolicy(ctx, \"example\", \u0026cloudsearch.DomainServiceAccessPolicyArgs{\n\t\t\tDomainName: exampleDomain.ID(),\n\t\t\tAccessPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudsearch.Domain;\nimport com.pulumi.aws.cloudsearch.DomainArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudsearch.DomainServiceAccessPolicy;\nimport com.pulumi.aws.cloudsearch.DomainServiceAccessPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .name(\"example-domain\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"search_only\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions( \n \"cloudsearch:search\",\n \"cloudsearch:document\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"192.0.2.0/32\")\n .build())\n .build())\n .build());\n\n var exampleDomainServiceAccessPolicy = new DomainServiceAccessPolicy(\"exampleDomainServiceAccessPolicy\", DomainServiceAccessPolicyArgs.builder() \n .domainName(exampleDomain.id())\n .accessPolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomain:\n type: aws:cloudsearch:Domain\n name: example\n properties:\n name: example-domain\n exampleDomainServiceAccessPolicy:\n type: aws:cloudsearch:DomainServiceAccessPolicy\n name: example\n properties:\n domainName: ${exampleDomain.id}\n accessPolicy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: search_only\n effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - cloudsearch:search\n - cloudsearch:document\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 192.0.2.0/32\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudSearch domain service access policies using the domain name. For example:\n\n```sh\n$ pulumi import aws:cloudsearch/domainServiceAccessPolicy:DomainServiceAccessPolicy example example-domain\n```\n", + "description": "Provides an CloudSearch domain service access policy resource.\n\nThe provider waits for the domain service access policy to become `Active` when applying a configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomain = new aws.cloudsearch.Domain(\"example\", {name: \"example-domain\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"search_only\",\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\n \"cloudsearch:search\",\n \"cloudsearch:document\",\n ],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"192.0.2.0/32\"],\n }],\n }],\n});\nconst exampleDomainServiceAccessPolicy = new aws.cloudsearch.DomainServiceAccessPolicy(\"example\", {\n domainName: exampleDomain.id,\n accessPolicy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain = aws.cloudsearch.Domain(\"example\", name=\"example-domain\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"search_only\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\n \"cloudsearch:search\",\n \"cloudsearch:document\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"192.0.2.0/32\"],\n )],\n)])\nexample_domain_service_access_policy = aws.cloudsearch.DomainServiceAccessPolicy(\"example\",\n domain_name=example_domain.id,\n access_policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomain = new Aws.CloudSearch.Domain(\"example\", new()\n {\n Name = \"example-domain\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"search_only\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"cloudsearch:search\",\n \"cloudsearch:document\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"192.0.2.0/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomainServiceAccessPolicy = new Aws.CloudSearch.DomainServiceAccessPolicy(\"example\", new()\n {\n DomainName = exampleDomain.Id,\n AccessPolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomain, err := cloudsearch.NewDomain(ctx, \"example\", \u0026cloudsearch.DomainArgs{\n\t\t\tName: pulumi.String(\"example-domain\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"search_only\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"cloudsearch:search\",\n\t\t\t\t\t\t\"cloudsearch:document\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"192.0.2.0/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudsearch.NewDomainServiceAccessPolicy(ctx, \"example\", \u0026cloudsearch.DomainServiceAccessPolicyArgs{\n\t\t\tDomainName: exampleDomain.ID(),\n\t\t\tAccessPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudsearch.Domain;\nimport com.pulumi.aws.cloudsearch.DomainArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudsearch.DomainServiceAccessPolicy;\nimport com.pulumi.aws.cloudsearch.DomainServiceAccessPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .name(\"example-domain\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"search_only\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions( \n \"cloudsearch:search\",\n \"cloudsearch:document\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"192.0.2.0/32\")\n .build())\n .build())\n .build());\n\n var exampleDomainServiceAccessPolicy = new DomainServiceAccessPolicy(\"exampleDomainServiceAccessPolicy\", DomainServiceAccessPolicyArgs.builder() \n .domainName(exampleDomain.id())\n .accessPolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomain:\n type: aws:cloudsearch:Domain\n name: example\n properties:\n name: example-domain\n exampleDomainServiceAccessPolicy:\n type: aws:cloudsearch:DomainServiceAccessPolicy\n name: example\n properties:\n domainName: ${exampleDomain.id}\n accessPolicy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: search_only\n effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - cloudsearch:search\n - cloudsearch:document\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 192.0.2.0/32\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudSearch domain service access policies using the domain name. For example:\n\n```sh\n$ pulumi import aws:cloudsearch/domainServiceAccessPolicy:DomainServiceAccessPolicy example example-domain\n```\n", "properties": { "accessPolicy": { "type": "string", @@ -180732,7 +180732,7 @@ } }, "aws:cloudtrail/eventDataStore:EventDataStore": { - "description": "Provides a CloudTrail Event Data Store.\n\nMore information about event data stores can be found in the [Event Data Store User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store.html).\n\n\u003e **Tip:** For an organization event data store you must create this resource in the management account.\n\n## Example Usage\n\n### Basic\n\nThe most simple event data store configuration requires us to only set the `name` attribute. The event data store will automatically capture all management events. To capture management events from all the regions, `multi_region_enabled` must be `true`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {name: \"example-event-data-store\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.EventDataStore(\"example\", name=\"example-event-data-store\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.EventDataStore(\"example\", new()\n {\n Name = \"example-event-data-store\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewEventDataStore(ctx, \"example\", \u0026cloudtrail.EventDataStoreArgs{\n\t\t\tName: pulumi.String(\"example-event-data-store\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport com.pulumi.aws.cloudtrail.EventDataStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EventDataStore(\"example\", EventDataStoreArgs.builder() \n .name(\"example-event-data-store\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n properties:\n name: example-event-data-store\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Data Event Logging\n\nCloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:\n\n- [CloudTrail API AdvancedFieldSelector documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html)\n\n### Log all DynamoDB PutEvent actions for a specific DynamoDB table\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst table = aws.dynamodb.getTable({\n name: \"not-important-dynamodb-table\",\n});\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {advancedEventSelectors: [{\n name: \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::DynamoDB::Table\"],\n },\n {\n field: \"eventName\",\n equals: [\"PutItem\"],\n },\n {\n field: \"resources.ARN\",\n equals: [table.then(table =\u003e table.arn)],\n },\n ],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntable = aws.dynamodb.get_table(name=\"not-important-dynamodb-table\")\nexample = aws.cloudtrail.EventDataStore(\"example\", advanced_event_selectors=[aws.cloudtrail.EventDataStoreAdvancedEventSelectorArgs(\n name=\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n field_selectors=[\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventCategory\",\n equals=[\"Data\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.type\",\n equals=[\"AWS::DynamoDB::Table\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventName\",\n equals=[\"PutItem\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.ARN\",\n equals=[table.arn],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var table = Aws.DynamoDB.GetTable.Invoke(new()\n {\n Name = \"not-important-dynamodb-table\",\n });\n\n var example = new Aws.CloudTrail.EventDataStore(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs\n {\n Name = \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::DynamoDB::Table\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n Equals = new[]\n {\n \"PutItem\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n Equals = new[]\n {\n table.Apply(getTableResult =\u003e getTableResult.Arn),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttable, err := dynamodb.LookupTable(ctx, \u0026dynamodb.LookupTableArgs{\n\t\t\tName: \"not-important-dynamodb-table\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewEventDataStore(ctx, \"example\", \u0026cloudtrail.EventDataStoreArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::DynamoDB::Table\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"PutItem\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\t*pulumi.String(table.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.DynamodbFunctions;\nimport com.pulumi.aws.dynamodb.inputs.GetTableArgs;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport com.pulumi.aws.cloudtrail.EventDataStoreArgs;\nimport com.pulumi.aws.cloudtrail.inputs.EventDataStoreAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var table = DynamodbFunctions.getTable(GetTableArgs.builder()\n .name(\"not-important-dynamodb-table\")\n .build());\n\n var example = new EventDataStore(\"example\", EventDataStoreArgs.builder() \n .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()\n .name(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\")\n .fieldSelectors( \n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::DynamoDB::Table\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .equals(\"PutItem\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .equals(table.applyValue(getTableResult -\u003e getTableResult.arn()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n properties:\n advancedEventSelectors:\n - name: Log all DynamoDB PutEvent actions for a specific DynamoDB table\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: resources.type\n equals:\n - AWS::DynamoDB::Table\n - field: eventName\n equals:\n - PutItem\n - field: resources.ARN\n equals:\n - ${table.arn}\nvariables:\n table:\n fn::invoke:\n Function: aws:dynamodb:getTable\n Arguments:\n name: not-important-dynamodb-table\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import event data stores using their `arn`. For example:\n\n```sh\n$ pulumi import aws:cloudtrail/eventDataStore:EventDataStore example arn:aws:cloudtrail:us-east-1:123456789123:eventdatastore/22333815-4414-412c-b155-dd254033gfhf\n```\n", + "description": "Provides a CloudTrail Event Data Store.\n\nMore information about event data stores can be found in the [Event Data Store User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store.html).\n\n\u003e **Tip:** For an organization event data store you must create this resource in the management account.\n\n## Example Usage\n\n### Basic\n\nThe most simple event data store configuration requires us to only set the `name` attribute. The event data store will automatically capture all management events. To capture management events from all the regions, `multi_region_enabled` must be `true`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {name: \"example-event-data-store\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.EventDataStore(\"example\", name=\"example-event-data-store\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.EventDataStore(\"example\", new()\n {\n Name = \"example-event-data-store\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewEventDataStore(ctx, \"example\", \u0026cloudtrail.EventDataStoreArgs{\n\t\t\tName: pulumi.String(\"example-event-data-store\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport com.pulumi.aws.cloudtrail.EventDataStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EventDataStore(\"example\", EventDataStoreArgs.builder() \n .name(\"example-event-data-store\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n properties:\n name: example-event-data-store\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Data Event Logging\n\nCloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:\n\n- [CloudTrail API AdvancedFieldSelector documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html)\n\n### Log all DynamoDB PutEvent actions for a specific DynamoDB table\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst table = aws.dynamodb.getTable({\n name: \"not-important-dynamodb-table\",\n});\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {advancedEventSelectors: [{\n name: \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::DynamoDB::Table\"],\n },\n {\n field: \"eventName\",\n equals: [\"PutItem\"],\n },\n {\n field: \"resources.ARN\",\n equals: [table.then(table =\u003e table.arn)],\n },\n ],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntable = aws.dynamodb.get_table(name=\"not-important-dynamodb-table\")\nexample = aws.cloudtrail.EventDataStore(\"example\", advanced_event_selectors=[aws.cloudtrail.EventDataStoreAdvancedEventSelectorArgs(\n name=\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n field_selectors=[\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventCategory\",\n equals=[\"Data\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.type\",\n equals=[\"AWS::DynamoDB::Table\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventName\",\n equals=[\"PutItem\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.ARN\",\n equals=[table.arn],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var table = Aws.DynamoDB.GetTable.Invoke(new()\n {\n Name = \"not-important-dynamodb-table\",\n });\n\n var example = new Aws.CloudTrail.EventDataStore(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs\n {\n Name = \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::DynamoDB::Table\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n Equals = new[]\n {\n \"PutItem\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n Equals = new[]\n {\n table.Apply(getTableResult =\u003e getTableResult.Arn),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttable, err := dynamodb.LookupTable(ctx, \u0026dynamodb.LookupTableArgs{\n\t\t\tName: \"not-important-dynamodb-table\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewEventDataStore(ctx, \"example\", \u0026cloudtrail.EventDataStoreArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::DynamoDB::Table\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"PutItem\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(table.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.DynamodbFunctions;\nimport com.pulumi.aws.dynamodb.inputs.GetTableArgs;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport com.pulumi.aws.cloudtrail.EventDataStoreArgs;\nimport com.pulumi.aws.cloudtrail.inputs.EventDataStoreAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var table = DynamodbFunctions.getTable(GetTableArgs.builder()\n .name(\"not-important-dynamodb-table\")\n .build());\n\n var example = new EventDataStore(\"example\", EventDataStoreArgs.builder() \n .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()\n .name(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\")\n .fieldSelectors( \n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::DynamoDB::Table\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .equals(\"PutItem\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .equals(table.applyValue(getTableResult -\u003e getTableResult.arn()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n properties:\n advancedEventSelectors:\n - name: Log all DynamoDB PutEvent actions for a specific DynamoDB table\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: resources.type\n equals:\n - AWS::DynamoDB::Table\n - field: eventName\n equals:\n - PutItem\n - field: resources.ARN\n equals:\n - ${table.arn}\nvariables:\n table:\n fn::invoke:\n Function: aws:dynamodb:getTable\n Arguments:\n name: not-important-dynamodb-table\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import event data stores using their `arn`. For example:\n\n```sh\n$ pulumi import aws:cloudtrail/eventDataStore:EventDataStore example arn:aws:cloudtrail:us-east-1:123456789123:eventdatastore/22333815-4414-412c-b155-dd254033gfhf\n```\n", "properties": { "advancedEventSelectors": { "type": "array", @@ -181629,7 +181629,7 @@ } }, "aws:cloudwatch/eventBus:EventBus": { - "description": "Provides an EventBridge event bus resource.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst messenger = new aws.cloudwatch.EventBus(\"messenger\", {name: \"chat-messages\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmessenger = aws.cloudwatch.EventBus(\"messenger\", name=\"chat-messages\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var messenger = new Aws.CloudWatch.EventBus(\"messenger\", new()\n {\n Name = \"chat-messages\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventBus(ctx, \"messenger\", \u0026cloudwatch.EventBusArgs{\n\t\t\tName: pulumi.String(\"chat-messages\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventBus;\nimport com.pulumi.aws.cloudwatch.EventBusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var messenger = new EventBus(\"messenger\", EventBusArgs.builder() \n .name(\"chat-messages\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n messenger:\n type: aws:cloudwatch:EventBus\n properties:\n name: chat-messages\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplepartner = aws.cloudwatch.getEventSource({\n namePrefix: \"aws.partner/examplepartner.com\",\n});\nconst examplepartnerEventBus = new aws.cloudwatch.EventBus(\"examplepartner\", {\n name: examplepartner.then(examplepartner =\u003e examplepartner.name),\n eventSourceName: examplepartner.then(examplepartner =\u003e examplepartner.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplepartner = aws.cloudwatch.get_event_source(name_prefix=\"aws.partner/examplepartner.com\")\nexamplepartner_event_bus = aws.cloudwatch.EventBus(\"examplepartner\",\n name=examplepartner.name,\n event_source_name=examplepartner.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var examplepartner = Aws.CloudWatch.GetEventSource.Invoke(new()\n {\n NamePrefix = \"aws.partner/examplepartner.com\",\n });\n\n var examplepartnerEventBus = new Aws.CloudWatch.EventBus(\"examplepartner\", new()\n {\n Name = examplepartner.Apply(getEventSourceResult =\u003e getEventSourceResult.Name),\n EventSourceName = examplepartner.Apply(getEventSourceResult =\u003e getEventSourceResult.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplepartner, err := cloudwatch.GetEventSource(ctx, \u0026cloudwatch.GetEventSourceArgs{\n\t\t\tNamePrefix: pulumi.StringRef(\"aws.partner/examplepartner.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBus(ctx, \"examplepartner\", \u0026cloudwatch.EventBusArgs{\n\t\t\tName: *pulumi.String(examplepartner.Name),\n\t\t\tEventSourceName: *pulumi.String(examplepartner.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.CloudwatchFunctions;\nimport com.pulumi.aws.cloudwatch.inputs.GetEventSourceArgs;\nimport com.pulumi.aws.cloudwatch.EventBus;\nimport com.pulumi.aws.cloudwatch.EventBusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var examplepartner = CloudwatchFunctions.getEventSource(GetEventSourceArgs.builder()\n .namePrefix(\"aws.partner/examplepartner.com\")\n .build());\n\n var examplepartnerEventBus = new EventBus(\"examplepartnerEventBus\", EventBusArgs.builder() \n .name(examplepartner.applyValue(getEventSourceResult -\u003e getEventSourceResult.name()))\n .eventSourceName(examplepartner.applyValue(getEventSourceResult -\u003e getEventSourceResult.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplepartnerEventBus:\n type: aws:cloudwatch:EventBus\n name: examplepartner\n properties:\n name: ${examplepartner.name}\n eventSourceName: ${examplepartner.name}\nvariables:\n examplepartner:\n fn::invoke:\n Function: aws:cloudwatch:getEventSource\n Arguments:\n namePrefix: aws.partner/examplepartner.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EventBridge event buses using the `name` (which can also be a partner event source name). For example:\n\n```sh\n$ pulumi import aws:cloudwatch/eventBus:EventBus messenger chat-messages\n```\n", + "description": "Provides an EventBridge event bus resource.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst messenger = new aws.cloudwatch.EventBus(\"messenger\", {name: \"chat-messages\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmessenger = aws.cloudwatch.EventBus(\"messenger\", name=\"chat-messages\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var messenger = new Aws.CloudWatch.EventBus(\"messenger\", new()\n {\n Name = \"chat-messages\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventBus(ctx, \"messenger\", \u0026cloudwatch.EventBusArgs{\n\t\t\tName: pulumi.String(\"chat-messages\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventBus;\nimport com.pulumi.aws.cloudwatch.EventBusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var messenger = new EventBus(\"messenger\", EventBusArgs.builder() \n .name(\"chat-messages\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n messenger:\n type: aws:cloudwatch:EventBus\n properties:\n name: chat-messages\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplepartner = aws.cloudwatch.getEventSource({\n namePrefix: \"aws.partner/examplepartner.com\",\n});\nconst examplepartnerEventBus = new aws.cloudwatch.EventBus(\"examplepartner\", {\n name: examplepartner.then(examplepartner =\u003e examplepartner.name),\n eventSourceName: examplepartner.then(examplepartner =\u003e examplepartner.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplepartner = aws.cloudwatch.get_event_source(name_prefix=\"aws.partner/examplepartner.com\")\nexamplepartner_event_bus = aws.cloudwatch.EventBus(\"examplepartner\",\n name=examplepartner.name,\n event_source_name=examplepartner.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var examplepartner = Aws.CloudWatch.GetEventSource.Invoke(new()\n {\n NamePrefix = \"aws.partner/examplepartner.com\",\n });\n\n var examplepartnerEventBus = new Aws.CloudWatch.EventBus(\"examplepartner\", new()\n {\n Name = examplepartner.Apply(getEventSourceResult =\u003e getEventSourceResult.Name),\n EventSourceName = examplepartner.Apply(getEventSourceResult =\u003e getEventSourceResult.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplepartner, err := cloudwatch.GetEventSource(ctx, \u0026cloudwatch.GetEventSourceArgs{\n\t\t\tNamePrefix: pulumi.StringRef(\"aws.partner/examplepartner.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBus(ctx, \"examplepartner\", \u0026cloudwatch.EventBusArgs{\n\t\t\tName: pulumi.String(examplepartner.Name),\n\t\t\tEventSourceName: pulumi.String(examplepartner.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.CloudwatchFunctions;\nimport com.pulumi.aws.cloudwatch.inputs.GetEventSourceArgs;\nimport com.pulumi.aws.cloudwatch.EventBus;\nimport com.pulumi.aws.cloudwatch.EventBusArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var examplepartner = CloudwatchFunctions.getEventSource(GetEventSourceArgs.builder()\n .namePrefix(\"aws.partner/examplepartner.com\")\n .build());\n\n var examplepartnerEventBus = new EventBus(\"examplepartnerEventBus\", EventBusArgs.builder() \n .name(examplepartner.applyValue(getEventSourceResult -\u003e getEventSourceResult.name()))\n .eventSourceName(examplepartner.applyValue(getEventSourceResult -\u003e getEventSourceResult.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplepartnerEventBus:\n type: aws:cloudwatch:EventBus\n name: examplepartner\n properties:\n name: ${examplepartner.name}\n eventSourceName: ${examplepartner.name}\nvariables:\n examplepartner:\n fn::invoke:\n Function: aws:cloudwatch:getEventSource\n Arguments:\n namePrefix: aws.partner/examplepartner.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EventBridge event buses using the `name` (which can also be a partner event source name). For example:\n\n```sh\n$ pulumi import aws:cloudwatch/eventBus:EventBus messenger chat-messages\n```\n", "properties": { "arn": { "type": "string", @@ -181720,7 +181720,7 @@ } }, "aws:cloudwatch/eventBusPolicy:EventBusPolicy": { - "description": "Provides a resource to create an EventBridge resource policy to support cross-account events.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\u003e **Note:** The EventBridge bus policy resource (`aws.cloudwatch.EventBusPolicy`) is incompatible with the EventBridge permission resource (`aws.cloudwatch.EventPermission`) and will overwrite permissions.\n\n## Example Usage\n\n### Account Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"test\", {\n policy: test.then(test =\u003e test.json),\n eventBusName: testAwsCloudwatchEventBus.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"test\",\n policy=test.json,\n event_bus_name=test_aws_cloudwatch_event_bus[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"test\", new()\n {\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = testAwsCloudwatchEventBus.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"DevAccountAccess\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBusPolicy(ctx, \"test\", \u0026cloudwatch.EventBusPolicyArgs{\n\t\t\tPolicy: *pulumi.String(test.Json),\n\t\t\tEventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(testAwsCloudwatchEventBus.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n name: test\n properties:\n policy: ${test.json}\n eventBusName: ${testAwsCloudwatchEventBus.name}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Organization Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [example.id],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"test\", {\n policy: test.then(test =\u003e test.json),\n eventBusName: testAwsCloudwatchEventBus.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[example[\"id\"]],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"test\",\n policy=test.json,\n event_bus_name=test_aws_cloudwatch_event_bus[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"test\", new()\n {\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = testAwsCloudwatchEventBus.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"test\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: *pulumi.String(test.Json),\nEventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(example.id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(testAwsCloudwatchEventBus.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n name: test\n properties:\n policy: ${test.json}\n eventBusName: ${testAwsCloudwatchEventBus.name}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Multiple Statements\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n },\n {\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [example.id],\n }],\n },\n ],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"test\", {\n policy: test.then(test =\u003e test.json),\n eventBusName: testAwsCloudwatchEventBus.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[example[\"id\"]],\n )],\n ),\n])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"test\",\n policy=test.json,\n event_bus_name=test_aws_cloudwatch_event_bus[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"test\", new()\n {\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = testAwsCloudwatchEventBus.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"DevAccountAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:PutEvents\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"123456789012\",\n},\n},\n},\n},\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"test\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: *pulumi.String(test.Json),\nEventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(example.id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(testAwsCloudwatchEventBus.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n name: test\n properties:\n policy: ${test.json}\n eventBusName: ${testAwsCloudwatchEventBus.name}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import an EventBridge policy using the `event_bus_name`. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/eventBusPolicy:EventBusPolicy DevAccountAccess example-event-bus\n```\n", + "description": "Provides a resource to create an EventBridge resource policy to support cross-account events.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\u003e **Note:** The EventBridge bus policy resource (`aws.cloudwatch.EventBusPolicy`) is incompatible with the EventBridge permission resource (`aws.cloudwatch.EventPermission`) and will overwrite permissions.\n\n## Example Usage\n\n### Account Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"test\", {\n policy: test.then(test =\u003e test.json),\n eventBusName: testAwsCloudwatchEventBus.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"test\",\n policy=test.json,\n event_bus_name=test_aws_cloudwatch_event_bus[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"test\", new()\n {\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = testAwsCloudwatchEventBus.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"DevAccountAccess\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBusPolicy(ctx, \"test\", \u0026cloudwatch.EventBusPolicyArgs{\n\t\t\tPolicy: pulumi.String(test.Json),\n\t\t\tEventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(testAwsCloudwatchEventBus.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n name: test\n properties:\n policy: ${test.json}\n eventBusName: ${testAwsCloudwatchEventBus.name}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Organization Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [example.id],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"test\", {\n policy: test.then(test =\u003e test.json),\n eventBusName: testAwsCloudwatchEventBus.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[example[\"id\"]],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"test\",\n policy=test.json,\n event_bus_name=test_aws_cloudwatch_event_bus[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"test\", new()\n {\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = testAwsCloudwatchEventBus.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"test\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: pulumi.String(test.Json),\nEventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(example.id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(testAwsCloudwatchEventBus.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n name: test\n properties:\n policy: ${test.json}\n eventBusName: ${testAwsCloudwatchEventBus.name}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Multiple Statements\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n },\n {\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [example.id],\n }],\n },\n ],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"test\", {\n policy: test.then(test =\u003e test.json),\n eventBusName: testAwsCloudwatchEventBus.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[example[\"id\"]],\n )],\n ),\n])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"test\",\n policy=test.json,\n event_bus_name=test_aws_cloudwatch_event_bus[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = new[]\n {\n example.Id,\n },\n },\n },\n },\n },\n });\n\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"test\", new()\n {\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n EventBusName = testAwsCloudwatchEventBus.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ntest, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"DevAccountAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:PutEvents\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"123456789012\",\n},\n},\n},\n},\n{\nSid: pulumi.StringRef(\"OrganizationAccess\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"events:DescribeRule\",\n\"events:ListRules\",\n\"events:ListTargetsByRule\",\n\"events:ListTagsForResource\",\n},\nResources: []string{\n\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"aws:PrincipalOrgID\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = cloudwatch.NewEventBusPolicy(ctx, \"test\", \u0026cloudwatch.EventBusPolicyArgs{\nPolicy: pulumi.String(test.Json),\nEventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.EventBusPolicy;\nimport com.pulumi.aws.cloudwatch.EventBusPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"DevAccountAccess\")\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OrganizationAccess\")\n .effect(\"Allow\")\n .actions( \n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\")\n .resources( \n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:PrincipalOrgID\")\n .values(example.id())\n .build())\n .build())\n .build());\n\n var testEventBusPolicy = new EventBusPolicy(\"testEventBusPolicy\", EventBusPolicyArgs.builder() \n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .eventBusName(testAwsCloudwatchEventBus.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testEventBusPolicy:\n type: aws:cloudwatch:EventBusPolicy\n name: test\n properties:\n policy: ${test.json}\n eventBusName: ${testAwsCloudwatchEventBus.name}\nvariables:\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: DevAccountAccess\n effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n - sid: OrganizationAccess\n effect: Allow\n actions:\n - events:DescribeRule\n - events:ListRules\n - events:ListTargetsByRule\n - events:ListTagsForResource\n resources:\n - arn:aws:events:eu-west-1:123456789012:rule/*\n - arn:aws:events:eu-west-1:123456789012:event-bus/default\n principals:\n - type: AWS\n identifiers:\n - '*'\n conditions:\n - test: StringEquals\n variable: aws:PrincipalOrgID\n values:\n - ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import an EventBridge policy using the `event_bus_name`. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/eventBusPolicy:EventBusPolicy DevAccountAccess example-event-bus\n```\n", "properties": { "eventBusName": { "type": "string", @@ -182244,7 +182244,7 @@ } }, "aws:cloudwatch/eventTarget:EventTarget": { - "description": "Provides an EventBridge Target resource.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n## Example Usage\n\n### Kinesis Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst console = new aws.cloudwatch.EventRule(\"console\", {\n name: \"capture-ec2-scaling-events\",\n description: \"Capture all EC2 scaling events\",\n eventPattern: JSON.stringify({\n source: [\"aws.autoscaling\"],\n \"detail-type\": [\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\",\n ],\n }),\n});\nconst testStream = new aws.kinesis.Stream(\"test_stream\", {\n name: \"kinesis-test\",\n shardCount: 1,\n});\nconst yada = new aws.cloudwatch.EventTarget(\"yada\", {\n targetId: \"Yada\",\n rule: console.name,\n arn: testStream.arn,\n runCommandTargets: [\n {\n key: \"tag:Name\",\n values: [\"FooBar\"],\n },\n {\n key: \"InstanceIds\",\n values: [\"i-162058cd308bffec2\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nconsole = aws.cloudwatch.EventRule(\"console\",\n name=\"capture-ec2-scaling-events\",\n description=\"Capture all EC2 scaling events\",\n event_pattern=json.dumps({\n \"source\": [\"aws.autoscaling\"],\n \"detail-type\": [\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\",\n ],\n }))\ntest_stream = aws.kinesis.Stream(\"test_stream\",\n name=\"kinesis-test\",\n shard_count=1)\nyada = aws.cloudwatch.EventTarget(\"yada\",\n target_id=\"Yada\",\n rule=console.name,\n arn=test_stream.arn,\n run_command_targets=[\n aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Name\",\n values=[\"FooBar\"],\n ),\n aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"InstanceIds\",\n values=[\"i-162058cd308bffec2\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var console = new Aws.CloudWatch.EventRule(\"console\", new()\n {\n Name = \"capture-ec2-scaling-events\",\n Description = \"Capture all EC2 scaling events\",\n EventPattern = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"source\"] = new[]\n {\n \"aws.autoscaling\",\n },\n [\"detail-type\"] = new[]\n {\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\",\n },\n }),\n });\n\n var testStream = new Aws.Kinesis.Stream(\"test_stream\", new()\n {\n Name = \"kinesis-test\",\n ShardCount = 1,\n });\n\n var yada = new Aws.CloudWatch.EventTarget(\"yada\", new()\n {\n TargetId = \"Yada\",\n Rule = console.Name,\n Arn = testStream.Arn,\n RunCommandTargets = new[]\n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Name\",\n Values = new[]\n {\n \"FooBar\",\n },\n },\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"InstanceIds\",\n Values = new[]\n {\n \"i-162058cd308bffec2\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"source\": []string{\n\t\t\t\t\"aws.autoscaling\",\n\t\t\t},\n\t\t\t\"detail-type\": []string{\n\t\t\t\t\"EC2 Instance Launch Successful\",\n\t\t\t\t\"EC2 Instance Terminate Successful\",\n\t\t\t\t\"EC2 Instance Launch Unsuccessful\",\n\t\t\t\t\"EC2 Instance Terminate Unsuccessful\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tconsole, err := cloudwatch.NewEventRule(ctx, \"console\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"capture-ec2-scaling-events\"),\n\t\t\tDescription: pulumi.String(\"Capture all EC2 scaling events\"),\n\t\t\tEventPattern: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewStream(ctx, \"test_stream\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-test\"),\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"yada\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"Yada\"),\n\t\t\tRule: console.Name,\n\t\t\tArn: testStream.Arn,\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Name\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FooBar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"InstanceIds\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"i-162058cd308bffec2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var console = new EventRule(\"console\", EventRuleArgs.builder() \n .name(\"capture-ec2-scaling-events\")\n .description(\"Capture all EC2 scaling events\")\n .eventPattern(serializeJson(\n jsonObject(\n jsonProperty(\"source\", jsonArray(\"aws.autoscaling\")),\n jsonProperty(\"detail-type\", jsonArray(\n \"EC2 Instance Launch Successful\", \n \"EC2 Instance Terminate Successful\", \n \"EC2 Instance Launch Unsuccessful\", \n \"EC2 Instance Terminate Unsuccessful\"\n ))\n )))\n .build());\n\n var testStream = new Stream(\"testStream\", StreamArgs.builder() \n .name(\"kinesis-test\")\n .shardCount(1)\n .build());\n\n var yada = new EventTarget(\"yada\", EventTargetArgs.builder() \n .targetId(\"Yada\")\n .rule(console.name())\n .arn(testStream.arn())\n .runCommandTargets( \n EventTargetRunCommandTargetArgs.builder()\n .key(\"tag:Name\")\n .values(\"FooBar\")\n .build(),\n EventTargetRunCommandTargetArgs.builder()\n .key(\"InstanceIds\")\n .values(\"i-162058cd308bffec2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n yada:\n type: aws:cloudwatch:EventTarget\n properties:\n targetId: Yada\n rule: ${console.name}\n arn: ${testStream.arn}\n runCommandTargets:\n - key: tag:Name\n values:\n - FooBar\n - key: InstanceIds\n values:\n - i-162058cd308bffec2\n console:\n type: aws:cloudwatch:EventRule\n properties:\n name: capture-ec2-scaling-events\n description: Capture all EC2 scaling events\n eventPattern:\n fn::toJSON:\n source:\n - aws.autoscaling\n detail-type:\n - EC2 Instance Launch Successful\n - EC2 Instance Terminate Successful\n - EC2 Instance Launch Unsuccessful\n - EC2 Instance Terminate Unsuccessful\n testStream:\n type: aws:kinesis:Stream\n name: test_stream\n properties:\n name: kinesis-test\n shardCount: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### SSM Document Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ssmLifecycleTrust = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n }],\n});\nconst stopInstance = new aws.ssm.Document(\"stop_instance\", {\n name: \"stop_instance\",\n documentType: \"Command\",\n content: JSON.stringify({\n schemaVersion: \"1.2\",\n description: \"Stop an instance\",\n parameters: {},\n runtimeConfig: {\n \"aws:runShellScript\": {\n properties: [{\n id: \"0.aws:runShellScript\",\n runCommand: [\"halt\"],\n }],\n },\n },\n }),\n});\nconst ssmLifecycle = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"ssm:SendCommand\"],\n resources: [\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"],\n conditions: [{\n test: \"StringEquals\",\n variable: \"ec2:ResourceTag/Terminate\",\n values: [\"*\"],\n }],\n },\n {\n effect: \"Allow\",\n actions: [\"ssm:SendCommand\"],\n resources: [stopInstance.arn],\n },\n ],\n});\nconst ssmLifecycleRole = new aws.iam.Role(\"ssm_lifecycle\", {\n name: \"SSMLifecycle\",\n assumeRolePolicy: ssmLifecycleTrust.then(ssmLifecycleTrust =\u003e ssmLifecycleTrust.json),\n});\nconst ssmLifecyclePolicy = new aws.iam.Policy(\"ssm_lifecycle\", {\n name: \"SSMLifecycle\",\n policy: ssmLifecycle.apply(ssmLifecycle =\u003e ssmLifecycle.json),\n});\nconst ssmLifecycleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"ssm_lifecycle\", {\n policyArn: ssmLifecyclePolicy.arn,\n role: ssmLifecycleRole.name,\n});\nconst stopInstances = new aws.cloudwatch.EventRule(\"stop_instances\", {\n name: \"StopInstance\",\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stop_instances\", {\n targetId: \"StopInstance\",\n arn: stopInstance.arn,\n rule: stopInstances.name,\n roleArn: ssmLifecycleRole.arn,\n runCommandTargets: [{\n key: \"tag:Terminate\",\n values: [\"midnight\"],\n }],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nssm_lifecycle_trust = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n)])\nstop_instance = aws.ssm.Document(\"stop_instance\",\n name=\"stop_instance\",\n document_type=\"Command\",\n content=json.dumps({\n \"schemaVersion\": \"1.2\",\n \"description\": \"Stop an instance\",\n \"parameters\": {},\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [{\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"halt\"],\n }],\n },\n },\n }))\nssm_lifecycle = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ssm:SendCommand\"],\n resources=[\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:ResourceTag/Terminate\",\n values=[\"*\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ssm:SendCommand\"],\n resources=[stop_instance.arn],\n ),\n])\nssm_lifecycle_role = aws.iam.Role(\"ssm_lifecycle\",\n name=\"SSMLifecycle\",\n assume_role_policy=ssm_lifecycle_trust.json)\nssm_lifecycle_policy = aws.iam.Policy(\"ssm_lifecycle\",\n name=\"SSMLifecycle\",\n policy=ssm_lifecycle.json)\nssm_lifecycle_role_policy_attachment = aws.iam.RolePolicyAttachment(\"ssm_lifecycle\",\n policy_arn=ssm_lifecycle_policy.arn,\n role=ssm_lifecycle_role.name)\nstop_instances = aws.cloudwatch.EventRule(\"stop_instances\",\n name=\"StopInstance\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stop_instances\",\n target_id=\"StopInstance\",\n arn=stop_instance.arn,\n rule=stop_instances.name,\n role_arn=ssm_lifecycle_role.arn,\n run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Terminate\",\n values=[\"midnight\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ssmLifecycleTrust = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var stopInstance = new Aws.Ssm.Document(\"stop_instance\", new()\n {\n Name = \"stop_instance\",\n DocumentType = \"Command\",\n Content = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"schemaVersion\"] = \"1.2\",\n [\"description\"] = \"Stop an instance\",\n [\"parameters\"] = new Dictionary\u003cstring, object?\u003e\n {\n },\n [\"runtimeConfig\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"aws:runShellScript\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"properties\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"id\"] = \"0.aws:runShellScript\",\n [\"runCommand\"] = new[]\n {\n \"halt\",\n },\n },\n },\n },\n },\n }),\n });\n\n var ssmLifecycle = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ssm:SendCommand\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:eu-west-1:1234567890:instance/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:ResourceTag/Terminate\",\n Values = new[]\n {\n \"*\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ssm:SendCommand\",\n },\n Resources = new[]\n {\n stopInstance.Arn,\n },\n },\n },\n });\n\n var ssmLifecycleRole = new Aws.Iam.Role(\"ssm_lifecycle\", new()\n {\n Name = \"SSMLifecycle\",\n AssumeRolePolicy = ssmLifecycleTrust.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ssmLifecyclePolicy = new Aws.Iam.Policy(\"ssm_lifecycle\", new()\n {\n Name = \"SSMLifecycle\",\n PolicyDocument = ssmLifecycle.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ssmLifecycleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"ssm_lifecycle\", new()\n {\n PolicyArn = ssmLifecyclePolicy.Arn,\n Role = ssmLifecycleRole.Name,\n });\n\n var stopInstances = new Aws.CloudWatch.EventRule(\"stop_instances\", new()\n {\n Name = \"StopInstance\",\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stop_instances\", new()\n {\n TargetId = \"StopInstance\",\n Arn = stopInstance.Arn,\n Rule = stopInstances.Name,\n RoleArn = ssmLifecycleRole.Arn,\n RunCommandTargets = new[]\n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Terminate\",\n Values = new[]\n {\n \"midnight\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tssmLifecycleTrust, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"events.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"schemaVersion\": \"1.2\",\n\t\t\t\"description\": \"Stop an instance\",\n\t\t\t\"parameters\": nil,\n\t\t\t\"runtimeConfig\": map[string]interface{}{\n\t\t\t\t\"aws:runShellScript\": map[string]interface{}{\n\t\t\t\t\t\"properties\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"id\": \"0.aws:runShellScript\",\n\t\t\t\t\t\t\t\"runCommand\": []string{\n\t\t\t\t\t\t\t\t\"halt\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tstopInstance, err := ssm.NewDocument(ctx, \"stop_instance\", \u0026ssm.DocumentArgs{\n\t\t\tName: pulumi.String(\"stop_instance\"),\n\t\t\tDocumentType: pulumi.String(\"Command\"),\n\t\t\tContent: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssmLifecycle := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ssm:SendCommand\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"ec2:ResourceTag/Terminate\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ssm:SendCommand\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tstopInstance.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tssmLifecycleRole, err := iam.NewRole(ctx, \"ssm_lifecycle\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"SSMLifecycle\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(ssmLifecycleTrust.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssmLifecyclePolicy, err := iam.NewPolicy(ctx, \"ssm_lifecycle\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"SSMLifecycle\"),\n\t\t\tPolicy: ssmLifecycle.ApplyT(func(ssmLifecycle iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026ssmLifecycle.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ssm_lifecycle\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: ssmLifecyclePolicy.Arn,\n\t\t\tRole: ssmLifecycleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstopInstances, err := cloudwatch.NewEventRule(ctx, \"stop_instances\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"StopInstance\"),\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stop_instances\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"StopInstance\"),\n\t\t\tArn: stopInstance.Arn,\n\t\t\tRule: stopInstances.Name,\n\t\t\tRoleArn: ssmLifecycleRole.Arn,\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Terminate\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"midnight\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ssm.Document;\nimport com.pulumi.aws.ssm.DocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ssmLifecycleTrust = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var stopInstance = new Document(\"stopInstance\", DocumentArgs.builder() \n .name(\"stop_instance\")\n .documentType(\"Command\")\n .content(serializeJson(\n jsonObject(\n jsonProperty(\"schemaVersion\", \"1.2\"),\n jsonProperty(\"description\", \"Stop an instance\"),\n jsonProperty(\"parameters\", jsonObject(\n\n )),\n jsonProperty(\"runtimeConfig\", jsonObject(\n jsonProperty(\"aws:runShellScript\", jsonObject(\n jsonProperty(\"properties\", jsonArray(jsonObject(\n jsonProperty(\"id\", \"0.aws:runShellScript\"),\n jsonProperty(\"runCommand\", jsonArray(\"halt\"))\n )))\n ))\n ))\n )))\n .build());\n\n final var ssmLifecycle = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ssm:SendCommand\")\n .resources(\"arn:aws:ec2:eu-west-1:1234567890:instance/*\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:ResourceTag/Terminate\")\n .values(\"*\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ssm:SendCommand\")\n .resources(stopInstance.arn())\n .build())\n .build());\n\n var ssmLifecycleRole = new Role(\"ssmLifecycleRole\", RoleArgs.builder() \n .name(\"SSMLifecycle\")\n .assumeRolePolicy(ssmLifecycleTrust.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ssmLifecyclePolicy = new Policy(\"ssmLifecyclePolicy\", PolicyArgs.builder() \n .name(\"SSMLifecycle\")\n .policy(ssmLifecycle.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(ssmLifecycle -\u003e ssmLifecycle.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var ssmLifecycleRolePolicyAttachment = new RolePolicyAttachment(\"ssmLifecycleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(ssmLifecyclePolicy.arn())\n .role(ssmLifecycleRole.name())\n .build());\n\n var stopInstances = new EventRule(\"stopInstances\", EventRuleArgs.builder() \n .name(\"StopInstance\")\n .description(\"Stop instances nightly\")\n .scheduleExpression(\"cron(0 0 * * ? *)\")\n .build());\n\n var stopInstancesEventTarget = new EventTarget(\"stopInstancesEventTarget\", EventTargetArgs.builder() \n .targetId(\"StopInstance\")\n .arn(stopInstance.arn())\n .rule(stopInstances.name())\n .roleArn(ssmLifecycleRole.arn())\n .runCommandTargets(EventTargetRunCommandTargetArgs.builder()\n .key(\"tag:Terminate\")\n .values(\"midnight\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ssmLifecycleRole:\n type: aws:iam:Role\n name: ssm_lifecycle\n properties:\n name: SSMLifecycle\n assumeRolePolicy: ${ssmLifecycleTrust.json}\n ssmLifecyclePolicy:\n type: aws:iam:Policy\n name: ssm_lifecycle\n properties:\n name: SSMLifecycle\n policy: ${ssmLifecycle.json}\n ssmLifecycleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: ssm_lifecycle\n properties:\n policyArn: ${ssmLifecyclePolicy.arn}\n role: ${ssmLifecycleRole.name}\n stopInstance:\n type: aws:ssm:Document\n name: stop_instance\n properties:\n name: stop_instance\n documentType: Command\n content:\n fn::toJSON:\n schemaVersion: '1.2'\n description: Stop an instance\n parameters: {}\n runtimeConfig:\n aws:runShellScript:\n properties:\n - id: 0.aws:runShellScript\n runCommand:\n - halt\n stopInstances:\n type: aws:cloudwatch:EventRule\n name: stop_instances\n properties:\n name: StopInstance\n description: Stop instances nightly\n scheduleExpression: cron(0 0 * * ? *)\n stopInstancesEventTarget:\n type: aws:cloudwatch:EventTarget\n name: stop_instances\n properties:\n targetId: StopInstance\n arn: ${stopInstance.arn}\n rule: ${stopInstances.name}\n roleArn: ${ssmLifecycleRole.arn}\n runCommandTargets:\n - key: tag:Terminate\n values:\n - midnight\nvariables:\n ssmLifecycleTrust:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n ssmLifecycle:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ssm:SendCommand\n resources:\n - arn:aws:ec2:eu-west-1:1234567890:instance/*\n conditions:\n - test: StringEquals\n variable: ec2:ResourceTag/Terminate\n values:\n - '*'\n - effect: Allow\n actions:\n - ssm:SendCommand\n resources:\n - ${stopInstance.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RunCommand Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst stopInstances = new aws.cloudwatch.EventRule(\"stop_instances\", {\n name: \"StopInstance\",\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stop_instances\", {\n targetId: \"StopInstance\",\n arn: `arn:aws:ssm:${awsRegion}::document/AWS-RunShellScript`,\n input: \"{\\\"commands\\\":[\\\"halt\\\"]}\",\n rule: stopInstances.name,\n roleArn: ssmLifecycle.arn,\n runCommandTargets: [{\n key: \"tag:Terminate\",\n values: [\"midnight\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nstop_instances = aws.cloudwatch.EventRule(\"stop_instances\",\n name=\"StopInstance\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stop_instances\",\n target_id=\"StopInstance\",\n arn=f\"arn:aws:ssm:{aws_region}::document/AWS-RunShellScript\",\n input=\"{\\\"commands\\\":[\\\"halt\\\"]}\",\n rule=stop_instances.name,\n role_arn=ssm_lifecycle[\"arn\"],\n run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Terminate\",\n values=[\"midnight\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var stopInstances = new Aws.CloudWatch.EventRule(\"stop_instances\", new()\n {\n Name = \"StopInstance\",\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stop_instances\", new()\n {\n TargetId = \"StopInstance\",\n Arn = $\"arn:aws:ssm:{awsRegion}::document/AWS-RunShellScript\",\n Input = \"{\\\"commands\\\":[\\\"halt\\\"]}\",\n Rule = stopInstances.Name,\n RoleArn = ssmLifecycle.Arn,\n RunCommandTargets = new[]\n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Terminate\",\n Values = new[]\n {\n \"midnight\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tstopInstances, err := cloudwatch.NewEventRule(ctx, \"stop_instances\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"StopInstance\"),\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stop_instances\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"StopInstance\"),\n\t\t\tArn: pulumi.String(fmt.Sprintf(\"arn:aws:ssm:%v::document/AWS-RunShellScript\", awsRegion)),\n\t\t\tInput: pulumi.String(\"{\\\"commands\\\":[\\\"halt\\\"]}\"),\n\t\t\tRule: stopInstances.Name,\n\t\t\tRoleArn: pulumi.Any(ssmLifecycle.Arn),\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Terminate\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"midnight\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var stopInstances = new EventRule(\"stopInstances\", EventRuleArgs.builder() \n .name(\"StopInstance\")\n .description(\"Stop instances nightly\")\n .scheduleExpression(\"cron(0 0 * * ? *)\")\n .build());\n\n var stopInstancesEventTarget = new EventTarget(\"stopInstancesEventTarget\", EventTargetArgs.builder() \n .targetId(\"StopInstance\")\n .arn(String.format(\"arn:aws:ssm:%s::document/AWS-RunShellScript\", awsRegion))\n .input(\"{\\\"commands\\\":[\\\"halt\\\"]}\")\n .rule(stopInstances.name())\n .roleArn(ssmLifecycle.arn())\n .runCommandTargets(EventTargetRunCommandTargetArgs.builder()\n .key(\"tag:Terminate\")\n .values(\"midnight\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n stopInstances:\n type: aws:cloudwatch:EventRule\n name: stop_instances\n properties:\n name: StopInstance\n description: Stop instances nightly\n scheduleExpression: cron(0 0 * * ? *)\n stopInstancesEventTarget:\n type: aws:cloudwatch:EventTarget\n name: stop_instances\n properties:\n targetId: StopInstance\n arn: arn:aws:ssm:${awsRegion}::document/AWS-RunShellScript\n input: '{\"commands\":[\"halt\"]}'\n rule: ${stopInstances.name}\n roleArn: ${ssmLifecycle.arn}\n runCommandTargets:\n - key: tag:Terminate\n values:\n - midnight\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### ECS Run Task with Role and Task Override Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst ecsEvents = new aws.iam.Role(\"ecs_events\", {\n name: \"ecs_events\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst ecsEventsRunTaskWithAnyRole = std.replace({\n text: taskName.arn,\n search: \"/:\\\\d+$/\",\n replace: \":*\",\n}).then(invoke =\u003e aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"iam:PassRole\"],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ecs:RunTask\"],\n resources: [invoke.result],\n },\n ],\n}));\nconst ecsEventsRunTaskWithAnyRoleRolePolicy = new aws.iam.RolePolicy(\"ecs_events_run_task_with_any_role\", {\n name: \"ecs_events_run_task_with_any_role\",\n role: ecsEvents.id,\n policy: ecsEventsRunTaskWithAnyRole.then(ecsEventsRunTaskWithAnyRole =\u003e ecsEventsRunTaskWithAnyRole.json),\n});\nconst ecsScheduledTask = new aws.cloudwatch.EventTarget(\"ecs_scheduled_task\", {\n targetId: \"run-scheduled-task-every-hour\",\n arn: clusterName.arn,\n rule: everyHour.name,\n roleArn: ecsEvents.arn,\n ecsTarget: {\n taskCount: 1,\n taskDefinitionArn: taskName.arn,\n },\n input: JSON.stringify({\n containerOverrides: [{\n name: \"name-of-container-to-override\",\n command: [\n \"bin/console\",\n \"scheduled-task\",\n ],\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\necs_events = aws.iam.Role(\"ecs_events\",\n name=\"ecs_events\",\n assume_role_policy=assume_role.json)\necs_events_run_task_with_any_role = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"iam:PassRole\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ecs:RunTask\"],\n resources=[std.replace(text=task_name[\"arn\"],\n search=\"/:\\\\d+$/\",\n replace=\":*\").result],\n ),\n])\necs_events_run_task_with_any_role_role_policy = aws.iam.RolePolicy(\"ecs_events_run_task_with_any_role\",\n name=\"ecs_events_run_task_with_any_role\",\n role=ecs_events.id,\n policy=ecs_events_run_task_with_any_role.json)\necs_scheduled_task = aws.cloudwatch.EventTarget(\"ecs_scheduled_task\",\n target_id=\"run-scheduled-task-every-hour\",\n arn=cluster_name[\"arn\"],\n rule=every_hour[\"name\"],\n role_arn=ecs_events.arn,\n ecs_target=aws.cloudwatch.EventTargetEcsTargetArgs(\n task_count=1,\n task_definition_arn=task_name[\"arn\"],\n ),\n input=json.dumps({\n \"containerOverrides\": [{\n \"name\": \"name-of-container-to-override\",\n \"command\": [\n \"bin/console\",\n \"scheduled-task\",\n ],\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var ecsEvents = new Aws.Iam.Role(\"ecs_events\", new()\n {\n Name = \"ecs_events\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsEventsRunTaskWithAnyRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iam:PassRole\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ecs:RunTask\",\n },\n Resources = new[]\n {\n Std.Replace.Invoke(new()\n {\n Text = taskName.Arn,\n Search = \"/:\\\\d+$/\",\n Replace = \":*\",\n }).Result,\n },\n },\n },\n });\n\n var ecsEventsRunTaskWithAnyRoleRolePolicy = new Aws.Iam.RolePolicy(\"ecs_events_run_task_with_any_role\", new()\n {\n Name = \"ecs_events_run_task_with_any_role\",\n Role = ecsEvents.Id,\n Policy = ecsEventsRunTaskWithAnyRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsScheduledTask = new Aws.CloudWatch.EventTarget(\"ecs_scheduled_task\", new()\n {\n TargetId = \"run-scheduled-task-every-hour\",\n Arn = clusterName.Arn,\n Rule = everyHour.Name,\n RoleArn = ecsEvents.Arn,\n EcsTarget = new Aws.CloudWatch.Inputs.EventTargetEcsTargetArgs\n {\n TaskCount = 1,\n TaskDefinitionArn = taskName.Arn,\n },\n Input = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"containerOverrides\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"name\"] = \"name-of-container-to-override\",\n [\"command\"] = new[]\n {\n \"bin/console\",\n \"scheduled-task\",\n },\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"events.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\necsEvents, err := iam.NewRole(ctx, \"ecs_events\", \u0026iam.RoleArgs{\nName: pulumi.String(\"ecs_events\"),\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\necsEventsRunTaskWithAnyRole, err := iam.GetPolicyDocument(ctx, invokeReplace, err := std.Replace(ctx, \u0026std.ReplaceArgs{\nText: taskName.Arn,\nSearch: \"/:\\\\d+$/\",\nReplace: \":*\",\n}, nil)\nif err != nil {\nreturn err\n}\n\u0026iam.GetPolicyDocumentArgs{\nStatements: pulumi.Array{\niam.GetPolicyDocumentStatement{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"iam:PassRole\",\n},\nResources: []string{\n\"*\",\n},\n},\niam.GetPolicyDocumentStatement{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"ecs:RunTask\",\n},\nResources: interface{}{\ninvokeReplace.Result,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"ecs_events_run_task_with_any_role\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"ecs_events_run_task_with_any_role\"),\nRole: ecsEvents.ID(),\nPolicy: *pulumi.String(ecsEventsRunTaskWithAnyRole.Json),\n})\nif err != nil {\nreturn err\n}\ntmpJSON0, err := json.Marshal(map[string]interface{}{\n\"containerOverrides\": []map[string]interface{}{\nmap[string]interface{}{\n\"name\": \"name-of-container-to-override\",\n\"command\": []string{\n\"bin/console\",\n\"scheduled-task\",\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\njson0 := string(tmpJSON0)\n_, err = cloudwatch.NewEventTarget(ctx, \"ecs_scheduled_task\", \u0026cloudwatch.EventTargetArgs{\nTargetId: pulumi.String(\"run-scheduled-task-every-hour\"),\nArn: pulumi.Any(clusterName.Arn),\nRule: pulumi.Any(everyHour.Name),\nRoleArn: ecsEvents.Arn,\nEcsTarget: \u0026cloudwatch.EventTargetEcsTargetArgs{\nTaskCount: pulumi.Int(1),\nTaskDefinitionArn: pulumi.Any(taskName.Arn),\n},\nInput: pulumi.String(json0),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetEcsTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var ecsEvents = new Role(\"ecsEvents\", RoleArgs.builder() \n .name(\"ecs_events\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var ecsEventsRunTaskWithAnyRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"iam:PassRole\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ecs:RunTask\")\n .resources(StdFunctions.replace(ReplaceArgs.builder()\n .text(taskName.arn())\n .search(\"/:\\\\d+$/\")\n .replace(\":*\")\n .build()).result())\n .build())\n .build());\n\n var ecsEventsRunTaskWithAnyRoleRolePolicy = new RolePolicy(\"ecsEventsRunTaskWithAnyRoleRolePolicy\", RolePolicyArgs.builder() \n .name(\"ecs_events_run_task_with_any_role\")\n .role(ecsEvents.id())\n .policy(ecsEventsRunTaskWithAnyRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ecsScheduledTask = new EventTarget(\"ecsScheduledTask\", EventTargetArgs.builder() \n .targetId(\"run-scheduled-task-every-hour\")\n .arn(clusterName.arn())\n .rule(everyHour.name())\n .roleArn(ecsEvents.arn())\n .ecsTarget(EventTargetEcsTargetArgs.builder()\n .taskCount(1)\n .taskDefinitionArn(taskName.arn())\n .build())\n .input(serializeJson(\n jsonObject(\n jsonProperty(\"containerOverrides\", jsonArray(jsonObject(\n jsonProperty(\"name\", \"name-of-container-to-override\"),\n jsonProperty(\"command\", jsonArray(\n \"bin/console\", \n \"scheduled-task\"\n ))\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ecsEvents:\n type: aws:iam:Role\n name: ecs_events\n properties:\n name: ecs_events\n assumeRolePolicy: ${assumeRole.json}\n ecsEventsRunTaskWithAnyRoleRolePolicy:\n type: aws:iam:RolePolicy\n name: ecs_events_run_task_with_any_role\n properties:\n name: ecs_events_run_task_with_any_role\n role: ${ecsEvents.id}\n policy: ${ecsEventsRunTaskWithAnyRole.json}\n ecsScheduledTask:\n type: aws:cloudwatch:EventTarget\n name: ecs_scheduled_task\n properties:\n targetId: run-scheduled-task-every-hour\n arn: ${clusterName.arn}\n rule: ${everyHour.name}\n roleArn: ${ecsEvents.arn}\n ecsTarget:\n taskCount: 1\n taskDefinitionArn: ${taskName.arn}\n input:\n fn::toJSON:\n containerOverrides:\n - name: name-of-container-to-override\n command:\n - bin/console\n - scheduled-task\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n actions:\n - sts:AssumeRole\n ecsEventsRunTaskWithAnyRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - iam:PassRole\n resources:\n - '*'\n - effect: Allow\n actions:\n - ecs:RunTask\n resources:\n - fn::invoke:\n Function: std:replace\n Arguments:\n text: ${taskName.arn}\n search: /:\\d+$/\n replace: :*\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### API Gateway target\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {restApi: exampleAwsApiGatewayRestApi.id});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n restApi: exampleAwsApiGatewayRestApi.id,\n deployment: exampleDeployment.id,\n});\nconst example = new aws.cloudwatch.EventTarget(\"example\", {\n arn: pulumi.interpolate`${exampleStage.executionArn}/GET`,\n rule: exampleEventRule.id,\n httpTarget: {\n queryStringParameters: {\n Body: \"$.detail.body\",\n },\n headerParameters: {\n Env: \"Test\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"example\")\nexample_deployment = aws.apigateway.Deployment(\"example\", rest_api=example_aws_api_gateway_rest_api[\"id\"])\nexample_stage = aws.apigateway.Stage(\"example\",\n rest_api=example_aws_api_gateway_rest_api[\"id\"],\n deployment=example_deployment.id)\nexample = aws.cloudwatch.EventTarget(\"example\",\n arn=example_stage.execution_arn.apply(lambda execution_arn: f\"{execution_arn}/GET\"),\n rule=example_event_rule.id,\n http_target=aws.cloudwatch.EventTargetHttpTargetArgs(\n query_string_parameters={\n \"Body\": \"$.detail.body\",\n },\n header_parameters={\n \"Env\": \"Test\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\");\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = exampleAwsApiGatewayRestApi.Id,\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n RestApi = exampleAwsApiGatewayRestApi.Id,\n Deployment = exampleDeployment.Id,\n });\n\n var example = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Arn = exampleStage.ExecutionArn.Apply(executionArn =\u003e $\"{executionArn}/GET\"),\n Rule = exampleEventRule.Id,\n HttpTarget = new Aws.CloudWatch.Inputs.EventTargetHttpTargetArgs\n {\n QueryStringParameters = \n {\n { \"Body\", \"$.detail.body\" },\n },\n HeaderParameters = \n {\n { \"Env\", \"Test\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: pulumi.Any(exampleAwsApiGatewayRestApi.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStage, err := apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tRestApi: pulumi.Any(exampleAwsApiGatewayRestApi.Id),\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tArn: exampleStage.ExecutionArn.ApplyT(func(executionArn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/GET\", executionArn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tHttpTarget: \u0026cloudwatch.EventTargetHttpTargetArgs{\n\t\t\t\tQueryStringParameters: pulumi.StringMap{\n\t\t\t\t\t\"Body\": pulumi.String(\"$.detail.body\"),\n\t\t\t\t},\n\t\t\t\tHeaderParameters: pulumi.StringMap{\n\t\t\t\t\t\"Env\": pulumi.String(\"Test\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetHttpTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEventRule = new EventRule(\"exampleEventRule\");\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(exampleAwsApiGatewayRestApi.id())\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .restApi(exampleAwsApiGatewayRestApi.id())\n .deployment(exampleDeployment.id())\n .build());\n\n var example = new EventTarget(\"example\", EventTargetArgs.builder() \n .arn(exampleStage.executionArn().applyValue(executionArn -\u003e String.format(\"%s/GET\", executionArn)))\n .rule(exampleEventRule.id())\n .httpTarget(EventTargetHttpTargetArgs.builder()\n .queryStringParameters(Map.of(\"Body\", \"$.detail.body\"))\n .headerParameters(Map.of(\"Env\", \"Test\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:EventTarget\n properties:\n arn: ${exampleStage.executionArn}/GET\n rule: ${exampleEventRule.id}\n httpTarget:\n queryStringParameters:\n Body: $.detail.body\n headerParameters:\n Env: Test\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${exampleAwsApiGatewayRestApi.id}\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n restApi: ${exampleAwsApiGatewayRestApi.id}\n deployment: ${exampleDeployment.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cross-Account Event Bus target\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst eventBusInvokeRemoteEventBusRole = new aws.iam.Role(\"event_bus_invoke_remote_event_bus\", {\n name: \"event-bus-invoke-remote-event-bus\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst eventBusInvokeRemoteEventBus = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\"],\n }],\n});\nconst eventBusInvokeRemoteEventBusPolicy = new aws.iam.Policy(\"event_bus_invoke_remote_event_bus\", {\n name: \"event_bus_invoke_remote_event_bus\",\n policy: eventBusInvokeRemoteEventBus.then(eventBusInvokeRemoteEventBus =\u003e eventBusInvokeRemoteEventBus.json),\n});\nconst eventBusInvokeRemoteEventBusRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"event_bus_invoke_remote_event_bus\", {\n role: eventBusInvokeRemoteEventBusRole.name,\n policyArn: eventBusInvokeRemoteEventBusPolicy.arn,\n});\nconst stopInstances = new aws.cloudwatch.EventRule(\"stop_instances\", {\n name: \"StopInstance\",\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stop_instances\", {\n targetId: \"StopInstance\",\n arn: \"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n rule: stopInstances.name,\n roleArn: eventBusInvokeRemoteEventBusRole.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nevent_bus_invoke_remote_event_bus_role = aws.iam.Role(\"event_bus_invoke_remote_event_bus\",\n name=\"event-bus-invoke-remote-event-bus\",\n assume_role_policy=assume_role.json)\nevent_bus_invoke_remote_event_bus = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\"],\n)])\nevent_bus_invoke_remote_event_bus_policy = aws.iam.Policy(\"event_bus_invoke_remote_event_bus\",\n name=\"event_bus_invoke_remote_event_bus\",\n policy=event_bus_invoke_remote_event_bus.json)\nevent_bus_invoke_remote_event_bus_role_policy_attachment = aws.iam.RolePolicyAttachment(\"event_bus_invoke_remote_event_bus\",\n role=event_bus_invoke_remote_event_bus_role.name,\n policy_arn=event_bus_invoke_remote_event_bus_policy.arn)\nstop_instances = aws.cloudwatch.EventRule(\"stop_instances\",\n name=\"StopInstance\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stop_instances\",\n target_id=\"StopInstance\",\n arn=\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n rule=stop_instances.name,\n role_arn=event_bus_invoke_remote_event_bus_role.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var eventBusInvokeRemoteEventBusRole = new Aws.Iam.Role(\"event_bus_invoke_remote_event_bus\", new()\n {\n Name = \"event-bus-invoke-remote-event-bus\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var eventBusInvokeRemoteEventBus = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n },\n },\n },\n });\n\n var eventBusInvokeRemoteEventBusPolicy = new Aws.Iam.Policy(\"event_bus_invoke_remote_event_bus\", new()\n {\n Name = \"event_bus_invoke_remote_event_bus\",\n PolicyDocument = eventBusInvokeRemoteEventBus.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var eventBusInvokeRemoteEventBusRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"event_bus_invoke_remote_event_bus\", new()\n {\n Role = eventBusInvokeRemoteEventBusRole.Name,\n PolicyArn = eventBusInvokeRemoteEventBusPolicy.Arn,\n });\n\n var stopInstances = new Aws.CloudWatch.EventRule(\"stop_instances\", new()\n {\n Name = \"StopInstance\",\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stop_instances\", new()\n {\n TargetId = \"StopInstance\",\n Arn = \"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n Rule = stopInstances.Name,\n RoleArn = eventBusInvokeRemoteEventBusRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"events.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teventBusInvokeRemoteEventBusRole, err := iam.NewRole(ctx, \"event_bus_invoke_remote_event_bus\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"event-bus-invoke-remote-event-bus\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teventBusInvokeRemoteEventBus, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teventBusInvokeRemoteEventBusPolicy, err := iam.NewPolicy(ctx, \"event_bus_invoke_remote_event_bus\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"event_bus_invoke_remote_event_bus\"),\n\t\t\tPolicy: *pulumi.String(eventBusInvokeRemoteEventBus.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"event_bus_invoke_remote_event_bus\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: eventBusInvokeRemoteEventBusRole.Name,\n\t\t\tPolicyArn: eventBusInvokeRemoteEventBusPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstopInstances, err := cloudwatch.NewEventRule(ctx, \"stop_instances\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"StopInstance\"),\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stop_instances\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"StopInstance\"),\n\t\t\tArn: pulumi.String(\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\"),\n\t\t\tRule: stopInstances.Name,\n\t\t\tRoleArn: eventBusInvokeRemoteEventBusRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var eventBusInvokeRemoteEventBusRole = new Role(\"eventBusInvokeRemoteEventBusRole\", RoleArgs.builder() \n .name(\"event-bus-invoke-remote-event-bus\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var eventBusInvokeRemoteEventBus = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\")\n .build())\n .build());\n\n var eventBusInvokeRemoteEventBusPolicy = new Policy(\"eventBusInvokeRemoteEventBusPolicy\", PolicyArgs.builder() \n .name(\"event_bus_invoke_remote_event_bus\")\n .policy(eventBusInvokeRemoteEventBus.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var eventBusInvokeRemoteEventBusRolePolicyAttachment = new RolePolicyAttachment(\"eventBusInvokeRemoteEventBusRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(eventBusInvokeRemoteEventBusRole.name())\n .policyArn(eventBusInvokeRemoteEventBusPolicy.arn())\n .build());\n\n var stopInstances = new EventRule(\"stopInstances\", EventRuleArgs.builder() \n .name(\"StopInstance\")\n .description(\"Stop instances nightly\")\n .scheduleExpression(\"cron(0 0 * * ? *)\")\n .build());\n\n var stopInstancesEventTarget = new EventTarget(\"stopInstancesEventTarget\", EventTargetArgs.builder() \n .targetId(\"StopInstance\")\n .arn(\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\")\n .rule(stopInstances.name())\n .roleArn(eventBusInvokeRemoteEventBusRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n eventBusInvokeRemoteEventBusRole:\n type: aws:iam:Role\n name: event_bus_invoke_remote_event_bus\n properties:\n name: event-bus-invoke-remote-event-bus\n assumeRolePolicy: ${assumeRole.json}\n eventBusInvokeRemoteEventBusPolicy:\n type: aws:iam:Policy\n name: event_bus_invoke_remote_event_bus\n properties:\n name: event_bus_invoke_remote_event_bus\n policy: ${eventBusInvokeRemoteEventBus.json}\n eventBusInvokeRemoteEventBusRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: event_bus_invoke_remote_event_bus\n properties:\n role: ${eventBusInvokeRemoteEventBusRole.name}\n policyArn: ${eventBusInvokeRemoteEventBusPolicy.arn}\n stopInstances:\n type: aws:cloudwatch:EventRule\n name: stop_instances\n properties:\n name: StopInstance\n description: Stop instances nightly\n scheduleExpression: cron(0 0 * * ? *)\n stopInstancesEventTarget:\n type: aws:cloudwatch:EventTarget\n name: stop_instances\n properties:\n targetId: StopInstance\n arn: arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\n rule: ${stopInstances.name}\n roleArn: ${eventBusInvokeRemoteEventBusRole.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n actions:\n - sts:AssumeRole\n eventBusInvokeRemoteEventBus:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Input Transformer Usage - JSON Object\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {});\nconst example = new aws.cloudwatch.EventTarget(\"example\", {\n arn: exampleAwsLambdaFunction.arn,\n rule: exampleEventRule.id,\n inputTransformer: {\n inputPaths: {\n instance: \"$.detail.instance\",\n status: \"$.detail.status\",\n },\n inputTemplate: `{\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"example\")\nexample = aws.cloudwatch.EventTarget(\"example\",\n arn=example_aws_lambda_function[\"arn\"],\n rule=example_event_rule.id,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"instance\": \"$.detail.instance\",\n \"status\": \"$.detail.status\",\n },\n input_template=\"\"\"{\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n}\n\"\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\");\n\n var example = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Arn = exampleAwsLambdaFunction.Arn,\n Rule = exampleEventRule.Id,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"instance\", \"$.detail.instance\" },\n { \"status\", \"$.detail.status\" },\n },\n InputTemplate = @\"{\n \"\"instance_id\"\": \u003cinstance\u003e,\n \"\"instance_status\"\": \u003cstatus\u003e\n}\n\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tArn: pulumi.Any(exampleAwsLambdaFunction.Arn),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tInputTransformer: \u0026cloudwatch.EventTargetInputTransformerArgs{\n\t\t\t\tInputPaths: pulumi.StringMap{\n\t\t\t\t\t\"instance\": pulumi.String(\"$.detail.instance\"),\n\t\t\t\t\t\"status\": pulumi.String(\"$.detail.status\"),\n\t\t\t\t},\n\t\t\t\tInputTemplate: pulumi.String(\"{\\n \\\"instance_id\\\": \u003cinstance\u003e,\\n \\\"instance_status\\\": \u003cstatus\u003e\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEventRule = new EventRule(\"exampleEventRule\");\n\n var example = new EventTarget(\"example\", EventTargetArgs.builder() \n .arn(exampleAwsLambdaFunction.arn())\n .rule(exampleEventRule.id())\n .inputTransformer(EventTargetInputTransformerArgs.builder()\n .inputPaths(Map.ofEntries(\n Map.entry(\"instance\", \"$.detail.instance\"),\n Map.entry(\"status\", \"$.detail.status\")\n ))\n .inputTemplate(\"\"\"\n{\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n}\n \"\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:EventTarget\n properties:\n arn: ${exampleAwsLambdaFunction.arn}\n rule: ${exampleEventRule.id}\n inputTransformer:\n inputPaths:\n instance: $.detail.instance\n status: $.detail.status\n inputTemplate: |\n {\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n }\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Input Transformer Usage - Simple String\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {});\nconst example = new aws.cloudwatch.EventTarget(\"example\", {\n arn: exampleAwsLambdaFunction.arn,\n rule: exampleEventRule.id,\n inputTransformer: {\n inputPaths: {\n instance: \"$.detail.instance\",\n status: \"$.detail.status\",\n },\n inputTemplate: \"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"example\")\nexample = aws.cloudwatch.EventTarget(\"example\",\n arn=example_aws_lambda_function[\"arn\"],\n rule=example_event_rule.id,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"instance\": \"$.detail.instance\",\n \"status\": \"$.detail.status\",\n },\n input_template=\"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\");\n\n var example = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Arn = exampleAwsLambdaFunction.Arn,\n Rule = exampleEventRule.Id,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"instance\", \"$.detail.instance\" },\n { \"status\", \"$.detail.status\" },\n },\n InputTemplate = \"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tArn: pulumi.Any(exampleAwsLambdaFunction.Arn),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tInputTransformer: \u0026cloudwatch.EventTargetInputTransformerArgs{\n\t\t\t\tInputPaths: pulumi.StringMap{\n\t\t\t\t\t\"instance\": pulumi.String(\"$.detail.instance\"),\n\t\t\t\t\t\"status\": pulumi.String(\"$.detail.status\"),\n\t\t\t\t},\n\t\t\t\tInputTemplate: pulumi.String(\"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEventRule = new EventRule(\"exampleEventRule\");\n\n var example = new EventTarget(\"example\", EventTargetArgs.builder() \n .arn(exampleAwsLambdaFunction.arn())\n .rule(exampleEventRule.id())\n .inputTransformer(EventTargetInputTransformerArgs.builder()\n .inputPaths(Map.ofEntries(\n Map.entry(\"instance\", \"$.detail.instance\"),\n Map.entry(\"status\", \"$.detail.status\")\n ))\n .inputTemplate(\"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:EventTarget\n properties:\n arn: ${exampleAwsLambdaFunction.arn}\n rule: ${exampleEventRule.id}\n inputTransformer:\n inputPaths:\n instance: $.detail.instance\n status: $.detail.status\n inputTemplate: '\"\u003cinstance\u003e is in state \u003cstatus\u003e\"'\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloudwatch Log Group Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: \"/aws/events/guardduty/logs\",\n retentionInDays: 1,\n});\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {\n name: \"guard-duty_event_rule\",\n description: \"GuardDuty Findings\",\n eventPattern: JSON.stringify({\n source: [\"aws.guardduty\"],\n }),\n tags: {\n Environment: \"example\",\n },\n});\nconst exampleLogPolicy = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"logs:CreateLogStream\"],\n resources: [pulumi.interpolate`${example.arn}:*`],\n principals: [{\n type: \"Service\",\n identifiers: [\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n }],\n },\n {\n effect: \"Allow\",\n actions: [\"logs:PutLogEvents\"],\n resources: [pulumi.interpolate`${example.arn}:*:*`],\n principals: [{\n type: \"Service\",\n identifiers: [\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n }],\n conditions: [{\n test: \"ArnEquals\",\n values: [exampleEventRule.arn],\n variable: \"aws:SourceArn\",\n }],\n },\n ],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"example\", {\n policyDocument: exampleLogPolicy.apply(exampleLogPolicy =\u003e exampleLogPolicy.json),\n policyName: \"guardduty-log-publishing-policy\",\n});\nconst exampleEventTarget = new aws.cloudwatch.EventTarget(\"example\", {\n rule: exampleEventRule.name,\n arn: example.arn,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=\"/aws/events/guardduty/logs\",\n retention_in_days=1)\nexample_event_rule = aws.cloudwatch.EventRule(\"example\",\n name=\"guard-duty_event_rule\",\n description=\"GuardDuty Findings\",\n event_pattern=json.dumps({\n \"source\": [\"aws.guardduty\"],\n }),\n tags={\n \"Environment\": \"example\",\n })\nexample_log_policy = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"logs:CreateLogStream\"],\n resources=[example.arn.apply(lambda arn: f\"{arn}:*\")],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"logs:PutLogEvents\"],\n resources=[example.arn.apply(lambda arn: f\"{arn}:*:*\")],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n values=[example_event_rule.arn],\n variable=\"aws:SourceArn\",\n )],\n ),\n])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"example\",\n policy_document=example_log_policy.json,\n policy_name=\"guardduty-log-publishing-policy\")\nexample_event_target = aws.cloudwatch.EventTarget(\"example\",\n rule=example_event_rule.name,\n arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"/aws/events/guardduty/logs\",\n RetentionInDays = 1,\n });\n\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\", new()\n {\n Name = \"guard-duty_event_rule\",\n Description = \"GuardDuty Findings\",\n EventPattern = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"source\"] = new[]\n {\n \"aws.guardduty\",\n },\n }),\n Tags = \n {\n { \"Environment\", \"example\" },\n },\n });\n\n var exampleLogPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n $\"{example.Arn}:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n $\"{example.Arn}:*:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Values = new[]\n {\n exampleEventRule.Arn,\n },\n Variable = \"aws:SourceArn\",\n },\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"example\", new()\n {\n PolicyDocument = exampleLogPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n PolicyName = \"guardduty-log-publishing-policy\",\n });\n\n var exampleEventTarget = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Rule = exampleEventRule.Name,\n Arn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"/aws/events/guardduty/logs\"),\n\t\t\tRetentionInDays: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"source\": []string{\n\t\t\t\t\"aws.guardduty\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"guard-duty_event_rule\"),\n\t\t\tDescription: pulumi.String(\"GuardDuty Findings\"),\n\t\t\tEventPattern: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLogPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"logs:CreateLogStream\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"events.amazonaws.com\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"delivery.logs.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"logs:PutLogEvents\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:*:*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"events.amazonaws.com\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"delivery.logs.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnEquals\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\texampleEventRule.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"example\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: exampleLogPolicy.ApplyT(func(exampleLogPolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026exampleLogPolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tPolicyName: pulumi.String(\"guardduty-log-publishing-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tRule: exampleEventRule.Name,\n\t\t\tArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .name(\"/aws/events/guardduty/logs\")\n .retentionInDays(1)\n .build());\n\n var exampleEventRule = new EventRule(\"exampleEventRule\", EventRuleArgs.builder() \n .name(\"guard-duty_event_rule\")\n .description(\"GuardDuty Findings\")\n .eventPattern(serializeJson(\n jsonObject(\n jsonProperty(\"source\", jsonArray(\"aws.guardduty\"))\n )))\n .tags(Map.of(\"Environment\", \"example\"))\n .build());\n\n final var exampleLogPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"logs:CreateLogStream\")\n .resources(example.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers( \n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"logs:PutLogEvents\")\n .resources(example.arn().applyValue(arn -\u003e String.format(\"%s:*:*\", arn)))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers( \n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .values(exampleEventRule.arn())\n .variable(\"aws:SourceArn\")\n .build())\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(exampleLogPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(exampleLogPolicy -\u003e exampleLogPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .policyName(\"guardduty-log-publishing-policy\")\n .build());\n\n var exampleEventTarget = new EventTarget(\"exampleEventTarget\", EventTargetArgs.builder() \n .rule(exampleEventRule.name())\n .arn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/events/guardduty/logs\n retentionInDays: 1\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: example\n properties:\n policyDocument: ${exampleLogPolicy.json}\n policyName: guardduty-log-publishing-policy\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n properties:\n name: guard-duty_event_rule\n description: GuardDuty Findings\n eventPattern:\n fn::toJSON:\n source:\n - aws.guardduty\n tags:\n Environment: example\n exampleEventTarget:\n type: aws:cloudwatch:EventTarget\n name: example\n properties:\n rule: ${exampleEventRule.name}\n arn: ${example.arn}\nvariables:\n exampleLogPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogStream\n resources:\n - ${example.arn}:*\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n - delivery.logs.amazonaws.com\n - effect: Allow\n actions:\n - logs:PutLogEvents\n resources:\n - ${example.arn}:*:*\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n - delivery.logs.amazonaws.com\n conditions:\n - test: ArnEquals\n values:\n - ${exampleEventRule.arn}\n variable: aws:SourceArn\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EventBridge Targets using `event_bus_name/rule-name/target-id` (if you omit `event_bus_name`, the `default` event bus will be used). For example:\n\n```sh\n$ pulumi import aws:cloudwatch/eventTarget:EventTarget test-event-target rule-name/target-id\n```\n", + "description": "Provides an EventBridge Target resource.\n\n\u003e **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n## Example Usage\n\n### Kinesis Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst console = new aws.cloudwatch.EventRule(\"console\", {\n name: \"capture-ec2-scaling-events\",\n description: \"Capture all EC2 scaling events\",\n eventPattern: JSON.stringify({\n source: [\"aws.autoscaling\"],\n \"detail-type\": [\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\",\n ],\n }),\n});\nconst testStream = new aws.kinesis.Stream(\"test_stream\", {\n name: \"kinesis-test\",\n shardCount: 1,\n});\nconst yada = new aws.cloudwatch.EventTarget(\"yada\", {\n targetId: \"Yada\",\n rule: console.name,\n arn: testStream.arn,\n runCommandTargets: [\n {\n key: \"tag:Name\",\n values: [\"FooBar\"],\n },\n {\n key: \"InstanceIds\",\n values: [\"i-162058cd308bffec2\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nconsole = aws.cloudwatch.EventRule(\"console\",\n name=\"capture-ec2-scaling-events\",\n description=\"Capture all EC2 scaling events\",\n event_pattern=json.dumps({\n \"source\": [\"aws.autoscaling\"],\n \"detail-type\": [\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\",\n ],\n }))\ntest_stream = aws.kinesis.Stream(\"test_stream\",\n name=\"kinesis-test\",\n shard_count=1)\nyada = aws.cloudwatch.EventTarget(\"yada\",\n target_id=\"Yada\",\n rule=console.name,\n arn=test_stream.arn,\n run_command_targets=[\n aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Name\",\n values=[\"FooBar\"],\n ),\n aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"InstanceIds\",\n values=[\"i-162058cd308bffec2\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var console = new Aws.CloudWatch.EventRule(\"console\", new()\n {\n Name = \"capture-ec2-scaling-events\",\n Description = \"Capture all EC2 scaling events\",\n EventPattern = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"source\"] = new[]\n {\n \"aws.autoscaling\",\n },\n [\"detail-type\"] = new[]\n {\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\",\n },\n }),\n });\n\n var testStream = new Aws.Kinesis.Stream(\"test_stream\", new()\n {\n Name = \"kinesis-test\",\n ShardCount = 1,\n });\n\n var yada = new Aws.CloudWatch.EventTarget(\"yada\", new()\n {\n TargetId = \"Yada\",\n Rule = console.Name,\n Arn = testStream.Arn,\n RunCommandTargets = new[]\n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Name\",\n Values = new[]\n {\n \"FooBar\",\n },\n },\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"InstanceIds\",\n Values = new[]\n {\n \"i-162058cd308bffec2\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"source\": []string{\n\t\t\t\t\"aws.autoscaling\",\n\t\t\t},\n\t\t\t\"detail-type\": []string{\n\t\t\t\t\"EC2 Instance Launch Successful\",\n\t\t\t\t\"EC2 Instance Terminate Successful\",\n\t\t\t\t\"EC2 Instance Launch Unsuccessful\",\n\t\t\t\t\"EC2 Instance Terminate Unsuccessful\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tconsole, err := cloudwatch.NewEventRule(ctx, \"console\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"capture-ec2-scaling-events\"),\n\t\t\tDescription: pulumi.String(\"Capture all EC2 scaling events\"),\n\t\t\tEventPattern: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewStream(ctx, \"test_stream\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-test\"),\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"yada\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"Yada\"),\n\t\t\tRule: console.Name,\n\t\t\tArn: testStream.Arn,\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Name\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FooBar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"InstanceIds\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"i-162058cd308bffec2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var console = new EventRule(\"console\", EventRuleArgs.builder() \n .name(\"capture-ec2-scaling-events\")\n .description(\"Capture all EC2 scaling events\")\n .eventPattern(serializeJson(\n jsonObject(\n jsonProperty(\"source\", jsonArray(\"aws.autoscaling\")),\n jsonProperty(\"detail-type\", jsonArray(\n \"EC2 Instance Launch Successful\", \n \"EC2 Instance Terminate Successful\", \n \"EC2 Instance Launch Unsuccessful\", \n \"EC2 Instance Terminate Unsuccessful\"\n ))\n )))\n .build());\n\n var testStream = new Stream(\"testStream\", StreamArgs.builder() \n .name(\"kinesis-test\")\n .shardCount(1)\n .build());\n\n var yada = new EventTarget(\"yada\", EventTargetArgs.builder() \n .targetId(\"Yada\")\n .rule(console.name())\n .arn(testStream.arn())\n .runCommandTargets( \n EventTargetRunCommandTargetArgs.builder()\n .key(\"tag:Name\")\n .values(\"FooBar\")\n .build(),\n EventTargetRunCommandTargetArgs.builder()\n .key(\"InstanceIds\")\n .values(\"i-162058cd308bffec2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n yada:\n type: aws:cloudwatch:EventTarget\n properties:\n targetId: Yada\n rule: ${console.name}\n arn: ${testStream.arn}\n runCommandTargets:\n - key: tag:Name\n values:\n - FooBar\n - key: InstanceIds\n values:\n - i-162058cd308bffec2\n console:\n type: aws:cloudwatch:EventRule\n properties:\n name: capture-ec2-scaling-events\n description: Capture all EC2 scaling events\n eventPattern:\n fn::toJSON:\n source:\n - aws.autoscaling\n detail-type:\n - EC2 Instance Launch Successful\n - EC2 Instance Terminate Successful\n - EC2 Instance Launch Unsuccessful\n - EC2 Instance Terminate Unsuccessful\n testStream:\n type: aws:kinesis:Stream\n name: test_stream\n properties:\n name: kinesis-test\n shardCount: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### SSM Document Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ssmLifecycleTrust = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n }],\n});\nconst stopInstance = new aws.ssm.Document(\"stop_instance\", {\n name: \"stop_instance\",\n documentType: \"Command\",\n content: JSON.stringify({\n schemaVersion: \"1.2\",\n description: \"Stop an instance\",\n parameters: {},\n runtimeConfig: {\n \"aws:runShellScript\": {\n properties: [{\n id: \"0.aws:runShellScript\",\n runCommand: [\"halt\"],\n }],\n },\n },\n }),\n});\nconst ssmLifecycle = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"ssm:SendCommand\"],\n resources: [\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"],\n conditions: [{\n test: \"StringEquals\",\n variable: \"ec2:ResourceTag/Terminate\",\n values: [\"*\"],\n }],\n },\n {\n effect: \"Allow\",\n actions: [\"ssm:SendCommand\"],\n resources: [stopInstance.arn],\n },\n ],\n});\nconst ssmLifecycleRole = new aws.iam.Role(\"ssm_lifecycle\", {\n name: \"SSMLifecycle\",\n assumeRolePolicy: ssmLifecycleTrust.then(ssmLifecycleTrust =\u003e ssmLifecycleTrust.json),\n});\nconst ssmLifecyclePolicy = new aws.iam.Policy(\"ssm_lifecycle\", {\n name: \"SSMLifecycle\",\n policy: ssmLifecycle.apply(ssmLifecycle =\u003e ssmLifecycle.json),\n});\nconst ssmLifecycleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"ssm_lifecycle\", {\n policyArn: ssmLifecyclePolicy.arn,\n role: ssmLifecycleRole.name,\n});\nconst stopInstances = new aws.cloudwatch.EventRule(\"stop_instances\", {\n name: \"StopInstance\",\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stop_instances\", {\n targetId: \"StopInstance\",\n arn: stopInstance.arn,\n rule: stopInstances.name,\n roleArn: ssmLifecycleRole.arn,\n runCommandTargets: [{\n key: \"tag:Terminate\",\n values: [\"midnight\"],\n }],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nssm_lifecycle_trust = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n)])\nstop_instance = aws.ssm.Document(\"stop_instance\",\n name=\"stop_instance\",\n document_type=\"Command\",\n content=json.dumps({\n \"schemaVersion\": \"1.2\",\n \"description\": \"Stop an instance\",\n \"parameters\": {},\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [{\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"halt\"],\n }],\n },\n },\n }))\nssm_lifecycle = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ssm:SendCommand\"],\n resources=[\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:ResourceTag/Terminate\",\n values=[\"*\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ssm:SendCommand\"],\n resources=[stop_instance.arn],\n ),\n])\nssm_lifecycle_role = aws.iam.Role(\"ssm_lifecycle\",\n name=\"SSMLifecycle\",\n assume_role_policy=ssm_lifecycle_trust.json)\nssm_lifecycle_policy = aws.iam.Policy(\"ssm_lifecycle\",\n name=\"SSMLifecycle\",\n policy=ssm_lifecycle.json)\nssm_lifecycle_role_policy_attachment = aws.iam.RolePolicyAttachment(\"ssm_lifecycle\",\n policy_arn=ssm_lifecycle_policy.arn,\n role=ssm_lifecycle_role.name)\nstop_instances = aws.cloudwatch.EventRule(\"stop_instances\",\n name=\"StopInstance\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stop_instances\",\n target_id=\"StopInstance\",\n arn=stop_instance.arn,\n rule=stop_instances.name,\n role_arn=ssm_lifecycle_role.arn,\n run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Terminate\",\n values=[\"midnight\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ssmLifecycleTrust = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var stopInstance = new Aws.Ssm.Document(\"stop_instance\", new()\n {\n Name = \"stop_instance\",\n DocumentType = \"Command\",\n Content = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"schemaVersion\"] = \"1.2\",\n [\"description\"] = \"Stop an instance\",\n [\"parameters\"] = new Dictionary\u003cstring, object?\u003e\n {\n },\n [\"runtimeConfig\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"aws:runShellScript\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"properties\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"id\"] = \"0.aws:runShellScript\",\n [\"runCommand\"] = new[]\n {\n \"halt\",\n },\n },\n },\n },\n },\n }),\n });\n\n var ssmLifecycle = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ssm:SendCommand\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:eu-west-1:1234567890:instance/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:ResourceTag/Terminate\",\n Values = new[]\n {\n \"*\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ssm:SendCommand\",\n },\n Resources = new[]\n {\n stopInstance.Arn,\n },\n },\n },\n });\n\n var ssmLifecycleRole = new Aws.Iam.Role(\"ssm_lifecycle\", new()\n {\n Name = \"SSMLifecycle\",\n AssumeRolePolicy = ssmLifecycleTrust.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ssmLifecyclePolicy = new Aws.Iam.Policy(\"ssm_lifecycle\", new()\n {\n Name = \"SSMLifecycle\",\n PolicyDocument = ssmLifecycle.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ssmLifecycleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"ssm_lifecycle\", new()\n {\n PolicyArn = ssmLifecyclePolicy.Arn,\n Role = ssmLifecycleRole.Name,\n });\n\n var stopInstances = new Aws.CloudWatch.EventRule(\"stop_instances\", new()\n {\n Name = \"StopInstance\",\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stop_instances\", new()\n {\n TargetId = \"StopInstance\",\n Arn = stopInstance.Arn,\n Rule = stopInstances.Name,\n RoleArn = ssmLifecycleRole.Arn,\n RunCommandTargets = new[]\n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Terminate\",\n Values = new[]\n {\n \"midnight\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tssmLifecycleTrust, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"events.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"schemaVersion\": \"1.2\",\n\t\t\t\"description\": \"Stop an instance\",\n\t\t\t\"parameters\": nil,\n\t\t\t\"runtimeConfig\": map[string]interface{}{\n\t\t\t\t\"aws:runShellScript\": map[string]interface{}{\n\t\t\t\t\t\"properties\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"id\": \"0.aws:runShellScript\",\n\t\t\t\t\t\t\t\"runCommand\": []string{\n\t\t\t\t\t\t\t\t\"halt\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tstopInstance, err := ssm.NewDocument(ctx, \"stop_instance\", \u0026ssm.DocumentArgs{\n\t\t\tName: pulumi.String(\"stop_instance\"),\n\t\t\tDocumentType: pulumi.String(\"Command\"),\n\t\t\tContent: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssmLifecycle := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ssm:SendCommand\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"ec2:ResourceTag/Terminate\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ssm:SendCommand\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tstopInstance.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tssmLifecycleRole, err := iam.NewRole(ctx, \"ssm_lifecycle\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"SSMLifecycle\"),\n\t\t\tAssumeRolePolicy: pulumi.String(ssmLifecycleTrust.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssmLifecyclePolicy, err := iam.NewPolicy(ctx, \"ssm_lifecycle\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"SSMLifecycle\"),\n\t\t\tPolicy: ssmLifecycle.ApplyT(func(ssmLifecycle iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026ssmLifecycle.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ssm_lifecycle\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: ssmLifecyclePolicy.Arn,\n\t\t\tRole: ssmLifecycleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstopInstances, err := cloudwatch.NewEventRule(ctx, \"stop_instances\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"StopInstance\"),\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stop_instances\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"StopInstance\"),\n\t\t\tArn: stopInstance.Arn,\n\t\t\tRule: stopInstances.Name,\n\t\t\tRoleArn: ssmLifecycleRole.Arn,\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Terminate\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"midnight\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ssm.Document;\nimport com.pulumi.aws.ssm.DocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ssmLifecycleTrust = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var stopInstance = new Document(\"stopInstance\", DocumentArgs.builder() \n .name(\"stop_instance\")\n .documentType(\"Command\")\n .content(serializeJson(\n jsonObject(\n jsonProperty(\"schemaVersion\", \"1.2\"),\n jsonProperty(\"description\", \"Stop an instance\"),\n jsonProperty(\"parameters\", jsonObject(\n\n )),\n jsonProperty(\"runtimeConfig\", jsonObject(\n jsonProperty(\"aws:runShellScript\", jsonObject(\n jsonProperty(\"properties\", jsonArray(jsonObject(\n jsonProperty(\"id\", \"0.aws:runShellScript\"),\n jsonProperty(\"runCommand\", jsonArray(\"halt\"))\n )))\n ))\n ))\n )))\n .build());\n\n final var ssmLifecycle = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ssm:SendCommand\")\n .resources(\"arn:aws:ec2:eu-west-1:1234567890:instance/*\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:ResourceTag/Terminate\")\n .values(\"*\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ssm:SendCommand\")\n .resources(stopInstance.arn())\n .build())\n .build());\n\n var ssmLifecycleRole = new Role(\"ssmLifecycleRole\", RoleArgs.builder() \n .name(\"SSMLifecycle\")\n .assumeRolePolicy(ssmLifecycleTrust.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ssmLifecyclePolicy = new Policy(\"ssmLifecyclePolicy\", PolicyArgs.builder() \n .name(\"SSMLifecycle\")\n .policy(ssmLifecycle.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(ssmLifecycle -\u003e ssmLifecycle.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var ssmLifecycleRolePolicyAttachment = new RolePolicyAttachment(\"ssmLifecycleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(ssmLifecyclePolicy.arn())\n .role(ssmLifecycleRole.name())\n .build());\n\n var stopInstances = new EventRule(\"stopInstances\", EventRuleArgs.builder() \n .name(\"StopInstance\")\n .description(\"Stop instances nightly\")\n .scheduleExpression(\"cron(0 0 * * ? *)\")\n .build());\n\n var stopInstancesEventTarget = new EventTarget(\"stopInstancesEventTarget\", EventTargetArgs.builder() \n .targetId(\"StopInstance\")\n .arn(stopInstance.arn())\n .rule(stopInstances.name())\n .roleArn(ssmLifecycleRole.arn())\n .runCommandTargets(EventTargetRunCommandTargetArgs.builder()\n .key(\"tag:Terminate\")\n .values(\"midnight\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ssmLifecycleRole:\n type: aws:iam:Role\n name: ssm_lifecycle\n properties:\n name: SSMLifecycle\n assumeRolePolicy: ${ssmLifecycleTrust.json}\n ssmLifecyclePolicy:\n type: aws:iam:Policy\n name: ssm_lifecycle\n properties:\n name: SSMLifecycle\n policy: ${ssmLifecycle.json}\n ssmLifecycleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: ssm_lifecycle\n properties:\n policyArn: ${ssmLifecyclePolicy.arn}\n role: ${ssmLifecycleRole.name}\n stopInstance:\n type: aws:ssm:Document\n name: stop_instance\n properties:\n name: stop_instance\n documentType: Command\n content:\n fn::toJSON:\n schemaVersion: '1.2'\n description: Stop an instance\n parameters: {}\n runtimeConfig:\n aws:runShellScript:\n properties:\n - id: 0.aws:runShellScript\n runCommand:\n - halt\n stopInstances:\n type: aws:cloudwatch:EventRule\n name: stop_instances\n properties:\n name: StopInstance\n description: Stop instances nightly\n scheduleExpression: cron(0 0 * * ? *)\n stopInstancesEventTarget:\n type: aws:cloudwatch:EventTarget\n name: stop_instances\n properties:\n targetId: StopInstance\n arn: ${stopInstance.arn}\n rule: ${stopInstances.name}\n roleArn: ${ssmLifecycleRole.arn}\n runCommandTargets:\n - key: tag:Terminate\n values:\n - midnight\nvariables:\n ssmLifecycleTrust:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n ssmLifecycle:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ssm:SendCommand\n resources:\n - arn:aws:ec2:eu-west-1:1234567890:instance/*\n conditions:\n - test: StringEquals\n variable: ec2:ResourceTag/Terminate\n values:\n - '*'\n - effect: Allow\n actions:\n - ssm:SendCommand\n resources:\n - ${stopInstance.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RunCommand Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst stopInstances = new aws.cloudwatch.EventRule(\"stop_instances\", {\n name: \"StopInstance\",\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stop_instances\", {\n targetId: \"StopInstance\",\n arn: `arn:aws:ssm:${awsRegion}::document/AWS-RunShellScript`,\n input: \"{\\\"commands\\\":[\\\"halt\\\"]}\",\n rule: stopInstances.name,\n roleArn: ssmLifecycle.arn,\n runCommandTargets: [{\n key: \"tag:Terminate\",\n values: [\"midnight\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nstop_instances = aws.cloudwatch.EventRule(\"stop_instances\",\n name=\"StopInstance\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stop_instances\",\n target_id=\"StopInstance\",\n arn=f\"arn:aws:ssm:{aws_region}::document/AWS-RunShellScript\",\n input=\"{\\\"commands\\\":[\\\"halt\\\"]}\",\n rule=stop_instances.name,\n role_arn=ssm_lifecycle[\"arn\"],\n run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Terminate\",\n values=[\"midnight\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var stopInstances = new Aws.CloudWatch.EventRule(\"stop_instances\", new()\n {\n Name = \"StopInstance\",\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stop_instances\", new()\n {\n TargetId = \"StopInstance\",\n Arn = $\"arn:aws:ssm:{awsRegion}::document/AWS-RunShellScript\",\n Input = \"{\\\"commands\\\":[\\\"halt\\\"]}\",\n Rule = stopInstances.Name,\n RoleArn = ssmLifecycle.Arn,\n RunCommandTargets = new[]\n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Terminate\",\n Values = new[]\n {\n \"midnight\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tstopInstances, err := cloudwatch.NewEventRule(ctx, \"stop_instances\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"StopInstance\"),\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stop_instances\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"StopInstance\"),\n\t\t\tArn: pulumi.String(fmt.Sprintf(\"arn:aws:ssm:%v::document/AWS-RunShellScript\", awsRegion)),\n\t\t\tInput: pulumi.String(\"{\\\"commands\\\":[\\\"halt\\\"]}\"),\n\t\t\tRule: stopInstances.Name,\n\t\t\tRoleArn: pulumi.Any(ssmLifecycle.Arn),\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t\u0026cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Terminate\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"midnight\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var stopInstances = new EventRule(\"stopInstances\", EventRuleArgs.builder() \n .name(\"StopInstance\")\n .description(\"Stop instances nightly\")\n .scheduleExpression(\"cron(0 0 * * ? *)\")\n .build());\n\n var stopInstancesEventTarget = new EventTarget(\"stopInstancesEventTarget\", EventTargetArgs.builder() \n .targetId(\"StopInstance\")\n .arn(String.format(\"arn:aws:ssm:%s::document/AWS-RunShellScript\", awsRegion))\n .input(\"{\\\"commands\\\":[\\\"halt\\\"]}\")\n .rule(stopInstances.name())\n .roleArn(ssmLifecycle.arn())\n .runCommandTargets(EventTargetRunCommandTargetArgs.builder()\n .key(\"tag:Terminate\")\n .values(\"midnight\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n stopInstances:\n type: aws:cloudwatch:EventRule\n name: stop_instances\n properties:\n name: StopInstance\n description: Stop instances nightly\n scheduleExpression: cron(0 0 * * ? *)\n stopInstancesEventTarget:\n type: aws:cloudwatch:EventTarget\n name: stop_instances\n properties:\n targetId: StopInstance\n arn: arn:aws:ssm:${awsRegion}::document/AWS-RunShellScript\n input: '{\"commands\":[\"halt\"]}'\n rule: ${stopInstances.name}\n roleArn: ${ssmLifecycle.arn}\n runCommandTargets:\n - key: tag:Terminate\n values:\n - midnight\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### ECS Run Task with Role and Task Override Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst ecsEvents = new aws.iam.Role(\"ecs_events\", {\n name: \"ecs_events\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst ecsEventsRunTaskWithAnyRole = std.replace({\n text: taskName.arn,\n search: \"/:\\\\d+$/\",\n replace: \":*\",\n}).then(invoke =\u003e aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"iam:PassRole\"],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ecs:RunTask\"],\n resources: [invoke.result],\n },\n ],\n}));\nconst ecsEventsRunTaskWithAnyRoleRolePolicy = new aws.iam.RolePolicy(\"ecs_events_run_task_with_any_role\", {\n name: \"ecs_events_run_task_with_any_role\",\n role: ecsEvents.id,\n policy: ecsEventsRunTaskWithAnyRole.then(ecsEventsRunTaskWithAnyRole =\u003e ecsEventsRunTaskWithAnyRole.json),\n});\nconst ecsScheduledTask = new aws.cloudwatch.EventTarget(\"ecs_scheduled_task\", {\n targetId: \"run-scheduled-task-every-hour\",\n arn: clusterName.arn,\n rule: everyHour.name,\n roleArn: ecsEvents.arn,\n ecsTarget: {\n taskCount: 1,\n taskDefinitionArn: taskName.arn,\n },\n input: JSON.stringify({\n containerOverrides: [{\n name: \"name-of-container-to-override\",\n command: [\n \"bin/console\",\n \"scheduled-task\",\n ],\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\necs_events = aws.iam.Role(\"ecs_events\",\n name=\"ecs_events\",\n assume_role_policy=assume_role.json)\necs_events_run_task_with_any_role = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"iam:PassRole\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ecs:RunTask\"],\n resources=[std.replace(text=task_name[\"arn\"],\n search=\"/:\\\\d+$/\",\n replace=\":*\").result],\n ),\n])\necs_events_run_task_with_any_role_role_policy = aws.iam.RolePolicy(\"ecs_events_run_task_with_any_role\",\n name=\"ecs_events_run_task_with_any_role\",\n role=ecs_events.id,\n policy=ecs_events_run_task_with_any_role.json)\necs_scheduled_task = aws.cloudwatch.EventTarget(\"ecs_scheduled_task\",\n target_id=\"run-scheduled-task-every-hour\",\n arn=cluster_name[\"arn\"],\n rule=every_hour[\"name\"],\n role_arn=ecs_events.arn,\n ecs_target=aws.cloudwatch.EventTargetEcsTargetArgs(\n task_count=1,\n task_definition_arn=task_name[\"arn\"],\n ),\n input=json.dumps({\n \"containerOverrides\": [{\n \"name\": \"name-of-container-to-override\",\n \"command\": [\n \"bin/console\",\n \"scheduled-task\",\n ],\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var ecsEvents = new Aws.Iam.Role(\"ecs_events\", new()\n {\n Name = \"ecs_events\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsEventsRunTaskWithAnyRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iam:PassRole\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ecs:RunTask\",\n },\n Resources = new[]\n {\n Std.Replace.Invoke(new()\n {\n Text = taskName.Arn,\n Search = \"/:\\\\d+$/\",\n Replace = \":*\",\n }).Result,\n },\n },\n },\n });\n\n var ecsEventsRunTaskWithAnyRoleRolePolicy = new Aws.Iam.RolePolicy(\"ecs_events_run_task_with_any_role\", new()\n {\n Name = \"ecs_events_run_task_with_any_role\",\n Role = ecsEvents.Id,\n Policy = ecsEventsRunTaskWithAnyRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var ecsScheduledTask = new Aws.CloudWatch.EventTarget(\"ecs_scheduled_task\", new()\n {\n TargetId = \"run-scheduled-task-every-hour\",\n Arn = clusterName.Arn,\n Rule = everyHour.Name,\n RoleArn = ecsEvents.Arn,\n EcsTarget = new Aws.CloudWatch.Inputs.EventTargetEcsTargetArgs\n {\n TaskCount = 1,\n TaskDefinitionArn = taskName.Arn,\n },\n Input = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"containerOverrides\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"name\"] = \"name-of-container-to-override\",\n [\"command\"] = new[]\n {\n \"bin/console\",\n \"scheduled-task\",\n },\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"events.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\necsEvents, err := iam.NewRole(ctx, \"ecs_events\", \u0026iam.RoleArgs{\nName: pulumi.String(\"ecs_events\"),\nAssumeRolePolicy: pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\necsEventsRunTaskWithAnyRole, err := iam.GetPolicyDocument(ctx, invokeReplace, err := std.Replace(ctx, \u0026std.ReplaceArgs{\nText: taskName.Arn,\nSearch: \"/:\\\\d+$/\",\nReplace: \":*\",\n}, nil)\nif err != nil {\nreturn err\n}\n\u0026iam.GetPolicyDocumentArgs{\nStatements: pulumi.Array{\niam.GetPolicyDocumentStatement{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"iam:PassRole\",\n},\nResources: []string{\n\"*\",\n},\n},\niam.GetPolicyDocumentStatement{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"ecs:RunTask\",\n},\nResources: interface{}{\ninvokeReplace.Result,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.NewRolePolicy(ctx, \"ecs_events_run_task_with_any_role\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"ecs_events_run_task_with_any_role\"),\nRole: ecsEvents.ID(),\nPolicy: pulumi.String(ecsEventsRunTaskWithAnyRole.Json),\n})\nif err != nil {\nreturn err\n}\ntmpJSON0, err := json.Marshal(map[string]interface{}{\n\"containerOverrides\": []map[string]interface{}{\nmap[string]interface{}{\n\"name\": \"name-of-container-to-override\",\n\"command\": []string{\n\"bin/console\",\n\"scheduled-task\",\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\njson0 := string(tmpJSON0)\n_, err = cloudwatch.NewEventTarget(ctx, \"ecs_scheduled_task\", \u0026cloudwatch.EventTargetArgs{\nTargetId: pulumi.String(\"run-scheduled-task-every-hour\"),\nArn: pulumi.Any(clusterName.Arn),\nRule: pulumi.Any(everyHour.Name),\nRoleArn: ecsEvents.Arn,\nEcsTarget: \u0026cloudwatch.EventTargetEcsTargetArgs{\nTaskCount: pulumi.Int(1),\nTaskDefinitionArn: pulumi.Any(taskName.Arn),\n},\nInput: pulumi.String(json0),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetEcsTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var ecsEvents = new Role(\"ecsEvents\", RoleArgs.builder() \n .name(\"ecs_events\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var ecsEventsRunTaskWithAnyRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"iam:PassRole\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ecs:RunTask\")\n .resources(StdFunctions.replace(ReplaceArgs.builder()\n .text(taskName.arn())\n .search(\"/:\\\\d+$/\")\n .replace(\":*\")\n .build()).result())\n .build())\n .build());\n\n var ecsEventsRunTaskWithAnyRoleRolePolicy = new RolePolicy(\"ecsEventsRunTaskWithAnyRoleRolePolicy\", RolePolicyArgs.builder() \n .name(\"ecs_events_run_task_with_any_role\")\n .role(ecsEvents.id())\n .policy(ecsEventsRunTaskWithAnyRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var ecsScheduledTask = new EventTarget(\"ecsScheduledTask\", EventTargetArgs.builder() \n .targetId(\"run-scheduled-task-every-hour\")\n .arn(clusterName.arn())\n .rule(everyHour.name())\n .roleArn(ecsEvents.arn())\n .ecsTarget(EventTargetEcsTargetArgs.builder()\n .taskCount(1)\n .taskDefinitionArn(taskName.arn())\n .build())\n .input(serializeJson(\n jsonObject(\n jsonProperty(\"containerOverrides\", jsonArray(jsonObject(\n jsonProperty(\"name\", \"name-of-container-to-override\"),\n jsonProperty(\"command\", jsonArray(\n \"bin/console\", \n \"scheduled-task\"\n ))\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ecsEvents:\n type: aws:iam:Role\n name: ecs_events\n properties:\n name: ecs_events\n assumeRolePolicy: ${assumeRole.json}\n ecsEventsRunTaskWithAnyRoleRolePolicy:\n type: aws:iam:RolePolicy\n name: ecs_events_run_task_with_any_role\n properties:\n name: ecs_events_run_task_with_any_role\n role: ${ecsEvents.id}\n policy: ${ecsEventsRunTaskWithAnyRole.json}\n ecsScheduledTask:\n type: aws:cloudwatch:EventTarget\n name: ecs_scheduled_task\n properties:\n targetId: run-scheduled-task-every-hour\n arn: ${clusterName.arn}\n rule: ${everyHour.name}\n roleArn: ${ecsEvents.arn}\n ecsTarget:\n taskCount: 1\n taskDefinitionArn: ${taskName.arn}\n input:\n fn::toJSON:\n containerOverrides:\n - name: name-of-container-to-override\n command:\n - bin/console\n - scheduled-task\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n actions:\n - sts:AssumeRole\n ecsEventsRunTaskWithAnyRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - iam:PassRole\n resources:\n - '*'\n - effect: Allow\n actions:\n - ecs:RunTask\n resources:\n - fn::invoke:\n Function: std:replace\n Arguments:\n text: ${taskName.arn}\n search: /:\\d+$/\n replace: :*\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### API Gateway target\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {restApi: exampleAwsApiGatewayRestApi.id});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n restApi: exampleAwsApiGatewayRestApi.id,\n deployment: exampleDeployment.id,\n});\nconst example = new aws.cloudwatch.EventTarget(\"example\", {\n arn: pulumi.interpolate`${exampleStage.executionArn}/GET`,\n rule: exampleEventRule.id,\n httpTarget: {\n queryStringParameters: {\n Body: \"$.detail.body\",\n },\n headerParameters: {\n Env: \"Test\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"example\")\nexample_deployment = aws.apigateway.Deployment(\"example\", rest_api=example_aws_api_gateway_rest_api[\"id\"])\nexample_stage = aws.apigateway.Stage(\"example\",\n rest_api=example_aws_api_gateway_rest_api[\"id\"],\n deployment=example_deployment.id)\nexample = aws.cloudwatch.EventTarget(\"example\",\n arn=example_stage.execution_arn.apply(lambda execution_arn: f\"{execution_arn}/GET\"),\n rule=example_event_rule.id,\n http_target=aws.cloudwatch.EventTargetHttpTargetArgs(\n query_string_parameters={\n \"Body\": \"$.detail.body\",\n },\n header_parameters={\n \"Env\": \"Test\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\");\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = exampleAwsApiGatewayRestApi.Id,\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n RestApi = exampleAwsApiGatewayRestApi.Id,\n Deployment = exampleDeployment.Id,\n });\n\n var example = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Arn = exampleStage.ExecutionArn.Apply(executionArn =\u003e $\"{executionArn}/GET\"),\n Rule = exampleEventRule.Id,\n HttpTarget = new Aws.CloudWatch.Inputs.EventTargetHttpTargetArgs\n {\n QueryStringParameters = \n {\n { \"Body\", \"$.detail.body\" },\n },\n HeaderParameters = \n {\n { \"Env\", \"Test\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: pulumi.Any(exampleAwsApiGatewayRestApi.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStage, err := apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tRestApi: pulumi.Any(exampleAwsApiGatewayRestApi.Id),\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tArn: exampleStage.ExecutionArn.ApplyT(func(executionArn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/GET\", executionArn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tHttpTarget: \u0026cloudwatch.EventTargetHttpTargetArgs{\n\t\t\t\tQueryStringParameters: pulumi.StringMap{\n\t\t\t\t\t\"Body\": pulumi.String(\"$.detail.body\"),\n\t\t\t\t},\n\t\t\t\tHeaderParameters: pulumi.StringMap{\n\t\t\t\t\t\"Env\": pulumi.String(\"Test\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetHttpTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEventRule = new EventRule(\"exampleEventRule\");\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(exampleAwsApiGatewayRestApi.id())\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .restApi(exampleAwsApiGatewayRestApi.id())\n .deployment(exampleDeployment.id())\n .build());\n\n var example = new EventTarget(\"example\", EventTargetArgs.builder() \n .arn(exampleStage.executionArn().applyValue(executionArn -\u003e String.format(\"%s/GET\", executionArn)))\n .rule(exampleEventRule.id())\n .httpTarget(EventTargetHttpTargetArgs.builder()\n .queryStringParameters(Map.of(\"Body\", \"$.detail.body\"))\n .headerParameters(Map.of(\"Env\", \"Test\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:EventTarget\n properties:\n arn: ${exampleStage.executionArn}/GET\n rule: ${exampleEventRule.id}\n httpTarget:\n queryStringParameters:\n Body: $.detail.body\n headerParameters:\n Env: Test\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${exampleAwsApiGatewayRestApi.id}\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n restApi: ${exampleAwsApiGatewayRestApi.id}\n deployment: ${exampleDeployment.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cross-Account Event Bus target\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst eventBusInvokeRemoteEventBusRole = new aws.iam.Role(\"event_bus_invoke_remote_event_bus\", {\n name: \"event-bus-invoke-remote-event-bus\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst eventBusInvokeRemoteEventBus = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\"],\n }],\n});\nconst eventBusInvokeRemoteEventBusPolicy = new aws.iam.Policy(\"event_bus_invoke_remote_event_bus\", {\n name: \"event_bus_invoke_remote_event_bus\",\n policy: eventBusInvokeRemoteEventBus.then(eventBusInvokeRemoteEventBus =\u003e eventBusInvokeRemoteEventBus.json),\n});\nconst eventBusInvokeRemoteEventBusRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"event_bus_invoke_remote_event_bus\", {\n role: eventBusInvokeRemoteEventBusRole.name,\n policyArn: eventBusInvokeRemoteEventBusPolicy.arn,\n});\nconst stopInstances = new aws.cloudwatch.EventRule(\"stop_instances\", {\n name: \"StopInstance\",\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stop_instances\", {\n targetId: \"StopInstance\",\n arn: \"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n rule: stopInstances.name,\n roleArn: eventBusInvokeRemoteEventBusRole.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nevent_bus_invoke_remote_event_bus_role = aws.iam.Role(\"event_bus_invoke_remote_event_bus\",\n name=\"event-bus-invoke-remote-event-bus\",\n assume_role_policy=assume_role.json)\nevent_bus_invoke_remote_event_bus = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\"],\n)])\nevent_bus_invoke_remote_event_bus_policy = aws.iam.Policy(\"event_bus_invoke_remote_event_bus\",\n name=\"event_bus_invoke_remote_event_bus\",\n policy=event_bus_invoke_remote_event_bus.json)\nevent_bus_invoke_remote_event_bus_role_policy_attachment = aws.iam.RolePolicyAttachment(\"event_bus_invoke_remote_event_bus\",\n role=event_bus_invoke_remote_event_bus_role.name,\n policy_arn=event_bus_invoke_remote_event_bus_policy.arn)\nstop_instances = aws.cloudwatch.EventRule(\"stop_instances\",\n name=\"StopInstance\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stop_instances\",\n target_id=\"StopInstance\",\n arn=\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n rule=stop_instances.name,\n role_arn=event_bus_invoke_remote_event_bus_role.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var eventBusInvokeRemoteEventBusRole = new Aws.Iam.Role(\"event_bus_invoke_remote_event_bus\", new()\n {\n Name = \"event-bus-invoke-remote-event-bus\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var eventBusInvokeRemoteEventBus = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"events:PutEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n },\n },\n },\n });\n\n var eventBusInvokeRemoteEventBusPolicy = new Aws.Iam.Policy(\"event_bus_invoke_remote_event_bus\", new()\n {\n Name = \"event_bus_invoke_remote_event_bus\",\n PolicyDocument = eventBusInvokeRemoteEventBus.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var eventBusInvokeRemoteEventBusRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"event_bus_invoke_remote_event_bus\", new()\n {\n Role = eventBusInvokeRemoteEventBusRole.Name,\n PolicyArn = eventBusInvokeRemoteEventBusPolicy.Arn,\n });\n\n var stopInstances = new Aws.CloudWatch.EventRule(\"stop_instances\", new()\n {\n Name = \"StopInstance\",\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stop_instances\", new()\n {\n TargetId = \"StopInstance\",\n Arn = \"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n Rule = stopInstances.Name,\n RoleArn = eventBusInvokeRemoteEventBusRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"events.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teventBusInvokeRemoteEventBusRole, err := iam.NewRole(ctx, \"event_bus_invoke_remote_event_bus\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"event-bus-invoke-remote-event-bus\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teventBusInvokeRemoteEventBus, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teventBusInvokeRemoteEventBusPolicy, err := iam.NewPolicy(ctx, \"event_bus_invoke_remote_event_bus\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"event_bus_invoke_remote_event_bus\"),\n\t\t\tPolicy: pulumi.String(eventBusInvokeRemoteEventBus.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"event_bus_invoke_remote_event_bus\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: eventBusInvokeRemoteEventBusRole.Name,\n\t\t\tPolicyArn: eventBusInvokeRemoteEventBusPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstopInstances, err := cloudwatch.NewEventRule(ctx, \"stop_instances\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"StopInstance\"),\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stop_instances\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tTargetId: pulumi.String(\"StopInstance\"),\n\t\t\tArn: pulumi.String(\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\"),\n\t\t\tRule: stopInstances.Name,\n\t\t\tRoleArn: eventBusInvokeRemoteEventBusRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"events.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var eventBusInvokeRemoteEventBusRole = new Role(\"eventBusInvokeRemoteEventBusRole\", RoleArgs.builder() \n .name(\"event-bus-invoke-remote-event-bus\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var eventBusInvokeRemoteEventBus = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"events:PutEvents\")\n .resources(\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\")\n .build())\n .build());\n\n var eventBusInvokeRemoteEventBusPolicy = new Policy(\"eventBusInvokeRemoteEventBusPolicy\", PolicyArgs.builder() \n .name(\"event_bus_invoke_remote_event_bus\")\n .policy(eventBusInvokeRemoteEventBus.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var eventBusInvokeRemoteEventBusRolePolicyAttachment = new RolePolicyAttachment(\"eventBusInvokeRemoteEventBusRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(eventBusInvokeRemoteEventBusRole.name())\n .policyArn(eventBusInvokeRemoteEventBusPolicy.arn())\n .build());\n\n var stopInstances = new EventRule(\"stopInstances\", EventRuleArgs.builder() \n .name(\"StopInstance\")\n .description(\"Stop instances nightly\")\n .scheduleExpression(\"cron(0 0 * * ? *)\")\n .build());\n\n var stopInstancesEventTarget = new EventTarget(\"stopInstancesEventTarget\", EventTargetArgs.builder() \n .targetId(\"StopInstance\")\n .arn(\"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\")\n .rule(stopInstances.name())\n .roleArn(eventBusInvokeRemoteEventBusRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n eventBusInvokeRemoteEventBusRole:\n type: aws:iam:Role\n name: event_bus_invoke_remote_event_bus\n properties:\n name: event-bus-invoke-remote-event-bus\n assumeRolePolicy: ${assumeRole.json}\n eventBusInvokeRemoteEventBusPolicy:\n type: aws:iam:Policy\n name: event_bus_invoke_remote_event_bus\n properties:\n name: event_bus_invoke_remote_event_bus\n policy: ${eventBusInvokeRemoteEventBus.json}\n eventBusInvokeRemoteEventBusRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: event_bus_invoke_remote_event_bus\n properties:\n role: ${eventBusInvokeRemoteEventBusRole.name}\n policyArn: ${eventBusInvokeRemoteEventBusPolicy.arn}\n stopInstances:\n type: aws:cloudwatch:EventRule\n name: stop_instances\n properties:\n name: StopInstance\n description: Stop instances nightly\n scheduleExpression: cron(0 0 * * ? *)\n stopInstancesEventTarget:\n type: aws:cloudwatch:EventTarget\n name: stop_instances\n properties:\n targetId: StopInstance\n arn: arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\n rule: ${stopInstances.name}\n roleArn: ${eventBusInvokeRemoteEventBusRole.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n actions:\n - sts:AssumeRole\n eventBusInvokeRemoteEventBus:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - events:PutEvents\n resources:\n - arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Input Transformer Usage - JSON Object\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {});\nconst example = new aws.cloudwatch.EventTarget(\"example\", {\n arn: exampleAwsLambdaFunction.arn,\n rule: exampleEventRule.id,\n inputTransformer: {\n inputPaths: {\n instance: \"$.detail.instance\",\n status: \"$.detail.status\",\n },\n inputTemplate: `{\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"example\")\nexample = aws.cloudwatch.EventTarget(\"example\",\n arn=example_aws_lambda_function[\"arn\"],\n rule=example_event_rule.id,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"instance\": \"$.detail.instance\",\n \"status\": \"$.detail.status\",\n },\n input_template=\"\"\"{\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n}\n\"\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\");\n\n var example = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Arn = exampleAwsLambdaFunction.Arn,\n Rule = exampleEventRule.Id,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"instance\", \"$.detail.instance\" },\n { \"status\", \"$.detail.status\" },\n },\n InputTemplate = @\"{\n \"\"instance_id\"\": \u003cinstance\u003e,\n \"\"instance_status\"\": \u003cstatus\u003e\n}\n\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tArn: pulumi.Any(exampleAwsLambdaFunction.Arn),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tInputTransformer: \u0026cloudwatch.EventTargetInputTransformerArgs{\n\t\t\t\tInputPaths: pulumi.StringMap{\n\t\t\t\t\t\"instance\": pulumi.String(\"$.detail.instance\"),\n\t\t\t\t\t\"status\": pulumi.String(\"$.detail.status\"),\n\t\t\t\t},\n\t\t\t\tInputTemplate: pulumi.String(\"{\\n \\\"instance_id\\\": \u003cinstance\u003e,\\n \\\"instance_status\\\": \u003cstatus\u003e\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEventRule = new EventRule(\"exampleEventRule\");\n\n var example = new EventTarget(\"example\", EventTargetArgs.builder() \n .arn(exampleAwsLambdaFunction.arn())\n .rule(exampleEventRule.id())\n .inputTransformer(EventTargetInputTransformerArgs.builder()\n .inputPaths(Map.ofEntries(\n Map.entry(\"instance\", \"$.detail.instance\"),\n Map.entry(\"status\", \"$.detail.status\")\n ))\n .inputTemplate(\"\"\"\n{\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n}\n \"\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:EventTarget\n properties:\n arn: ${exampleAwsLambdaFunction.arn}\n rule: ${exampleEventRule.id}\n inputTransformer:\n inputPaths:\n instance: $.detail.instance\n status: $.detail.status\n inputTemplate: |\n {\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n }\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Input Transformer Usage - Simple String\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {});\nconst example = new aws.cloudwatch.EventTarget(\"example\", {\n arn: exampleAwsLambdaFunction.arn,\n rule: exampleEventRule.id,\n inputTransformer: {\n inputPaths: {\n instance: \"$.detail.instance\",\n status: \"$.detail.status\",\n },\n inputTemplate: \"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"example\")\nexample = aws.cloudwatch.EventTarget(\"example\",\n arn=example_aws_lambda_function[\"arn\"],\n rule=example_event_rule.id,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"instance\": \"$.detail.instance\",\n \"status\": \"$.detail.status\",\n },\n input_template=\"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\");\n\n var example = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Arn = exampleAwsLambdaFunction.Arn,\n Rule = exampleEventRule.Id,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"instance\", \"$.detail.instance\" },\n { \"status\", \"$.detail.status\" },\n },\n InputTemplate = \"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tArn: pulumi.Any(exampleAwsLambdaFunction.Arn),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tInputTransformer: \u0026cloudwatch.EventTargetInputTransformerArgs{\n\t\t\t\tInputPaths: pulumi.StringMap{\n\t\t\t\t\t\"instance\": pulumi.String(\"$.detail.instance\"),\n\t\t\t\t\t\"status\": pulumi.String(\"$.detail.status\"),\n\t\t\t\t},\n\t\t\t\tInputTemplate: pulumi.String(\"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEventRule = new EventRule(\"exampleEventRule\");\n\n var example = new EventTarget(\"example\", EventTargetArgs.builder() \n .arn(exampleAwsLambdaFunction.arn())\n .rule(exampleEventRule.id())\n .inputTransformer(EventTargetInputTransformerArgs.builder()\n .inputPaths(Map.ofEntries(\n Map.entry(\"instance\", \"$.detail.instance\"),\n Map.entry(\"status\", \"$.detail.status\")\n ))\n .inputTemplate(\"\\\"\u003cinstance\u003e is in state \u003cstatus\u003e\\\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:EventTarget\n properties:\n arn: ${exampleAwsLambdaFunction.arn}\n rule: ${exampleEventRule.id}\n inputTransformer:\n inputPaths:\n instance: $.detail.instance\n status: $.detail.status\n inputTemplate: '\"\u003cinstance\u003e is in state \u003cstatus\u003e\"'\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cloudwatch Log Group Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: \"/aws/events/guardduty/logs\",\n retentionInDays: 1,\n});\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"example\", {\n name: \"guard-duty_event_rule\",\n description: \"GuardDuty Findings\",\n eventPattern: JSON.stringify({\n source: [\"aws.guardduty\"],\n }),\n tags: {\n Environment: \"example\",\n },\n});\nconst exampleLogPolicy = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"logs:CreateLogStream\"],\n resources: [pulumi.interpolate`${example.arn}:*`],\n principals: [{\n type: \"Service\",\n identifiers: [\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n }],\n },\n {\n effect: \"Allow\",\n actions: [\"logs:PutLogEvents\"],\n resources: [pulumi.interpolate`${example.arn}:*:*`],\n principals: [{\n type: \"Service\",\n identifiers: [\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n }],\n conditions: [{\n test: \"ArnEquals\",\n values: [exampleEventRule.arn],\n variable: \"aws:SourceArn\",\n }],\n },\n ],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"example\", {\n policyDocument: exampleLogPolicy.apply(exampleLogPolicy =\u003e exampleLogPolicy.json),\n policyName: \"guardduty-log-publishing-policy\",\n});\nconst exampleEventTarget = new aws.cloudwatch.EventTarget(\"example\", {\n rule: exampleEventRule.name,\n arn: example.arn,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=\"/aws/events/guardduty/logs\",\n retention_in_days=1)\nexample_event_rule = aws.cloudwatch.EventRule(\"example\",\n name=\"guard-duty_event_rule\",\n description=\"GuardDuty Findings\",\n event_pattern=json.dumps({\n \"source\": [\"aws.guardduty\"],\n }),\n tags={\n \"Environment\": \"example\",\n })\nexample_log_policy = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"logs:CreateLogStream\"],\n resources=[example.arn.apply(lambda arn: f\"{arn}:*\")],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"logs:PutLogEvents\"],\n resources=[example.arn.apply(lambda arn: f\"{arn}:*:*\")],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n ],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n values=[example_event_rule.arn],\n variable=\"aws:SourceArn\",\n )],\n ),\n])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"example\",\n policy_document=example_log_policy.json,\n policy_name=\"guardduty-log-publishing-policy\")\nexample_event_target = aws.cloudwatch.EventTarget(\"example\",\n rule=example_event_rule.name,\n arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"/aws/events/guardduty/logs\",\n RetentionInDays = 1,\n });\n\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"example\", new()\n {\n Name = \"guard-duty_event_rule\",\n Description = \"GuardDuty Findings\",\n EventPattern = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"source\"] = new[]\n {\n \"aws.guardduty\",\n },\n }),\n Tags = \n {\n { \"Environment\", \"example\" },\n },\n });\n\n var exampleLogPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n $\"{example.Arn}:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n $\"{example.Arn}:*:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n },\n },\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Values = new[]\n {\n exampleEventRule.Arn,\n },\n Variable = \"aws:SourceArn\",\n },\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"example\", new()\n {\n PolicyDocument = exampleLogPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n PolicyName = \"guardduty-log-publishing-policy\",\n });\n\n var exampleEventTarget = new Aws.CloudWatch.EventTarget(\"example\", new()\n {\n Rule = exampleEventRule.Name,\n Arn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"/aws/events/guardduty/logs\"),\n\t\t\tRetentionInDays: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"source\": []string{\n\t\t\t\t\"aws.guardduty\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"example\", \u0026cloudwatch.EventRuleArgs{\n\t\t\tName: pulumi.String(\"guard-duty_event_rule\"),\n\t\t\tDescription: pulumi.String(\"GuardDuty Findings\"),\n\t\t\tEventPattern: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLogPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"logs:CreateLogStream\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"events.amazonaws.com\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"delivery.logs.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"logs:PutLogEvents\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:*:*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"events.amazonaws.com\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"delivery.logs.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnEquals\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\texampleEventRule.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"example\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: exampleLogPolicy.ApplyT(func(exampleLogPolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026exampleLogPolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tPolicyName: pulumi.String(\"guardduty-log-publishing-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"example\", \u0026cloudwatch.EventTargetArgs{\n\t\t\tRule: exampleEventRule.Name,\n\t\t\tArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.cloudwatch.EventRule;\nimport com.pulumi.aws.cloudwatch.EventRuleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.cloudwatch.EventTarget;\nimport com.pulumi.aws.cloudwatch.EventTargetArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .name(\"/aws/events/guardduty/logs\")\n .retentionInDays(1)\n .build());\n\n var exampleEventRule = new EventRule(\"exampleEventRule\", EventRuleArgs.builder() \n .name(\"guard-duty_event_rule\")\n .description(\"GuardDuty Findings\")\n .eventPattern(serializeJson(\n jsonObject(\n jsonProperty(\"source\", jsonArray(\"aws.guardduty\"))\n )))\n .tags(Map.of(\"Environment\", \"example\"))\n .build());\n\n final var exampleLogPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"logs:CreateLogStream\")\n .resources(example.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers( \n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"logs:PutLogEvents\")\n .resources(example.arn().applyValue(arn -\u003e String.format(\"%s:*:*\", arn)))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers( \n \"events.amazonaws.com\",\n \"delivery.logs.amazonaws.com\")\n .build())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .values(exampleEventRule.arn())\n .variable(\"aws:SourceArn\")\n .build())\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(exampleLogPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(exampleLogPolicy -\u003e exampleLogPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .policyName(\"guardduty-log-publishing-policy\")\n .build());\n\n var exampleEventTarget = new EventTarget(\"exampleEventTarget\", EventTargetArgs.builder() \n .rule(exampleEventRule.name())\n .arn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/events/guardduty/logs\n retentionInDays: 1\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: example\n properties:\n policyDocument: ${exampleLogPolicy.json}\n policyName: guardduty-log-publishing-policy\n exampleEventRule:\n type: aws:cloudwatch:EventRule\n name: example\n properties:\n name: guard-duty_event_rule\n description: GuardDuty Findings\n eventPattern:\n fn::toJSON:\n source:\n - aws.guardduty\n tags:\n Environment: example\n exampleEventTarget:\n type: aws:cloudwatch:EventTarget\n name: example\n properties:\n rule: ${exampleEventRule.name}\n arn: ${example.arn}\nvariables:\n exampleLogPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogStream\n resources:\n - ${example.arn}:*\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n - delivery.logs.amazonaws.com\n - effect: Allow\n actions:\n - logs:PutLogEvents\n resources:\n - ${example.arn}:*:*\n principals:\n - type: Service\n identifiers:\n - events.amazonaws.com\n - delivery.logs.amazonaws.com\n conditions:\n - test: ArnEquals\n values:\n - ${exampleEventRule.arn}\n variable: aws:SourceArn\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EventBridge Targets using `event_bus_name/rule-name/target-id` (if you omit `event_bus_name`, the `default` event bus will be used). For example:\n\n```sh\n$ pulumi import aws:cloudwatch/eventTarget:EventTarget test-event-target rule-name/target-id\n```\n", "properties": { "arn": { "type": "string", @@ -183090,7 +183090,7 @@ } }, "aws:cloudwatch/logResourcePolicy:LogResourcePolicy": { - "description": "Provides a resource to manage a CloudWatch log resource policy.\n\n## Example Usage\n\n### Elasticsearch Log Publishing\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst elasticsearch-log-publishing-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources: [\"arn:aws:logs:*\"],\n principals: [{\n identifiers: [\"es.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst elasticsearch_log_publishing_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", {\n policyDocument: elasticsearch_log_publishing_policy.then(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.json),\n policyName: \"elasticsearch-log-publishing-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nelasticsearch_log_publishing_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources=[\"arn:aws:logs:*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"es.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nelasticsearch_log_publishing_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\",\n policy_document=elasticsearch_log_publishing_policy.json,\n policy_name=\"elasticsearch-log-publishing-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var elasticsearch_log_publishing_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", new()\n {\n PolicyDocument = elasticsearch_log_publishing_policy.Apply(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"elasticsearch-log-publishing-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\telasticsearch_log_publishing_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"elasticsearch-log-publishing-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: *pulumi.String(elasticsearch_log_publishing_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"elasticsearch-log-publishing-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var elasticsearch-log-publishing-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\")\n .resources(\"arn:aws:logs:*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"es.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new LogResourcePolicy(\"elasticsearch-log-publishing-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(elasticsearch_log_publishing_policy.json())\n .policyName(\"elasticsearch-log-publishing-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elasticsearch-log-publishing-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: elasticsearch-log-publishing-policy\n properties:\n policyDocument: ${[\"elasticsearch-log-publishing-policy\"].json}\n policyName: elasticsearch-log-publishing-policy\nvariables:\n elasticsearch-log-publishing-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n resources:\n - arn:aws:logs:*\n principals:\n - identifiers:\n - es.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Route53 Query Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst route53-query-logging-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: *pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\nvariables:\n route53-query-logging-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudWatch log resource policies using the policy name. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/logResourcePolicy:LogResourcePolicy MyPolicy MyPolicy\n```\n", + "description": "Provides a resource to manage a CloudWatch log resource policy.\n\n## Example Usage\n\n### Elasticsearch Log Publishing\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst elasticsearch-log-publishing-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources: [\"arn:aws:logs:*\"],\n principals: [{\n identifiers: [\"es.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst elasticsearch_log_publishing_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", {\n policyDocument: elasticsearch_log_publishing_policy.then(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.json),\n policyName: \"elasticsearch-log-publishing-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nelasticsearch_log_publishing_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources=[\"arn:aws:logs:*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"es.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nelasticsearch_log_publishing_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\",\n policy_document=elasticsearch_log_publishing_policy.json,\n policy_name=\"elasticsearch-log-publishing-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var elasticsearch_log_publishing_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", new()\n {\n PolicyDocument = elasticsearch_log_publishing_policy.Apply(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"elasticsearch-log-publishing-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\telasticsearch_log_publishing_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"elasticsearch-log-publishing-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(elasticsearch_log_publishing_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"elasticsearch-log-publishing-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var elasticsearch-log-publishing-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\")\n .resources(\"arn:aws:logs:*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"es.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new LogResourcePolicy(\"elasticsearch-log-publishing-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(elasticsearch_log_publishing_policy.json())\n .policyName(\"elasticsearch-log-publishing-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elasticsearch-log-publishing-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: elasticsearch-log-publishing-policy\n properties:\n policyDocument: ${[\"elasticsearch-log-publishing-policy\"].json}\n policyName: elasticsearch-log-publishing-policy\nvariables:\n elasticsearch-log-publishing-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n resources:\n - arn:aws:logs:*\n principals:\n - identifiers:\n - es.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Route53 Query Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst route53-query-logging-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\nvariables:\n route53-query-logging-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudWatch log resource policies using the policy name. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/logResourcePolicy:LogResourcePolicy MyPolicy MyPolicy\n```\n", "properties": { "policyDocument": { "type": "string", @@ -183738,7 +183738,7 @@ } }, "aws:cloudwatch/metricStream:MetricStream": { - "description": "Provides a CloudWatch Metric Stream resource.\n\n## Example Usage\n\n### Filters\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nconst streamsAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"streams.metrics.cloudwatch.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst metricStreamToFirehoseRole = new aws.iam.Role(\"metric_stream_to_firehose\", {\n name: \"metric_stream_to_firehose_role\",\n assumeRolePolicy: streamsAssumeRole.then(streamsAssumeRole =\u003e streamsAssumeRole.json),\n});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"metric-stream-test-bucket\"});\nconst firehoseAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseToS3Role = new aws.iam.Role(\"firehose_to_s3\", {assumeRolePolicy: firehoseAssumeRole.then(firehoseAssumeRole =\u003e firehoseAssumeRole.json)});\nconst s3Stream = new aws.kinesis.FirehoseDeliveryStream(\"s3_stream\", {\n name: \"metric-stream-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseToS3Role.arn,\n bucketArn: bucket.arn,\n },\n});\nconst main = new aws.cloudwatch.MetricStream(\"main\", {\n name: \"my-metric-stream\",\n roleArn: metricStreamToFirehoseRole.arn,\n firehoseArn: s3Stream.arn,\n outputFormat: \"json\",\n includeFilters: [\n {\n namespace: \"AWS/EC2\",\n metricNames: [\n \"CPUUtilization\",\n \"NetworkOut\",\n ],\n },\n {\n namespace: \"AWS/EBS\",\n metricNames: [],\n },\n ],\n});\n// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nconst metricStreamToFirehose = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\",\n ],\n resources: [s3Stream.arn],\n }],\n});\nconst metricStreamToFirehoseRolePolicy = new aws.iam.RolePolicy(\"metric_stream_to_firehose\", {\n name: \"default\",\n role: metricStreamToFirehoseRole.id,\n policy: metricStreamToFirehose.apply(metricStreamToFirehose =\u003e metricStreamToFirehose.json),\n});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\nconst firehoseToS3 = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\",\n ],\n resources: [\n bucket.arn,\n pulumi.interpolate`${bucket.arn}/*`,\n ],\n }],\n});\nconst firehoseToS3RolePolicy = new aws.iam.RolePolicy(\"firehose_to_s3\", {\n name: \"default\",\n role: firehoseToS3Role.id,\n policy: firehoseToS3.apply(firehoseToS3 =\u003e firehoseToS3.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nstreams_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"streams.metrics.cloudwatch.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nmetric_stream_to_firehose_role = aws.iam.Role(\"metric_stream_to_firehose\",\n name=\"metric_stream_to_firehose_role\",\n assume_role_policy=streams_assume_role.json)\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"metric-stream-test-bucket\")\nfirehose_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfirehose_to_s3_role = aws.iam.Role(\"firehose_to_s3\", assume_role_policy=firehose_assume_role.json)\ns3_stream = aws.kinesis.FirehoseDeliveryStream(\"s3_stream\",\n name=\"metric-stream-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_to_s3_role.arn,\n bucket_arn=bucket.arn,\n ))\nmain = aws.cloudwatch.MetricStream(\"main\",\n name=\"my-metric-stream\",\n role_arn=metric_stream_to_firehose_role.arn,\n firehose_arn=s3_stream.arn,\n output_format=\"json\",\n include_filters=[\n aws.cloudwatch.MetricStreamIncludeFilterArgs(\n namespace=\"AWS/EC2\",\n metric_names=[\n \"CPUUtilization\",\n \"NetworkOut\",\n ],\n ),\n aws.cloudwatch.MetricStreamIncludeFilterArgs(\n namespace=\"AWS/EBS\",\n metric_names=[],\n ),\n ])\n# https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nmetric_stream_to_firehose = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\",\n ],\n resources=[s3_stream.arn],\n)])\nmetric_stream_to_firehose_role_policy = aws.iam.RolePolicy(\"metric_stream_to_firehose\",\n name=\"default\",\n role=metric_stream_to_firehose_role.id,\n policy=metric_stream_to_firehose.json)\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\nfirehose_to_s3 = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\",\n ],\n resources=[\n bucket.arn,\n bucket.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n)])\nfirehose_to_s3_role_policy = aws.iam.RolePolicy(\"firehose_to_s3\",\n name=\"default\",\n role=firehose_to_s3_role.id,\n policy=firehose_to_s3.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n var streamsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"streams.metrics.cloudwatch.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var metricStreamToFirehoseRole = new Aws.Iam.Role(\"metric_stream_to_firehose\", new()\n {\n Name = \"metric_stream_to_firehose_role\",\n AssumeRolePolicy = streamsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"metric-stream-test-bucket\",\n });\n\n var firehoseAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseToS3Role = new Aws.Iam.Role(\"firehose_to_s3\", new()\n {\n AssumeRolePolicy = firehoseAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var s3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"s3_stream\", new()\n {\n Name = \"metric-stream-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseToS3Role.Arn,\n BucketArn = bucket.Arn,\n },\n });\n\n var main = new Aws.CloudWatch.MetricStream(\"main\", new()\n {\n Name = \"my-metric-stream\",\n RoleArn = metricStreamToFirehoseRole.Arn,\n FirehoseArn = s3Stream.Arn,\n OutputFormat = \"json\",\n IncludeFilters = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamIncludeFilterArgs\n {\n Namespace = \"AWS/EC2\",\n MetricNames = new[]\n {\n \"CPUUtilization\",\n \"NetworkOut\",\n },\n },\n new Aws.CloudWatch.Inputs.MetricStreamIncludeFilterArgs\n {\n Namespace = \"AWS/EBS\",\n MetricNames = new() { },\n },\n },\n });\n\n // https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n var metricStreamToFirehose = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\",\n },\n Resources = new[]\n {\n s3Stream.Arn,\n },\n },\n },\n });\n\n var metricStreamToFirehoseRolePolicy = new Aws.Iam.RolePolicy(\"metric_stream_to_firehose\", new()\n {\n Name = \"default\",\n Role = metricStreamToFirehoseRole.Id,\n Policy = metricStreamToFirehose.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n var firehoseToS3 = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n bucket.Arn,\n $\"{bucket.Arn}/*\",\n },\n },\n },\n });\n\n var firehoseToS3RolePolicy = new Aws.Iam.RolePolicy(\"firehose_to_s3\", new()\n {\n Name = \"default\",\n Role = firehoseToS3Role.Id,\n Policy = firehoseToS3.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n\t\tstreamsAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"streams.metrics.cloudwatch.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmetricStreamToFirehoseRole, err := iam.NewRole(ctx, \"metric_stream_to_firehose\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"metric_stream_to_firehose_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(streamsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"metric-stream-test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseToS3Role, err := iam.NewRole(ctx, \"firehose_to_s3\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(firehoseAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3Stream, err := kinesis.NewFirehoseDeliveryStream(ctx, \"s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"metric-stream-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseToS3Role.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewMetricStream(ctx, \"main\", \u0026cloudwatch.MetricStreamArgs{\n\t\t\tName: pulumi.String(\"my-metric-stream\"),\n\t\t\tRoleArn: metricStreamToFirehoseRole.Arn,\n\t\t\tFirehoseArn: s3Stream.Arn,\n\t\t\tOutputFormat: pulumi.String(\"json\"),\n\t\t\tIncludeFilters: cloudwatch.MetricStreamIncludeFilterArray{\n\t\t\t\t\u0026cloudwatch.MetricStreamIncludeFilterArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t\tMetricNames: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"CPUUtilization\"),\n\t\t\t\t\t\tpulumi.String(\"NetworkOut\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudwatch.MetricStreamIncludeFilterArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"AWS/EBS\"),\n\t\t\t\t\tMetricNames: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n\t\tmetricStreamToFirehose := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"firehose:PutRecord\"),\n\t\t\t\t\t\tpulumi.String(\"firehose:PutRecordBatch\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ts3Stream.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"metric_stream_to_firehose\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: metricStreamToFirehoseRole.ID(),\n\t\t\tPolicy: metricStreamToFirehose.ApplyT(func(metricStreamToFirehose iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026metricStreamToFirehose.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseToS3 := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:AbortMultipartUpload\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketLocation\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucketMultipartUploads\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\tbucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose_to_s3\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: firehoseToS3Role.ID(),\n\t\t\tPolicy: firehoseToS3.ApplyT(func(firehoseToS3 iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026firehoseToS3.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.cloudwatch.MetricStream;\nimport com.pulumi.aws.cloudwatch.MetricStreamArgs;\nimport com.pulumi.aws.cloudwatch.inputs.MetricStreamIncludeFilterArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var streamsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"streams.metrics.cloudwatch.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var metricStreamToFirehoseRole = new Role(\"metricStreamToFirehoseRole\", RoleArgs.builder() \n .name(\"metric_stream_to_firehose_role\")\n .assumeRolePolicy(streamsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"metric-stream-test-bucket\")\n .build());\n\n final var firehoseAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseToS3Role = new Role(\"firehoseToS3Role\", RoleArgs.builder() \n .assumeRolePolicy(firehoseAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var s3Stream = new FirehoseDeliveryStream(\"s3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"metric-stream-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseToS3Role.arn())\n .bucketArn(bucket.arn())\n .build())\n .build());\n\n var main = new MetricStream(\"main\", MetricStreamArgs.builder() \n .name(\"my-metric-stream\")\n .roleArn(metricStreamToFirehoseRole.arn())\n .firehoseArn(s3Stream.arn())\n .outputFormat(\"json\")\n .includeFilters( \n MetricStreamIncludeFilterArgs.builder()\n .namespace(\"AWS/EC2\")\n .metricNames( \n \"CPUUtilization\",\n \"NetworkOut\")\n .build(),\n MetricStreamIncludeFilterArgs.builder()\n .namespace(\"AWS/EBS\")\n .metricNames()\n .build())\n .build());\n\n final var metricStreamToFirehose = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\")\n .resources(s3Stream.arn())\n .build())\n .build());\n\n var metricStreamToFirehoseRolePolicy = new RolePolicy(\"metricStreamToFirehoseRolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(metricStreamToFirehoseRole.id())\n .policy(metricStreamToFirehose.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(metricStreamToFirehose -\u003e metricStreamToFirehose.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder() \n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n final var firehoseToS3 = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\")\n .resources( \n bucket.arn(),\n bucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var firehoseToS3RolePolicy = new RolePolicy(\"firehoseToS3RolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(firehoseToS3Role.id())\n .policy(firehoseToS3.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(firehoseToS3 -\u003e firehoseToS3.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cloudwatch:MetricStream\n properties:\n name: my-metric-stream\n roleArn: ${metricStreamToFirehoseRole.arn}\n firehoseArn: ${s3Stream.arn}\n outputFormat: json\n includeFilters:\n - namespace: AWS/EC2\n metricNames:\n - CPUUtilization\n - NetworkOut\n - namespace: AWS/EBS\n metricNames: []\n metricStreamToFirehoseRole:\n type: aws:iam:Role\n name: metric_stream_to_firehose\n properties:\n name: metric_stream_to_firehose_role\n assumeRolePolicy: ${streamsAssumeRole.json}\n metricStreamToFirehoseRolePolicy:\n type: aws:iam:RolePolicy\n name: metric_stream_to_firehose\n properties:\n name: default\n role: ${metricStreamToFirehoseRole.id}\n policy: ${metricStreamToFirehose.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: metric-stream-test-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseToS3Role:\n type: aws:iam:Role\n name: firehose_to_s3\n properties:\n assumeRolePolicy: ${firehoseAssumeRole.json}\n firehoseToS3RolePolicy:\n type: aws:iam:RolePolicy\n name: firehose_to_s3\n properties:\n name: default\n role: ${firehoseToS3Role.id}\n policy: ${firehoseToS3.json}\n s3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: s3_stream\n properties:\n name: metric-stream-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseToS3Role.arn}\n bucketArn: ${bucket.arn}\nvariables:\n # https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n streamsAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - streams.metrics.cloudwatch.amazonaws.com\n actions:\n - sts:AssumeRole\n # https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n metricStreamToFirehose:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - firehose:PutRecord\n - firehose:PutRecordBatch\n resources:\n - ${s3Stream.arn}\n firehoseAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n firehoseToS3:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:AbortMultipartUpload\n - s3:GetBucketLocation\n - s3:GetObject\n - s3:ListBucket\n - s3:ListBucketMultipartUploads\n - s3:PutObject\n resources:\n - ${bucket.arn}\n - ${bucket.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Additional Statistics\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.cloudwatch.MetricStream(\"main\", {\n name: \"my-metric-stream\",\n roleArn: metricStreamToFirehose.arn,\n firehoseArn: s3Stream.arn,\n outputFormat: \"json\",\n statisticsConfigurations: [\n {\n additionalStatistics: [\n \"p1\",\n \"tm99\",\n ],\n includeMetrics: [{\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n }],\n },\n {\n additionalStatistics: [\"TS(50.5:)\"],\n includeMetrics: [{\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n }],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cloudwatch.MetricStream(\"main\",\n name=\"my-metric-stream\",\n role_arn=metric_stream_to_firehose[\"arn\"],\n firehose_arn=s3_stream[\"arn\"],\n output_format=\"json\",\n statistics_configurations=[\n aws.cloudwatch.MetricStreamStatisticsConfigurationArgs(\n additional_statistics=[\n \"p1\",\n \"tm99\",\n ],\n include_metrics=[aws.cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs(\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n )],\n ),\n aws.cloudwatch.MetricStreamStatisticsConfigurationArgs(\n additional_statistics=[\"TS(50.5:)\"],\n include_metrics=[aws.cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs(\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n )],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.CloudWatch.MetricStream(\"main\", new()\n {\n Name = \"my-metric-stream\",\n RoleArn = metricStreamToFirehose.Arn,\n FirehoseArn = s3Stream.Arn,\n OutputFormat = \"json\",\n StatisticsConfigurations = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationArgs\n {\n AdditionalStatistics = new[]\n {\n \"p1\",\n \"tm99\",\n },\n IncludeMetrics = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationIncludeMetricArgs\n {\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n },\n },\n },\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationArgs\n {\n AdditionalStatistics = new[]\n {\n \"TS(50.5:)\",\n },\n IncludeMetrics = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationIncludeMetricArgs\n {\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewMetricStream(ctx, \"main\", \u0026cloudwatch.MetricStreamArgs{\n\t\t\tName: pulumi.String(\"my-metric-stream\"),\n\t\t\tRoleArn: pulumi.Any(metricStreamToFirehose.Arn),\n\t\t\tFirehoseArn: pulumi.Any(s3Stream.Arn),\n\t\t\tOutputFormat: pulumi.String(\"json\"),\n\t\t\tStatisticsConfigurations: cloudwatch.MetricStreamStatisticsConfigurationArray{\n\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationArgs{\n\t\t\t\t\tAdditionalStatistics: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"p1\"),\n\t\t\t\t\t\tpulumi.String(\"tm99\"),\n\t\t\t\t\t},\n\t\t\t\t\tIncludeMetrics: cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArray{\n\t\t\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs{\n\t\t\t\t\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationArgs{\n\t\t\t\t\tAdditionalStatistics: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"TS(50.5:)\"),\n\t\t\t\t\t},\n\t\t\t\t\tIncludeMetrics: cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArray{\n\t\t\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs{\n\t\t\t\t\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.MetricStream;\nimport com.pulumi.aws.cloudwatch.MetricStreamArgs;\nimport com.pulumi.aws.cloudwatch.inputs.MetricStreamStatisticsConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new MetricStream(\"main\", MetricStreamArgs.builder() \n .name(\"my-metric-stream\")\n .roleArn(metricStreamToFirehose.arn())\n .firehoseArn(s3Stream.arn())\n .outputFormat(\"json\")\n .statisticsConfigurations( \n MetricStreamStatisticsConfigurationArgs.builder()\n .additionalStatistics( \n \"p1\",\n \"tm99\")\n .includeMetrics(MetricStreamStatisticsConfigurationIncludeMetricArgs.builder()\n .metricName(\"CPUUtilization\")\n .namespace(\"AWS/EC2\")\n .build())\n .build(),\n MetricStreamStatisticsConfigurationArgs.builder()\n .additionalStatistics(\"TS(50.5:)\")\n .includeMetrics(MetricStreamStatisticsConfigurationIncludeMetricArgs.builder()\n .metricName(\"CPUUtilization\")\n .namespace(\"AWS/EC2\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cloudwatch:MetricStream\n properties:\n name: my-metric-stream\n roleArn: ${metricStreamToFirehose.arn}\n firehoseArn: ${s3Stream.arn}\n outputFormat: json\n statisticsConfigurations:\n - additionalStatistics:\n - p1\n - tm99\n includeMetrics:\n - metricName: CPUUtilization\n namespace: AWS/EC2\n - additionalStatistics:\n - TS(50.5:)\n includeMetrics:\n - metricName: CPUUtilization\n namespace: AWS/EC2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudWatch metric streams using the `name`. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/metricStream:MetricStream sample sample-stream-name\n```\n", + "description": "Provides a CloudWatch Metric Stream resource.\n\n## Example Usage\n\n### Filters\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nconst streamsAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"streams.metrics.cloudwatch.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst metricStreamToFirehoseRole = new aws.iam.Role(\"metric_stream_to_firehose\", {\n name: \"metric_stream_to_firehose_role\",\n assumeRolePolicy: streamsAssumeRole.then(streamsAssumeRole =\u003e streamsAssumeRole.json),\n});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"metric-stream-test-bucket\"});\nconst firehoseAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseToS3Role = new aws.iam.Role(\"firehose_to_s3\", {assumeRolePolicy: firehoseAssumeRole.then(firehoseAssumeRole =\u003e firehoseAssumeRole.json)});\nconst s3Stream = new aws.kinesis.FirehoseDeliveryStream(\"s3_stream\", {\n name: \"metric-stream-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseToS3Role.arn,\n bucketArn: bucket.arn,\n },\n});\nconst main = new aws.cloudwatch.MetricStream(\"main\", {\n name: \"my-metric-stream\",\n roleArn: metricStreamToFirehoseRole.arn,\n firehoseArn: s3Stream.arn,\n outputFormat: \"json\",\n includeFilters: [\n {\n namespace: \"AWS/EC2\",\n metricNames: [\n \"CPUUtilization\",\n \"NetworkOut\",\n ],\n },\n {\n namespace: \"AWS/EBS\",\n metricNames: [],\n },\n ],\n});\n// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nconst metricStreamToFirehose = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\",\n ],\n resources: [s3Stream.arn],\n }],\n});\nconst metricStreamToFirehoseRolePolicy = new aws.iam.RolePolicy(\"metric_stream_to_firehose\", {\n name: \"default\",\n role: metricStreamToFirehoseRole.id,\n policy: metricStreamToFirehose.apply(metricStreamToFirehose =\u003e metricStreamToFirehose.json),\n});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\nconst firehoseToS3 = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\",\n ],\n resources: [\n bucket.arn,\n pulumi.interpolate`${bucket.arn}/*`,\n ],\n }],\n});\nconst firehoseToS3RolePolicy = new aws.iam.RolePolicy(\"firehose_to_s3\", {\n name: \"default\",\n role: firehoseToS3Role.id,\n policy: firehoseToS3.apply(firehoseToS3 =\u003e firehoseToS3.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nstreams_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"streams.metrics.cloudwatch.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nmetric_stream_to_firehose_role = aws.iam.Role(\"metric_stream_to_firehose\",\n name=\"metric_stream_to_firehose_role\",\n assume_role_policy=streams_assume_role.json)\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"metric-stream-test-bucket\")\nfirehose_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfirehose_to_s3_role = aws.iam.Role(\"firehose_to_s3\", assume_role_policy=firehose_assume_role.json)\ns3_stream = aws.kinesis.FirehoseDeliveryStream(\"s3_stream\",\n name=\"metric-stream-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_to_s3_role.arn,\n bucket_arn=bucket.arn,\n ))\nmain = aws.cloudwatch.MetricStream(\"main\",\n name=\"my-metric-stream\",\n role_arn=metric_stream_to_firehose_role.arn,\n firehose_arn=s3_stream.arn,\n output_format=\"json\",\n include_filters=[\n aws.cloudwatch.MetricStreamIncludeFilterArgs(\n namespace=\"AWS/EC2\",\n metric_names=[\n \"CPUUtilization\",\n \"NetworkOut\",\n ],\n ),\n aws.cloudwatch.MetricStreamIncludeFilterArgs(\n namespace=\"AWS/EBS\",\n metric_names=[],\n ),\n ])\n# https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nmetric_stream_to_firehose = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\",\n ],\n resources=[s3_stream.arn],\n)])\nmetric_stream_to_firehose_role_policy = aws.iam.RolePolicy(\"metric_stream_to_firehose\",\n name=\"default\",\n role=metric_stream_to_firehose_role.id,\n policy=metric_stream_to_firehose.json)\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\nfirehose_to_s3 = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\",\n ],\n resources=[\n bucket.arn,\n bucket.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n)])\nfirehose_to_s3_role_policy = aws.iam.RolePolicy(\"firehose_to_s3\",\n name=\"default\",\n role=firehose_to_s3_role.id,\n policy=firehose_to_s3.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n var streamsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"streams.metrics.cloudwatch.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var metricStreamToFirehoseRole = new Aws.Iam.Role(\"metric_stream_to_firehose\", new()\n {\n Name = \"metric_stream_to_firehose_role\",\n AssumeRolePolicy = streamsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"metric-stream-test-bucket\",\n });\n\n var firehoseAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseToS3Role = new Aws.Iam.Role(\"firehose_to_s3\", new()\n {\n AssumeRolePolicy = firehoseAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var s3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"s3_stream\", new()\n {\n Name = \"metric-stream-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseToS3Role.Arn,\n BucketArn = bucket.Arn,\n },\n });\n\n var main = new Aws.CloudWatch.MetricStream(\"main\", new()\n {\n Name = \"my-metric-stream\",\n RoleArn = metricStreamToFirehoseRole.Arn,\n FirehoseArn = s3Stream.Arn,\n OutputFormat = \"json\",\n IncludeFilters = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamIncludeFilterArgs\n {\n Namespace = \"AWS/EC2\",\n MetricNames = new[]\n {\n \"CPUUtilization\",\n \"NetworkOut\",\n },\n },\n new Aws.CloudWatch.Inputs.MetricStreamIncludeFilterArgs\n {\n Namespace = \"AWS/EBS\",\n MetricNames = new() { },\n },\n },\n });\n\n // https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n var metricStreamToFirehose = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\",\n },\n Resources = new[]\n {\n s3Stream.Arn,\n },\n },\n },\n });\n\n var metricStreamToFirehoseRolePolicy = new Aws.Iam.RolePolicy(\"metric_stream_to_firehose\", new()\n {\n Name = \"default\",\n Role = metricStreamToFirehoseRole.Id,\n Policy = metricStreamToFirehose.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n var firehoseToS3 = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n bucket.Arn,\n $\"{bucket.Arn}/*\",\n },\n },\n },\n });\n\n var firehoseToS3RolePolicy = new Aws.Iam.RolePolicy(\"firehose_to_s3\", new()\n {\n Name = \"default\",\n Role = firehoseToS3Role.Id,\n Policy = firehoseToS3.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n\t\tstreamsAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"streams.metrics.cloudwatch.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmetricStreamToFirehoseRole, err := iam.NewRole(ctx, \"metric_stream_to_firehose\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"metric_stream_to_firehose_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(streamsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"metric-stream-test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseToS3Role, err := iam.NewRole(ctx, \"firehose_to_s3\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(firehoseAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3Stream, err := kinesis.NewFirehoseDeliveryStream(ctx, \"s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"metric-stream-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseToS3Role.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewMetricStream(ctx, \"main\", \u0026cloudwatch.MetricStreamArgs{\n\t\t\tName: pulumi.String(\"my-metric-stream\"),\n\t\t\tRoleArn: metricStreamToFirehoseRole.Arn,\n\t\t\tFirehoseArn: s3Stream.Arn,\n\t\t\tOutputFormat: pulumi.String(\"json\"),\n\t\t\tIncludeFilters: cloudwatch.MetricStreamIncludeFilterArray{\n\t\t\t\t\u0026cloudwatch.MetricStreamIncludeFilterArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t\tMetricNames: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"CPUUtilization\"),\n\t\t\t\t\t\tpulumi.String(\"NetworkOut\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudwatch.MetricStreamIncludeFilterArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"AWS/EBS\"),\n\t\t\t\t\tMetricNames: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n\t\tmetricStreamToFirehose := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"firehose:PutRecord\"),\n\t\t\t\t\t\tpulumi.String(\"firehose:PutRecordBatch\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ts3Stream.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"metric_stream_to_firehose\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: metricStreamToFirehoseRole.ID(),\n\t\t\tPolicy: metricStreamToFirehose.ApplyT(func(metricStreamToFirehose iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026metricStreamToFirehose.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseToS3 := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:AbortMultipartUpload\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketLocation\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucketMultipartUploads\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\tbucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose_to_s3\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"default\"),\n\t\t\tRole: firehoseToS3Role.ID(),\n\t\t\tPolicy: firehoseToS3.ApplyT(func(firehoseToS3 iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026firehoseToS3.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.cloudwatch.MetricStream;\nimport com.pulumi.aws.cloudwatch.MetricStreamArgs;\nimport com.pulumi.aws.cloudwatch.inputs.MetricStreamIncludeFilterArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var streamsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"streams.metrics.cloudwatch.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var metricStreamToFirehoseRole = new Role(\"metricStreamToFirehoseRole\", RoleArgs.builder() \n .name(\"metric_stream_to_firehose_role\")\n .assumeRolePolicy(streamsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"metric-stream-test-bucket\")\n .build());\n\n final var firehoseAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseToS3Role = new Role(\"firehoseToS3Role\", RoleArgs.builder() \n .assumeRolePolicy(firehoseAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var s3Stream = new FirehoseDeliveryStream(\"s3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"metric-stream-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseToS3Role.arn())\n .bucketArn(bucket.arn())\n .build())\n .build());\n\n var main = new MetricStream(\"main\", MetricStreamArgs.builder() \n .name(\"my-metric-stream\")\n .roleArn(metricStreamToFirehoseRole.arn())\n .firehoseArn(s3Stream.arn())\n .outputFormat(\"json\")\n .includeFilters( \n MetricStreamIncludeFilterArgs.builder()\n .namespace(\"AWS/EC2\")\n .metricNames( \n \"CPUUtilization\",\n \"NetworkOut\")\n .build(),\n MetricStreamIncludeFilterArgs.builder()\n .namespace(\"AWS/EBS\")\n .metricNames()\n .build())\n .build());\n\n final var metricStreamToFirehose = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\")\n .resources(s3Stream.arn())\n .build())\n .build());\n\n var metricStreamToFirehoseRolePolicy = new RolePolicy(\"metricStreamToFirehoseRolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(metricStreamToFirehoseRole.id())\n .policy(metricStreamToFirehose.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(metricStreamToFirehose -\u003e metricStreamToFirehose.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder() \n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n final var firehoseToS3 = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\")\n .resources( \n bucket.arn(),\n bucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var firehoseToS3RolePolicy = new RolePolicy(\"firehoseToS3RolePolicy\", RolePolicyArgs.builder() \n .name(\"default\")\n .role(firehoseToS3Role.id())\n .policy(firehoseToS3.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(firehoseToS3 -\u003e firehoseToS3.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cloudwatch:MetricStream\n properties:\n name: my-metric-stream\n roleArn: ${metricStreamToFirehoseRole.arn}\n firehoseArn: ${s3Stream.arn}\n outputFormat: json\n includeFilters:\n - namespace: AWS/EC2\n metricNames:\n - CPUUtilization\n - NetworkOut\n - namespace: AWS/EBS\n metricNames: []\n metricStreamToFirehoseRole:\n type: aws:iam:Role\n name: metric_stream_to_firehose\n properties:\n name: metric_stream_to_firehose_role\n assumeRolePolicy: ${streamsAssumeRole.json}\n metricStreamToFirehoseRolePolicy:\n type: aws:iam:RolePolicy\n name: metric_stream_to_firehose\n properties:\n name: default\n role: ${metricStreamToFirehoseRole.id}\n policy: ${metricStreamToFirehose.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: metric-stream-test-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseToS3Role:\n type: aws:iam:Role\n name: firehose_to_s3\n properties:\n assumeRolePolicy: ${firehoseAssumeRole.json}\n firehoseToS3RolePolicy:\n type: aws:iam:RolePolicy\n name: firehose_to_s3\n properties:\n name: default\n role: ${firehoseToS3Role.id}\n policy: ${firehoseToS3.json}\n s3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: s3_stream\n properties:\n name: metric-stream-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseToS3Role.arn}\n bucketArn: ${bucket.arn}\nvariables:\n # https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n streamsAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - streams.metrics.cloudwatch.amazonaws.com\n actions:\n - sts:AssumeRole\n # https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n metricStreamToFirehose:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - firehose:PutRecord\n - firehose:PutRecordBatch\n resources:\n - ${s3Stream.arn}\n firehoseAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n firehoseToS3:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:AbortMultipartUpload\n - s3:GetBucketLocation\n - s3:GetObject\n - s3:ListBucket\n - s3:ListBucketMultipartUploads\n - s3:PutObject\n resources:\n - ${bucket.arn}\n - ${bucket.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Additional Statistics\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.cloudwatch.MetricStream(\"main\", {\n name: \"my-metric-stream\",\n roleArn: metricStreamToFirehose.arn,\n firehoseArn: s3Stream.arn,\n outputFormat: \"json\",\n statisticsConfigurations: [\n {\n additionalStatistics: [\n \"p1\",\n \"tm99\",\n ],\n includeMetrics: [{\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n }],\n },\n {\n additionalStatistics: [\"TS(50.5:)\"],\n includeMetrics: [{\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n }],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cloudwatch.MetricStream(\"main\",\n name=\"my-metric-stream\",\n role_arn=metric_stream_to_firehose[\"arn\"],\n firehose_arn=s3_stream[\"arn\"],\n output_format=\"json\",\n statistics_configurations=[\n aws.cloudwatch.MetricStreamStatisticsConfigurationArgs(\n additional_statistics=[\n \"p1\",\n \"tm99\",\n ],\n include_metrics=[aws.cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs(\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n )],\n ),\n aws.cloudwatch.MetricStreamStatisticsConfigurationArgs(\n additional_statistics=[\"TS(50.5:)\"],\n include_metrics=[aws.cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs(\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n )],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.CloudWatch.MetricStream(\"main\", new()\n {\n Name = \"my-metric-stream\",\n RoleArn = metricStreamToFirehose.Arn,\n FirehoseArn = s3Stream.Arn,\n OutputFormat = \"json\",\n StatisticsConfigurations = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationArgs\n {\n AdditionalStatistics = new[]\n {\n \"p1\",\n \"tm99\",\n },\n IncludeMetrics = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationIncludeMetricArgs\n {\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n },\n },\n },\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationArgs\n {\n AdditionalStatistics = new[]\n {\n \"TS(50.5:)\",\n },\n IncludeMetrics = new[]\n {\n new Aws.CloudWatch.Inputs.MetricStreamStatisticsConfigurationIncludeMetricArgs\n {\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewMetricStream(ctx, \"main\", \u0026cloudwatch.MetricStreamArgs{\n\t\t\tName: pulumi.String(\"my-metric-stream\"),\n\t\t\tRoleArn: pulumi.Any(metricStreamToFirehose.Arn),\n\t\t\tFirehoseArn: pulumi.Any(s3Stream.Arn),\n\t\t\tOutputFormat: pulumi.String(\"json\"),\n\t\t\tStatisticsConfigurations: cloudwatch.MetricStreamStatisticsConfigurationArray{\n\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationArgs{\n\t\t\t\t\tAdditionalStatistics: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"p1\"),\n\t\t\t\t\t\tpulumi.String(\"tm99\"),\n\t\t\t\t\t},\n\t\t\t\t\tIncludeMetrics: cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArray{\n\t\t\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs{\n\t\t\t\t\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationArgs{\n\t\t\t\t\tAdditionalStatistics: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"TS(50.5:)\"),\n\t\t\t\t\t},\n\t\t\t\t\tIncludeMetrics: cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArray{\n\t\t\t\t\t\t\u0026cloudwatch.MetricStreamStatisticsConfigurationIncludeMetricArgs{\n\t\t\t\t\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.MetricStream;\nimport com.pulumi.aws.cloudwatch.MetricStreamArgs;\nimport com.pulumi.aws.cloudwatch.inputs.MetricStreamStatisticsConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new MetricStream(\"main\", MetricStreamArgs.builder() \n .name(\"my-metric-stream\")\n .roleArn(metricStreamToFirehose.arn())\n .firehoseArn(s3Stream.arn())\n .outputFormat(\"json\")\n .statisticsConfigurations( \n MetricStreamStatisticsConfigurationArgs.builder()\n .additionalStatistics( \n \"p1\",\n \"tm99\")\n .includeMetrics(MetricStreamStatisticsConfigurationIncludeMetricArgs.builder()\n .metricName(\"CPUUtilization\")\n .namespace(\"AWS/EC2\")\n .build())\n .build(),\n MetricStreamStatisticsConfigurationArgs.builder()\n .additionalStatistics(\"TS(50.5:)\")\n .includeMetrics(MetricStreamStatisticsConfigurationIncludeMetricArgs.builder()\n .metricName(\"CPUUtilization\")\n .namespace(\"AWS/EC2\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cloudwatch:MetricStream\n properties:\n name: my-metric-stream\n roleArn: ${metricStreamToFirehose.arn}\n firehoseArn: ${s3Stream.arn}\n outputFormat: json\n statisticsConfigurations:\n - additionalStatistics:\n - p1\n - tm99\n includeMetrics:\n - metricName: CPUUtilization\n namespace: AWS/EC2\n - additionalStatistics:\n - TS(50.5:)\n includeMetrics:\n - metricName: CPUUtilization\n namespace: AWS/EC2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudWatch metric streams using the `name`. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/metricStream:MetricStream sample sample-stream-name\n```\n", "properties": { "arn": { "type": "string", @@ -184569,7 +184569,7 @@ } }, "aws:codebuild/project:Project": { - "description": "Provides a CodeBuild Project resource. See also the `aws.codebuild.Webhook` resource, which manages the webhook to the source (e.g., the \"rebuild every time a code change is pushed\" option in the CodeBuild web console).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codebuild.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = pulumi.all([exampleBucketV2.arn, exampleBucketV2.arn]).apply(([exampleBucketV2Arn, exampleBucketV2Arn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ec2:CreateNetworkInterfacePermission\"],\n resources: [\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"ec2:Subnet\",\n values: [\n example1.arn,\n example2.arn,\n ],\n },\n {\n test: \"StringEquals\",\n variable: \"ec2:AuthorizedService\",\n values: [\"codebuild.amazonaws.com\"],\n },\n ],\n },\n {\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n exampleBucketV2Arn,\n `${exampleBucketV2Arn1}/*`,\n ],\n },\n ],\n}));\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n role: exampleRole.name,\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleProject = new aws.codebuild.Project(\"example\", {\n name: \"test-project\",\n description: \"test_codebuild_project\",\n buildTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"S3\",\n location: exampleBucketV2.bucket,\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [\n {\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n },\n {\n name: \"SOME_KEY2\",\n value: \"SOME_VALUE2\",\n type: \"PARAMETER_STORE\",\n },\n ],\n },\n logsConfig: {\n cloudwatchLogs: {\n groupName: \"log-group\",\n streamName: \"log-stream\",\n },\n s3Logs: {\n status: \"ENABLED\",\n location: pulumi.interpolate`${exampleBucketV2.id}/build-log`,\n },\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n gitSubmodulesConfig: {\n fetchSubmodules: true,\n },\n },\n sourceVersion: \"master\",\n vpcConfig: {\n vpcId: exampleAwsVpc.id,\n subnets: [\n example1.id,\n example2.id,\n ],\n securityGroupIds: [\n example1AwsSecurityGroup.id,\n example2AwsSecurityGroup.id,\n ],\n },\n tags: {\n Environment: \"Test\",\n },\n});\nconst project_with_cache = new aws.codebuild.Project(\"project-with-cache\", {\n name: \"test-project-cache\",\n description: \"test_codebuild_project_cache\",\n buildTimeout: 5,\n queuedTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"LOCAL\",\n modes: [\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [{\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n }],\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n },\n tags: {\n Environment: \"Test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codebuild.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample = pulumi.Output.all(example_bucket_v2.arn, example_bucket_v2.arn).apply(lambda exampleBucketV2Arn, exampleBucketV2Arn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:CreateNetworkInterfacePermission\"],\n resources=[\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:Subnet\",\n values=[\n example1[\"arn\"],\n example2[\"arn\"],\n ],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:AuthorizedService\",\n values=[\"codebuild.amazonaws.com\"],\n ),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n example_bucket_v2_arn,\n f\"{example_bucket_v2_arn1}/*\",\n ],\n ),\n]))\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n role=example_role.name,\n policy=example.json)\nexample_project = aws.codebuild.Project(\"example\",\n name=\"test-project\",\n description=\"test_codebuild_project\",\n build_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"S3\",\n location=example_bucket_v2.bucket,\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n ),\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY2\",\n value=\"SOME_VALUE2\",\n type=\"PARAMETER_STORE\",\n ),\n ],\n ),\n logs_config=aws.codebuild.ProjectLogsConfigArgs(\n cloudwatch_logs=aws.codebuild.ProjectLogsConfigCloudwatchLogsArgs(\n group_name=\"log-group\",\n stream_name=\"log-stream\",\n ),\n s3_logs=aws.codebuild.ProjectLogsConfigS3LogsArgs(\n status=\"ENABLED\",\n location=example_bucket_v2.id.apply(lambda id: f\"{id}/build-log\"),\n ),\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n git_submodules_config=aws.codebuild.ProjectSourceGitSubmodulesConfigArgs(\n fetch_submodules=True,\n ),\n ),\n source_version=\"master\",\n vpc_config=aws.codebuild.ProjectVpcConfigArgs(\n vpc_id=example_aws_vpc[\"id\"],\n subnets=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n security_group_ids=[\n example1_aws_security_group[\"id\"],\n example2_aws_security_group[\"id\"],\n ],\n ),\n tags={\n \"Environment\": \"Test\",\n })\nproject_with_cache = aws.codebuild.Project(\"project-with-cache\",\n name=\"test-project-cache\",\n description=\"test_codebuild_project_cache\",\n build_timeout=5,\n queued_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"LOCAL\",\n modes=[\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n )],\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n ),\n tags={\n \"Environment\": \"Test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterfacePermission\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:Subnet\",\n Values = new[]\n {\n example1.Arn,\n example2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:AuthorizedService\",\n Values = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n $\"{exampleBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Role = exampleRole.Name,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleProject = new Aws.CodeBuild.Project(\"example\", new()\n {\n Name = \"test-project\",\n Description = \"test_codebuild_project\",\n BuildTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"S3\",\n Location = exampleBucketV2.Bucket,\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY2\",\n Value = \"SOME_VALUE2\",\n Type = \"PARAMETER_STORE\",\n },\n },\n },\n LogsConfig = new Aws.CodeBuild.Inputs.ProjectLogsConfigArgs\n {\n CloudwatchLogs = new Aws.CodeBuild.Inputs.ProjectLogsConfigCloudwatchLogsArgs\n {\n GroupName = \"log-group\",\n StreamName = \"log-stream\",\n },\n S3Logs = new Aws.CodeBuild.Inputs.ProjectLogsConfigS3LogsArgs\n {\n Status = \"ENABLED\",\n Location = exampleBucketV2.Id.Apply(id =\u003e $\"{id}/build-log\"),\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n GitSubmodulesConfig = new Aws.CodeBuild.Inputs.ProjectSourceGitSubmodulesConfigArgs\n {\n FetchSubmodules = true,\n },\n },\n SourceVersion = \"master\",\n VpcConfig = new Aws.CodeBuild.Inputs.ProjectVpcConfigArgs\n {\n VpcId = exampleAwsVpc.Id,\n Subnets = new[]\n {\n example1.Id,\n example2.Id,\n },\n SecurityGroupIds = new[]\n {\n example1AwsSecurityGroup.Id,\n example2AwsSecurityGroup.Id,\n },\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n var project_with_cache = new Aws.CodeBuild.Project(\"project-with-cache\", new()\n {\n Name = \"test-project-cache\",\n Description = \"test_codebuild_project_cache\",\n BuildTimeout = 5,\n QueuedTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"LOCAL\",\n Modes = new[]\n {\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n },\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\nBucket: pulumi.String(\"example\"),\n})\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\nBucket: exampleBucketV2.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\nName: pulumi.String(\"example\"),\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexample := pulumi.All(exampleBucketV2.Arn,exampleBucketV2.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nexampleBucketV2Arn := _args[0].(string)\nexampleBucketV2Arn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"logs:CreateLogGroup\",\n\"logs:CreateLogStream\",\n\"logs:PutLogEvents\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterface\",\n\"ec2:DescribeDhcpOptions\",\n\"ec2:DescribeNetworkInterfaces\",\n\"ec2:DeleteNetworkInterface\",\n\"ec2:DescribeSubnets\",\n\"ec2:DescribeSecurityGroups\",\n\"ec2:DescribeVpcs\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterfacePermission\",\n},\nResources: []string{\n\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"ec2:Subnet\",\nValues: interface{}{\nexample1.Arn,\nexample2.Arn,\n},\n},\n{\nTest: \"StringEquals\",\nVariable: \"ec2:AuthorizedService\",\nValues: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\nexampleBucketV2Arn,\nfmt.Sprintf(\"%v/*\", exampleBucketV2Arn1),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\nRole: exampleRole.Name,\nPolicy: example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"example\", \u0026codebuild.ProjectArgs{\nName: pulumi.String(\"test-project\"),\nDescription: pulumi.String(\"test_codebuild_project\"),\nBuildTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"S3\"),\nLocation: exampleBucketV2.Bucket,\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY2\"),\nValue: pulumi.String(\"SOME_VALUE2\"),\nType: pulumi.String(\"PARAMETER_STORE\"),\n},\n},\n},\nLogsConfig: \u0026codebuild.ProjectLogsConfigArgs{\nCloudwatchLogs: \u0026codebuild.ProjectLogsConfigCloudwatchLogsArgs{\nGroupName: pulumi.String(\"log-group\"),\nStreamName: pulumi.String(\"log-stream\"),\n},\nS3Logs: \u0026codebuild.ProjectLogsConfigS3LogsArgs{\nStatus: pulumi.String(\"ENABLED\"),\nLocation: exampleBucketV2.ID().ApplyT(func(id string) (string, error) {\nreturn fmt.Sprintf(\"%v/build-log\", id), nil\n}).(pulumi.StringOutput),\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\nGitSubmodulesConfig: \u0026codebuild.ProjectSourceGitSubmodulesConfigArgs{\nFetchSubmodules: pulumi.Bool(true),\n},\n},\nSourceVersion: pulumi.String(\"master\"),\nVpcConfig: \u0026codebuild.ProjectVpcConfigArgs{\nVpcId: pulumi.Any(exampleAwsVpc.Id),\nSubnets: pulumi.StringArray{\nexample1.Id,\nexample2.Id,\n},\nSecurityGroupIds: pulumi.StringArray{\nexample1AwsSecurityGroup.Id,\nexample2AwsSecurityGroup.Id,\n},\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"project-with-cache\", \u0026codebuild.ProjectArgs{\nName: pulumi.String(\"test-project-cache\"),\nDescription: pulumi.String(\"test_codebuild_project_cache\"),\nBuildTimeout: pulumi.Int(5),\nQueuedTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"LOCAL\"),\nModes: pulumi.StringArray{\npulumi.String(\"LOCAL_DOCKER_LAYER_CACHE\"),\npulumi.String(\"LOCAL_SOURCE_CACHE\"),\n},\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.codebuild.Project;\nimport com.pulumi.aws.codebuild.ProjectArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectArtifactsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectCacheArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectEnvironmentArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigCloudwatchLogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigS3LogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceGitSubmodulesConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codebuild.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:CreateNetworkInterfacePermission\")\n .resources(\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:Subnet\")\n .values( \n example1.arn(),\n example2.arn())\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:AuthorizedService\")\n .values(\"codebuild.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n exampleBucketV2.arn(),\n exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .role(exampleRole.name())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleProject = new Project(\"exampleProject\", ProjectArgs.builder() \n .name(\"test-project\")\n .description(\"test_codebuild_project\")\n .buildTimeout(5)\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"S3\")\n .location(exampleBucketV2.bucket())\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables( \n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build(),\n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY2\")\n .value(\"SOME_VALUE2\")\n .type(\"PARAMETER_STORE\")\n .build())\n .build())\n .logsConfig(ProjectLogsConfigArgs.builder()\n .cloudwatchLogs(ProjectLogsConfigCloudwatchLogsArgs.builder()\n .groupName(\"log-group\")\n .streamName(\"log-stream\")\n .build())\n .s3Logs(ProjectLogsConfigS3LogsArgs.builder()\n .status(\"ENABLED\")\n .location(exampleBucketV2.id().applyValue(id -\u003e String.format(\"%s/build-log\", id)))\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .gitSubmodulesConfig(ProjectSourceGitSubmodulesConfigArgs.builder()\n .fetchSubmodules(true)\n .build())\n .build())\n .sourceVersion(\"master\")\n .vpcConfig(ProjectVpcConfigArgs.builder()\n .vpcId(exampleAwsVpc.id())\n .subnets( \n example1.id(),\n example2.id())\n .securityGroupIds( \n example1AwsSecurityGroup.id(),\n example2AwsSecurityGroup.id())\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n var project_with_cache = new Project(\"project-with-cache\", ProjectArgs.builder() \n .name(\"test-project-cache\")\n .description(\"test_codebuild_project_cache\")\n .buildTimeout(5)\n .queuedTimeout(5)\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"LOCAL\")\n .modes( \n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\")\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables(ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n role: ${exampleRole.name}\n policy: ${example.json}\n exampleProject:\n type: aws:codebuild:Project\n name: example\n properties:\n name: test-project\n description: test_codebuild_project\n buildTimeout: 5\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: S3\n location: ${exampleBucketV2.bucket}\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n - name: SOME_KEY2\n value: SOME_VALUE2\n type: PARAMETER_STORE\n logsConfig:\n cloudwatchLogs:\n groupName: log-group\n streamName: log-stream\n s3Logs:\n status: ENABLED\n location: ${exampleBucketV2.id}/build-log\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n gitSubmodulesConfig:\n fetchSubmodules: true\n sourceVersion: master\n vpcConfig:\n vpcId: ${exampleAwsVpc.id}\n subnets:\n - ${example1.id}\n - ${example2.id}\n securityGroupIds:\n - ${example1AwsSecurityGroup.id}\n - ${example2AwsSecurityGroup.id}\n tags:\n Environment: Test\n project-with-cache:\n type: aws:codebuild:Project\n properties:\n name: test-project-cache\n description: test_codebuild_project_cache\n buildTimeout: 5\n queuedTimeout: 5\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: LOCAL\n modes:\n - LOCAL_DOCKER_LAYER_CACHE\n - LOCAL_SOURCE_CACHE\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n tags:\n Environment: Test\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codebuild.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterface\n - ec2:DescribeDhcpOptions\n - ec2:DescribeNetworkInterfaces\n - ec2:DeleteNetworkInterface\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeVpcs\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterfacePermission\n resources:\n - arn:aws:ec2:us-east-1:123456789012:network-interface/*\n conditions:\n - test: StringEquals\n variable: ec2:Subnet\n values:\n - ${example1.arn}\n - ${example2.arn}\n - test: StringEquals\n variable: ec2:AuthorizedService\n values:\n - codebuild.amazonaws.com\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${exampleBucketV2.arn}\n - ${exampleBucketV2.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodeBuild Project using the `name`. For example:\n\n```sh\n$ pulumi import aws:codebuild/project:Project name project-name\n```\n", + "description": "Provides a CodeBuild Project resource. See also the `aws.codebuild.Webhook` resource, which manages the webhook to the source (e.g., the \"rebuild every time a code change is pushed\" option in the CodeBuild web console).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codebuild.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = pulumi.all([exampleBucketV2.arn, exampleBucketV2.arn]).apply(([exampleBucketV2Arn, exampleBucketV2Arn1]) =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ec2:CreateNetworkInterfacePermission\"],\n resources: [\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"ec2:Subnet\",\n values: [\n example1.arn,\n example2.arn,\n ],\n },\n {\n test: \"StringEquals\",\n variable: \"ec2:AuthorizedService\",\n values: [\"codebuild.amazonaws.com\"],\n },\n ],\n },\n {\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\n exampleBucketV2Arn,\n `${exampleBucketV2Arn1}/*`,\n ],\n },\n ],\n}));\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n role: exampleRole.name,\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleProject = new aws.codebuild.Project(\"example\", {\n name: \"test-project\",\n description: \"test_codebuild_project\",\n buildTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"S3\",\n location: exampleBucketV2.bucket,\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [\n {\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n },\n {\n name: \"SOME_KEY2\",\n value: \"SOME_VALUE2\",\n type: \"PARAMETER_STORE\",\n },\n ],\n },\n logsConfig: {\n cloudwatchLogs: {\n groupName: \"log-group\",\n streamName: \"log-stream\",\n },\n s3Logs: {\n status: \"ENABLED\",\n location: pulumi.interpolate`${exampleBucketV2.id}/build-log`,\n },\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n gitSubmodulesConfig: {\n fetchSubmodules: true,\n },\n },\n sourceVersion: \"master\",\n vpcConfig: {\n vpcId: exampleAwsVpc.id,\n subnets: [\n example1.id,\n example2.id,\n ],\n securityGroupIds: [\n example1AwsSecurityGroup.id,\n example2AwsSecurityGroup.id,\n ],\n },\n tags: {\n Environment: \"Test\",\n },\n});\nconst project_with_cache = new aws.codebuild.Project(\"project-with-cache\", {\n name: \"test-project-cache\",\n description: \"test_codebuild_project_cache\",\n buildTimeout: 5,\n queuedTimeout: 5,\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"LOCAL\",\n modes: [\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [{\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n }],\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n },\n tags: {\n Environment: \"Test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codebuild.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample = pulumi.Output.all(example_bucket_v2.arn, example_bucket_v2.arn).apply(lambda exampleBucketV2Arn, exampleBucketV2Arn1: aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:CreateNetworkInterfacePermission\"],\n resources=[\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:Subnet\",\n values=[\n example1[\"arn\"],\n example2[\"arn\"],\n ],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:AuthorizedService\",\n values=[\"codebuild.amazonaws.com\"],\n ),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\n example_bucket_v2_arn,\n f\"{example_bucket_v2_arn1}/*\",\n ],\n ),\n]))\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n role=example_role.name,\n policy=example.json)\nexample_project = aws.codebuild.Project(\"example\",\n name=\"test-project\",\n description=\"test_codebuild_project\",\n build_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"S3\",\n location=example_bucket_v2.bucket,\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n ),\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY2\",\n value=\"SOME_VALUE2\",\n type=\"PARAMETER_STORE\",\n ),\n ],\n ),\n logs_config=aws.codebuild.ProjectLogsConfigArgs(\n cloudwatch_logs=aws.codebuild.ProjectLogsConfigCloudwatchLogsArgs(\n group_name=\"log-group\",\n stream_name=\"log-stream\",\n ),\n s3_logs=aws.codebuild.ProjectLogsConfigS3LogsArgs(\n status=\"ENABLED\",\n location=example_bucket_v2.id.apply(lambda id: f\"{id}/build-log\"),\n ),\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n git_submodules_config=aws.codebuild.ProjectSourceGitSubmodulesConfigArgs(\n fetch_submodules=True,\n ),\n ),\n source_version=\"master\",\n vpc_config=aws.codebuild.ProjectVpcConfigArgs(\n vpc_id=example_aws_vpc[\"id\"],\n subnets=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n security_group_ids=[\n example1_aws_security_group[\"id\"],\n example2_aws_security_group[\"id\"],\n ],\n ),\n tags={\n \"Environment\": \"Test\",\n })\nproject_with_cache = aws.codebuild.Project(\"project-with-cache\",\n name=\"test-project-cache\",\n description=\"test_codebuild_project_cache\",\n build_timeout=5,\n queued_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"LOCAL\",\n modes=[\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n )],\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n ),\n tags={\n \"Environment\": \"Test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateNetworkInterfacePermission\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:Subnet\",\n Values = new[]\n {\n example1.Arn,\n example2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:AuthorizedService\",\n Values = new[]\n {\n \"codebuild.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n $\"{exampleBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Role = exampleRole.Name,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleProject = new Aws.CodeBuild.Project(\"example\", new()\n {\n Name = \"test-project\",\n Description = \"test_codebuild_project\",\n BuildTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"S3\",\n Location = exampleBucketV2.Bucket,\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY2\",\n Value = \"SOME_VALUE2\",\n Type = \"PARAMETER_STORE\",\n },\n },\n },\n LogsConfig = new Aws.CodeBuild.Inputs.ProjectLogsConfigArgs\n {\n CloudwatchLogs = new Aws.CodeBuild.Inputs.ProjectLogsConfigCloudwatchLogsArgs\n {\n GroupName = \"log-group\",\n StreamName = \"log-stream\",\n },\n S3Logs = new Aws.CodeBuild.Inputs.ProjectLogsConfigS3LogsArgs\n {\n Status = \"ENABLED\",\n Location = exampleBucketV2.Id.Apply(id =\u003e $\"{id}/build-log\"),\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n GitSubmodulesConfig = new Aws.CodeBuild.Inputs.ProjectSourceGitSubmodulesConfigArgs\n {\n FetchSubmodules = true,\n },\n },\n SourceVersion = \"master\",\n VpcConfig = new Aws.CodeBuild.Inputs.ProjectVpcConfigArgs\n {\n VpcId = exampleAwsVpc.Id,\n Subnets = new[]\n {\n example1.Id,\n example2.Id,\n },\n SecurityGroupIds = new[]\n {\n example1AwsSecurityGroup.Id,\n example2AwsSecurityGroup.Id,\n },\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n var project_with_cache = new Aws.CodeBuild.Project(\"project-with-cache\", new()\n {\n Name = \"test-project-cache\",\n Description = \"test_codebuild_project_cache\",\n BuildTimeout = 5,\n QueuedTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"LOCAL\",\n Modes = new[]\n {\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n },\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/amazonlinux2-x86_64-standard:4.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = new[]\n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\nBucket: pulumi.String(\"example\"),\n})\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\nBucket: exampleBucketV2.ID(),\nAcl: pulumi.String(\"private\"),\n})\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\nName: pulumi.String(\"example\"),\nAssumeRolePolicy: pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nexample := pulumi.All(exampleBucketV2.Arn,exampleBucketV2.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {\nexampleBucketV2Arn := _args[0].(string)\nexampleBucketV2Arn1 := _args[1].(string)\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"logs:CreateLogGroup\",\n\"logs:CreateLogStream\",\n\"logs:PutLogEvents\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterface\",\n\"ec2:DescribeDhcpOptions\",\n\"ec2:DescribeNetworkInterfaces\",\n\"ec2:DeleteNetworkInterface\",\n\"ec2:DescribeSubnets\",\n\"ec2:DescribeSecurityGroups\",\n\"ec2:DescribeVpcs\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"ec2:CreateNetworkInterfacePermission\",\n},\nResources: []string{\n\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"ec2:Subnet\",\nValues: interface{}{\nexample1.Arn,\nexample2.Arn,\n},\n},\n{\nTest: \"StringEquals\",\nVariable: \"ec2:AuthorizedService\",\nValues: []string{\n\"codebuild.amazonaws.com\",\n},\n},\n},\n},\n{\nEffect: \"Allow\",\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\nexampleBucketV2Arn,\nfmt.Sprintf(\"%v/*\", exampleBucketV2Arn1),\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\nRole: exampleRole.Name,\nPolicy: example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"example\", \u0026codebuild.ProjectArgs{\nName: pulumi.String(\"test-project\"),\nDescription: pulumi.String(\"test_codebuild_project\"),\nBuildTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"S3\"),\nLocation: exampleBucketV2.Bucket,\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY2\"),\nValue: pulumi.String(\"SOME_VALUE2\"),\nType: pulumi.String(\"PARAMETER_STORE\"),\n},\n},\n},\nLogsConfig: \u0026codebuild.ProjectLogsConfigArgs{\nCloudwatchLogs: \u0026codebuild.ProjectLogsConfigCloudwatchLogsArgs{\nGroupName: pulumi.String(\"log-group\"),\nStreamName: pulumi.String(\"log-stream\"),\n},\nS3Logs: \u0026codebuild.ProjectLogsConfigS3LogsArgs{\nStatus: pulumi.String(\"ENABLED\"),\nLocation: exampleBucketV2.ID().ApplyT(func(id string) (string, error) {\nreturn fmt.Sprintf(\"%v/build-log\", id), nil\n}).(pulumi.StringOutput),\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\nGitSubmodulesConfig: \u0026codebuild.ProjectSourceGitSubmodulesConfigArgs{\nFetchSubmodules: pulumi.Bool(true),\n},\n},\nSourceVersion: pulumi.String(\"master\"),\nVpcConfig: \u0026codebuild.ProjectVpcConfigArgs{\nVpcId: pulumi.Any(exampleAwsVpc.Id),\nSubnets: pulumi.StringArray{\nexample1.Id,\nexample2.Id,\n},\nSecurityGroupIds: pulumi.StringArray{\nexample1AwsSecurityGroup.Id,\nexample2AwsSecurityGroup.Id,\n},\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = codebuild.NewProject(ctx, \"project-with-cache\", \u0026codebuild.ProjectArgs{\nName: pulumi.String(\"test-project-cache\"),\nDescription: pulumi.String(\"test_codebuild_project_cache\"),\nBuildTimeout: pulumi.Int(5),\nQueuedTimeout: pulumi.Int(5),\nServiceRole: exampleRole.Arn,\nArtifacts: \u0026codebuild.ProjectArtifactsArgs{\nType: pulumi.String(\"NO_ARTIFACTS\"),\n},\nCache: \u0026codebuild.ProjectCacheArgs{\nType: pulumi.String(\"LOCAL\"),\nModes: pulumi.StringArray{\npulumi.String(\"LOCAL_DOCKER_LAYER_CACHE\"),\npulumi.String(\"LOCAL_SOURCE_CACHE\"),\n},\n},\nEnvironment: \u0026codebuild.ProjectEnvironmentArgs{\nComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\nImage: pulumi.String(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\"),\nType: pulumi.String(\"LINUX_CONTAINER\"),\nImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\nEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\u0026codebuild.ProjectEnvironmentEnvironmentVariableArgs{\nName: pulumi.String(\"SOME_KEY1\"),\nValue: pulumi.String(\"SOME_VALUE1\"),\n},\n},\n},\nSource: \u0026codebuild.ProjectSourceArgs{\nType: pulumi.String(\"GITHUB\"),\nLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\nGitCloneDepth: pulumi.Int(1),\n},\nTags: pulumi.StringMap{\n\"Environment\": pulumi.String(\"Test\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.codebuild.Project;\nimport com.pulumi.aws.codebuild.ProjectArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectArtifactsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectCacheArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectEnvironmentArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigCloudwatchLogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectLogsConfigS3LogsArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectSourceGitSubmodulesConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ProjectVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codebuild.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:CreateNetworkInterfacePermission\")\n .resources(\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:Subnet\")\n .values( \n example1.arn(),\n example2.arn())\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"ec2:AuthorizedService\")\n .values(\"codebuild.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources( \n exampleBucketV2.arn(),\n exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .role(exampleRole.name())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleProject = new Project(\"exampleProject\", ProjectArgs.builder() \n .name(\"test-project\")\n .description(\"test_codebuild_project\")\n .buildTimeout(5)\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"S3\")\n .location(exampleBucketV2.bucket())\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables( \n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build(),\n ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY2\")\n .value(\"SOME_VALUE2\")\n .type(\"PARAMETER_STORE\")\n .build())\n .build())\n .logsConfig(ProjectLogsConfigArgs.builder()\n .cloudwatchLogs(ProjectLogsConfigCloudwatchLogsArgs.builder()\n .groupName(\"log-group\")\n .streamName(\"log-stream\")\n .build())\n .s3Logs(ProjectLogsConfigS3LogsArgs.builder()\n .status(\"ENABLED\")\n .location(exampleBucketV2.id().applyValue(id -\u003e String.format(\"%s/build-log\", id)))\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .gitSubmodulesConfig(ProjectSourceGitSubmodulesConfigArgs.builder()\n .fetchSubmodules(true)\n .build())\n .build())\n .sourceVersion(\"master\")\n .vpcConfig(ProjectVpcConfigArgs.builder()\n .vpcId(exampleAwsVpc.id())\n .subnets( \n example1.id(),\n example2.id())\n .securityGroupIds( \n example1AwsSecurityGroup.id(),\n example2AwsSecurityGroup.id())\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n var project_with_cache = new Project(\"project-with-cache\", ProjectArgs.builder() \n .name(\"test-project-cache\")\n .description(\"test_codebuild_project_cache\")\n .buildTimeout(5)\n .queuedTimeout(5)\n .serviceRole(exampleRole.arn())\n .artifacts(ProjectArtifactsArgs.builder()\n .type(\"NO_ARTIFACTS\")\n .build())\n .cache(ProjectCacheArgs.builder()\n .type(\"LOCAL\")\n .modes( \n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\")\n .build())\n .environment(ProjectEnvironmentArgs.builder()\n .computeType(\"BUILD_GENERAL1_SMALL\")\n .image(\"aws/codebuild/amazonlinux2-x86_64-standard:4.0\")\n .type(\"LINUX_CONTAINER\")\n .imagePullCredentialsType(\"CODEBUILD\")\n .environmentVariables(ProjectEnvironmentEnvironmentVariableArgs.builder()\n .name(\"SOME_KEY1\")\n .value(\"SOME_VALUE1\")\n .build())\n .build())\n .source(ProjectSourceArgs.builder()\n .type(\"GITHUB\")\n .location(\"https://github.com/mitchellh/packer.git\")\n .gitCloneDepth(1)\n .build())\n .tags(Map.of(\"Environment\", \"Test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n role: ${exampleRole.name}\n policy: ${example.json}\n exampleProject:\n type: aws:codebuild:Project\n name: example\n properties:\n name: test-project\n description: test_codebuild_project\n buildTimeout: 5\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: S3\n location: ${exampleBucketV2.bucket}\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n - name: SOME_KEY2\n value: SOME_VALUE2\n type: PARAMETER_STORE\n logsConfig:\n cloudwatchLogs:\n groupName: log-group\n streamName: log-stream\n s3Logs:\n status: ENABLED\n location: ${exampleBucketV2.id}/build-log\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n gitSubmodulesConfig:\n fetchSubmodules: true\n sourceVersion: master\n vpcConfig:\n vpcId: ${exampleAwsVpc.id}\n subnets:\n - ${example1.id}\n - ${example2.id}\n securityGroupIds:\n - ${example1AwsSecurityGroup.id}\n - ${example2AwsSecurityGroup.id}\n tags:\n Environment: Test\n project-with-cache:\n type: aws:codebuild:Project\n properties:\n name: test-project-cache\n description: test_codebuild_project_cache\n buildTimeout: 5\n queuedTimeout: 5\n serviceRole: ${exampleRole.arn}\n artifacts:\n type: NO_ARTIFACTS\n cache:\n type: LOCAL\n modes:\n - LOCAL_DOCKER_LAYER_CACHE\n - LOCAL_SOURCE_CACHE\n environment:\n computeType: BUILD_GENERAL1_SMALL\n image: aws/codebuild/amazonlinux2-x86_64-standard:4.0\n type: LINUX_CONTAINER\n imagePullCredentialsType: CODEBUILD\n environmentVariables:\n - name: SOME_KEY1\n value: SOME_VALUE1\n source:\n type: GITHUB\n location: https://github.com/mitchellh/packer.git\n gitCloneDepth: 1\n tags:\n Environment: Test\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codebuild.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterface\n - ec2:DescribeDhcpOptions\n - ec2:DescribeNetworkInterfaces\n - ec2:DeleteNetworkInterface\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeVpcs\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateNetworkInterfacePermission\n resources:\n - arn:aws:ec2:us-east-1:123456789012:network-interface/*\n conditions:\n - test: StringEquals\n variable: ec2:Subnet\n values:\n - ${example1.arn}\n - ${example2.arn}\n - test: StringEquals\n variable: ec2:AuthorizedService\n values:\n - codebuild.amazonaws.com\n - effect: Allow\n actions:\n - s3:*\n resources:\n - ${exampleBucketV2.arn}\n - ${exampleBucketV2.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodeBuild Project using the `name`. For example:\n\n```sh\n$ pulumi import aws:codebuild/project:Project name project-name\n```\n", "properties": { "arn": { "type": "string", @@ -184964,7 +184964,7 @@ } }, "aws:codebuild/reportGroup:ReportGroup": { - "description": "Provides a CodeBuild Report Groups Resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"Enable IAM User Permissions\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current.accountId}:root`],\n }],\n actions: [\"kms:*\"],\n resources: [\"*\"],\n }],\n}));\nconst exampleKey = new aws.kms.Key(\"example\", {\n description: \"my test kms key\",\n deletionWindowInDays: 7,\n policy: example.then(example =\u003e example.json),\n});\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"my-test\"});\nconst exampleReportGroup = new aws.codebuild.ReportGroup(\"example\", {\n name: \"my test report group\",\n type: \"TEST\",\n exportConfig: {\n type: \"S3\",\n s3Destination: {\n bucket: exampleBucketV2.id,\n encryptionDisabled: false,\n encryptionKey: exampleKey.arn,\n packaging: \"NONE\",\n path: \"/some\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Enable IAM User Permissions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n actions=[\"kms:*\"],\n resources=[\"*\"],\n)])\nexample_key = aws.kms.Key(\"example\",\n description=\"my test kms key\",\n deletion_window_in_days=7,\n policy=example.json)\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"my-test\")\nexample_report_group = aws.codebuild.ReportGroup(\"example\",\n name=\"my test report group\",\n type=\"TEST\",\n export_config=aws.codebuild.ReportGroupExportConfigArgs(\n type=\"S3\",\n s3_destination=aws.codebuild.ReportGroupExportConfigS3DestinationArgs(\n bucket=example_bucket_v2.id,\n encryption_disabled=False,\n encryption_key=example_key.arn,\n packaging=\"NONE\",\n path=\"/some\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Enable IAM User Permissions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleKey = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"my test kms key\",\n DeletionWindowInDays = 7,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-test\",\n });\n\n var exampleReportGroup = new Aws.CodeBuild.ReportGroup(\"example\", new()\n {\n Name = \"my test report group\",\n Type = \"TEST\",\n ExportConfig = new Aws.CodeBuild.Inputs.ReportGroupExportConfigArgs\n {\n Type = \"S3\",\n S3Destination = new Aws.CodeBuild.Inputs.ReportGroupExportConfigS3DestinationArgs\n {\n Bucket = exampleBucketV2.Id,\n EncryptionDisabled = false,\n EncryptionKey = exampleKey.Arn,\n Packaging = \"NONE\",\n Path = \"/some\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Enable IAM User Permissions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"my test kms key\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codebuild.NewReportGroup(ctx, \"example\", \u0026codebuild.ReportGroupArgs{\n\t\t\tName: pulumi.String(\"my test report group\"),\n\t\t\tType: pulumi.String(\"TEST\"),\n\t\t\tExportConfig: \u0026codebuild.ReportGroupExportConfigArgs{\n\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\tS3Destination: \u0026codebuild.ReportGroupExportConfigS3DestinationArgs{\n\t\t\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\t\t\tEncryptionDisabled: pulumi.Bool(false),\n\t\t\t\t\tEncryptionKey: exampleKey.Arn,\n\t\t\t\t\tPackaging: pulumi.String(\"NONE\"),\n\t\t\t\t\tPath: pulumi.String(\"/some\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.codebuild.ReportGroup;\nimport com.pulumi.aws.codebuild.ReportGroupArgs;\nimport com.pulumi.aws.codebuild.inputs.ReportGroupExportConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ReportGroupExportConfigS3DestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"Enable IAM User Permissions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .actions(\"kms:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"my test kms key\")\n .deletionWindowInDays(7)\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"my-test\")\n .build());\n\n var exampleReportGroup = new ReportGroup(\"exampleReportGroup\", ReportGroupArgs.builder() \n .name(\"my test report group\")\n .type(\"TEST\")\n .exportConfig(ReportGroupExportConfigArgs.builder()\n .type(\"S3\")\n .s3Destination(ReportGroupExportConfigS3DestinationArgs.builder()\n .bucket(exampleBucketV2.id())\n .encryptionDisabled(false)\n .encryptionKey(exampleKey.arn())\n .packaging(\"NONE\")\n .path(\"/some\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleKey:\n type: aws:kms:Key\n name: example\n properties:\n description: my test kms key\n deletionWindowInDays: 7\n policy: ${example.json}\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: my-test\n exampleReportGroup:\n type: aws:codebuild:ReportGroup\n name: example\n properties:\n name: my test report group\n type: TEST\n exportConfig:\n type: S3\n s3Destination:\n bucket: ${exampleBucketV2.id}\n encryptionDisabled: false\n encryptionKey: ${exampleKey.arn}\n packaging: NONE\n path: /some\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Enable IAM User Permissions\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n actions:\n - kms:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodeBuild Report Group using the CodeBuild Report Group arn. For example:\n\n```sh\n$ pulumi import aws:codebuild/reportGroup:ReportGroup example arn:aws:codebuild:us-west-2:123456789:report-group/report-group-name\n```\n", + "description": "Provides a CodeBuild Report Groups Resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"Enable IAM User Permissions\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current.accountId}:root`],\n }],\n actions: [\"kms:*\"],\n resources: [\"*\"],\n }],\n}));\nconst exampleKey = new aws.kms.Key(\"example\", {\n description: \"my test kms key\",\n deletionWindowInDays: 7,\n policy: example.then(example =\u003e example.json),\n});\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"my-test\"});\nconst exampleReportGroup = new aws.codebuild.ReportGroup(\"example\", {\n name: \"my test report group\",\n type: \"TEST\",\n exportConfig: {\n type: \"S3\",\n s3Destination: {\n bucket: exampleBucketV2.id,\n encryptionDisabled: false,\n encryptionKey: exampleKey.arn,\n packaging: \"NONE\",\n path: \"/some\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Enable IAM User Permissions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n actions=[\"kms:*\"],\n resources=[\"*\"],\n)])\nexample_key = aws.kms.Key(\"example\",\n description=\"my test kms key\",\n deletion_window_in_days=7,\n policy=example.json)\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"my-test\")\nexample_report_group = aws.codebuild.ReportGroup(\"example\",\n name=\"my test report group\",\n type=\"TEST\",\n export_config=aws.codebuild.ReportGroupExportConfigArgs(\n type=\"S3\",\n s3_destination=aws.codebuild.ReportGroupExportConfigS3DestinationArgs(\n bucket=example_bucket_v2.id,\n encryption_disabled=False,\n encryption_key=example_key.arn,\n packaging=\"NONE\",\n path=\"/some\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Enable IAM User Permissions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleKey = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"my test kms key\",\n DeletionWindowInDays = 7,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-test\",\n });\n\n var exampleReportGroup = new Aws.CodeBuild.ReportGroup(\"example\", new()\n {\n Name = \"my test report group\",\n Type = \"TEST\",\n ExportConfig = new Aws.CodeBuild.Inputs.ReportGroupExportConfigArgs\n {\n Type = \"S3\",\n S3Destination = new Aws.CodeBuild.Inputs.ReportGroupExportConfigS3DestinationArgs\n {\n Bucket = exampleBucketV2.Id,\n EncryptionDisabled = false,\n EncryptionKey = exampleKey.Arn,\n Packaging = \"NONE\",\n Path = \"/some\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Enable IAM User Permissions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"my test kms key\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codebuild.NewReportGroup(ctx, \"example\", \u0026codebuild.ReportGroupArgs{\n\t\t\tName: pulumi.String(\"my test report group\"),\n\t\t\tType: pulumi.String(\"TEST\"),\n\t\t\tExportConfig: \u0026codebuild.ReportGroupExportConfigArgs{\n\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\tS3Destination: \u0026codebuild.ReportGroupExportConfigS3DestinationArgs{\n\t\t\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\t\t\tEncryptionDisabled: pulumi.Bool(false),\n\t\t\t\t\tEncryptionKey: exampleKey.Arn,\n\t\t\t\t\tPackaging: pulumi.String(\"NONE\"),\n\t\t\t\t\tPath: pulumi.String(\"/some\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.codebuild.ReportGroup;\nimport com.pulumi.aws.codebuild.ReportGroupArgs;\nimport com.pulumi.aws.codebuild.inputs.ReportGroupExportConfigArgs;\nimport com.pulumi.aws.codebuild.inputs.ReportGroupExportConfigS3DestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"Enable IAM User Permissions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .actions(\"kms:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"my test kms key\")\n .deletionWindowInDays(7)\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"my-test\")\n .build());\n\n var exampleReportGroup = new ReportGroup(\"exampleReportGroup\", ReportGroupArgs.builder() \n .name(\"my test report group\")\n .type(\"TEST\")\n .exportConfig(ReportGroupExportConfigArgs.builder()\n .type(\"S3\")\n .s3Destination(ReportGroupExportConfigS3DestinationArgs.builder()\n .bucket(exampleBucketV2.id())\n .encryptionDisabled(false)\n .encryptionKey(exampleKey.arn())\n .packaging(\"NONE\")\n .path(\"/some\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleKey:\n type: aws:kms:Key\n name: example\n properties:\n description: my test kms key\n deletionWindowInDays: 7\n policy: ${example.json}\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: my-test\n exampleReportGroup:\n type: aws:codebuild:ReportGroup\n name: example\n properties:\n name: my test report group\n type: TEST\n exportConfig:\n type: S3\n s3Destination:\n bucket: ${exampleBucketV2.id}\n encryptionDisabled: false\n encryptionKey: ${exampleKey.arn}\n packaging: NONE\n path: /some\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Enable IAM User Permissions\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n actions:\n - kms:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodeBuild Report Group using the CodeBuild Report Group arn. For example:\n\n```sh\n$ pulumi import aws:codebuild/reportGroup:ReportGroup example arn:aws:codebuild:us-west-2:123456789:report-group/report-group-name\n```\n", "properties": { "arn": { "type": "string", @@ -186169,7 +186169,7 @@ } }, "aws:codedeploy/deploymentGroup:DeploymentGroup": { - "description": "Provides a CodeDeploy Deployment Group for a CodeDeploy Application\n\n\u003e **NOTE on blue/green deployments:** When using `green_fleet_provisioning_option` with the `COPY_AUTO_SCALING_GROUP` action, CodeDeploy will create a new ASG with a different name. This ASG is _not_ managed by this provider and will conflict with existing configuration and state. You may want to use a different approach to managing deployments that involve multiple ASG, such as `DISCOVER_EXISTING` with separate blue and green ASG.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codedeploy.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"example-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst aWSCodeDeployRole = new aws.iam.RolePolicyAttachment(\"AWSCodeDeployRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n role: example.name,\n});\nconst exampleApplication = new aws.codedeploy.Application(\"example\", {name: \"example-app\"});\nconst exampleTopic = new aws.sns.Topic(\"example\", {name: \"example-topic\"});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"example\", {\n appName: exampleApplication.name,\n deploymentGroupName: \"example-group\",\n serviceRoleArn: example.arn,\n ec2TagSets: [{\n ec2TagFilters: [\n {\n key: \"filterkey1\",\n type: \"KEY_AND_VALUE\",\n value: \"filtervalue\",\n },\n {\n key: \"filterkey2\",\n type: \"KEY_AND_VALUE\",\n value: \"filtervalue\",\n },\n ],\n }],\n triggerConfigurations: [{\n triggerEvents: [\"DeploymentFailure\"],\n triggerName: \"example-trigger\",\n triggerTargetArn: exampleTopic.arn,\n }],\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_FAILURE\"],\n },\n alarmConfiguration: {\n alarms: [\"my-alarm-name\"],\n enabled: true,\n },\n outdatedInstancesStrategy: \"UPDATE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codedeploy.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"example-role\",\n assume_role_policy=assume_role.json)\na_ws_code_deploy_role = aws.iam.RolePolicyAttachment(\"AWSCodeDeployRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n role=example.name)\nexample_application = aws.codedeploy.Application(\"example\", name=\"example-app\")\nexample_topic = aws.sns.Topic(\"example\", name=\"example-topic\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"example\",\n app_name=example_application.name,\n deployment_group_name=\"example-group\",\n service_role_arn=example.arn,\n ec2_tag_sets=[aws.codedeploy.DeploymentGroupEc2TagSetArgs(\n ec2_tag_filters=[\n aws.codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs(\n key=\"filterkey1\",\n type=\"KEY_AND_VALUE\",\n value=\"filtervalue\",\n ),\n aws.codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs(\n key=\"filterkey2\",\n type=\"KEY_AND_VALUE\",\n value=\"filtervalue\",\n ),\n ],\n )],\n trigger_configurations=[aws.codedeploy.DeploymentGroupTriggerConfigurationArgs(\n trigger_events=[\"DeploymentFailure\"],\n trigger_name=\"example-trigger\",\n trigger_target_arn=example_topic.arn,\n )],\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_FAILURE\"],\n ),\n alarm_configuration=aws.codedeploy.DeploymentGroupAlarmConfigurationArgs(\n alarms=[\"my-alarm-name\"],\n enabled=True,\n ),\n outdated_instances_strategy=\"UPDATE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codedeploy.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var aWSCodeDeployRole = new Aws.Iam.RolePolicyAttachment(\"AWSCodeDeployRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n Role = example.Name,\n });\n\n var exampleApplication = new Aws.CodeDeploy.Application(\"example\", new()\n {\n Name = \"example-app\",\n });\n\n var exampleTopic = new Aws.Sns.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"example\", new()\n {\n AppName = exampleApplication.Name,\n DeploymentGroupName = \"example-group\",\n ServiceRoleArn = example.Arn,\n Ec2TagSets = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetArgs\n {\n Ec2TagFilters = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetEc2TagFilterArgs\n {\n Key = \"filterkey1\",\n Type = \"KEY_AND_VALUE\",\n Value = \"filtervalue\",\n },\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetEc2TagFilterArgs\n {\n Key = \"filterkey2\",\n Type = \"KEY_AND_VALUE\",\n Value = \"filtervalue\",\n },\n },\n },\n },\n TriggerConfigurations = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupTriggerConfigurationArgs\n {\n TriggerEvents = new[]\n {\n \"DeploymentFailure\",\n },\n TriggerName = \"example-trigger\",\n TriggerTargetArn = exampleTopic.Arn,\n },\n },\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = new[]\n {\n \"DEPLOYMENT_FAILURE\",\n },\n },\n AlarmConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAlarmConfigurationArgs\n {\n Alarms = new[]\n {\n \"my-alarm-name\",\n },\n Enabled = true,\n },\n OutdatedInstancesStrategy = \"UPDATE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"codedeploy.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"AWSCodeDeployRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := codedeploy.NewApplication(ctx, \"example\", \u0026codedeploy.ApplicationArgs{\n\t\t\tName: pulumi.String(\"example-app\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := sns.NewTopic(ctx, \"example\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"example\", \u0026codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: exampleApplication.Name,\n\t\t\tDeploymentGroupName: pulumi.String(\"example-group\"),\n\t\t\tServiceRoleArn: example.Arn,\n\t\t\tEc2TagSets: codedeploy.DeploymentGroupEc2TagSetArray{\n\t\t\t\t\u0026codedeploy.DeploymentGroupEc2TagSetArgs{\n\t\t\t\t\tEc2TagFilters: codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArray{\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"filterkey1\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"KEY_AND_VALUE\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"filtervalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"filterkey2\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"KEY_AND_VALUE\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"filtervalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTriggerConfigurations: codedeploy.DeploymentGroupTriggerConfigurationArray{\n\t\t\t\t\u0026codedeploy.DeploymentGroupTriggerConfigurationArgs{\n\t\t\t\t\tTriggerEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"DeploymentFailure\"),\n\t\t\t\t\t},\n\t\t\t\t\tTriggerName: pulumi.String(\"example-trigger\"),\n\t\t\t\t\tTriggerTargetArn: exampleTopic.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutoRollbackConfiguration: \u0026codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_FAILURE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAlarmConfiguration: \u0026codedeploy.DeploymentGroupAlarmConfigurationArgs{\n\t\t\t\tAlarms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"my-alarm-name\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tOutdatedInstancesStrategy: pulumi.String(\"UPDATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.codedeploy.Application;\nimport com.pulumi.aws.codedeploy.ApplicationArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.codedeploy.DeploymentGroup;\nimport com.pulumi.aws.codedeploy.DeploymentGroupArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupEc2TagSetArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupTriggerConfigurationArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupAutoRollbackConfigurationArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupAlarmConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codedeploy.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"example-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var aWSCodeDeployRole = new RolePolicyAttachment(\"aWSCodeDeployRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\")\n .role(example.name())\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .name(\"example-app\")\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder() \n .name(\"example-topic\")\n .build());\n\n var exampleDeploymentGroup = new DeploymentGroup(\"exampleDeploymentGroup\", DeploymentGroupArgs.builder() \n .appName(exampleApplication.name())\n .deploymentGroupName(\"example-group\")\n .serviceRoleArn(example.arn())\n .ec2TagSets(DeploymentGroupEc2TagSetArgs.builder()\n .ec2TagFilters( \n DeploymentGroupEc2TagSetEc2TagFilterArgs.builder()\n .key(\"filterkey1\")\n .type(\"KEY_AND_VALUE\")\n .value(\"filtervalue\")\n .build(),\n DeploymentGroupEc2TagSetEc2TagFilterArgs.builder()\n .key(\"filterkey2\")\n .type(\"KEY_AND_VALUE\")\n .value(\"filtervalue\")\n .build())\n .build())\n .triggerConfigurations(DeploymentGroupTriggerConfigurationArgs.builder()\n .triggerEvents(\"DeploymentFailure\")\n .triggerName(\"example-trigger\")\n .triggerTargetArn(exampleTopic.arn())\n .build())\n .autoRollbackConfiguration(DeploymentGroupAutoRollbackConfigurationArgs.builder()\n .enabled(true)\n .events(\"DEPLOYMENT_FAILURE\")\n .build())\n .alarmConfiguration(DeploymentGroupAlarmConfigurationArgs.builder()\n .alarms(\"my-alarm-name\")\n .enabled(true)\n .build())\n .outdatedInstancesStrategy(\"UPDATE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: example-role\n assumeRolePolicy: ${assumeRole.json}\n aWSCodeDeployRole:\n type: aws:iam:RolePolicyAttachment\n name: AWSCodeDeployRole\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\n role: ${example.name}\n exampleApplication:\n type: aws:codedeploy:Application\n name: example\n properties:\n name: example-app\n exampleTopic:\n type: aws:sns:Topic\n name: example\n properties:\n name: example-topic\n exampleDeploymentGroup:\n type: aws:codedeploy:DeploymentGroup\n name: example\n properties:\n appName: ${exampleApplication.name}\n deploymentGroupName: example-group\n serviceRoleArn: ${example.arn}\n ec2TagSets:\n - ec2TagFilters:\n - key: filterkey1\n type: KEY_AND_VALUE\n value: filtervalue\n - key: filterkey2\n type: KEY_AND_VALUE\n value: filtervalue\n triggerConfigurations:\n - triggerEvents:\n - DeploymentFailure\n triggerName: example-trigger\n triggerTargetArn: ${exampleTopic.arn}\n autoRollbackConfiguration:\n enabled: true\n events:\n - DEPLOYMENT_FAILURE\n alarmConfiguration:\n alarms:\n - my-alarm-name\n enabled: true\n outdatedInstancesStrategy: UPDATE\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codedeploy.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Blue Green Deployments with ECS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codedeploy.Application(\"example\", {\n computePlatform: \"ECS\",\n name: \"example\",\n});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"example\", {\n appName: example.name,\n deploymentConfigName: \"CodeDeployDefault.ECSAllAtOnce\",\n deploymentGroupName: \"example\",\n serviceRoleArn: exampleAwsIamRole.arn,\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_FAILURE\"],\n },\n blueGreenDeploymentConfig: {\n deploymentReadyOption: {\n actionOnTimeout: \"CONTINUE_DEPLOYMENT\",\n },\n terminateBlueInstancesOnDeploymentSuccess: {\n action: \"TERMINATE\",\n terminationWaitTimeInMinutes: 5,\n },\n },\n deploymentStyle: {\n deploymentOption: \"WITH_TRAFFIC_CONTROL\",\n deploymentType: \"BLUE_GREEN\",\n },\n ecsService: {\n clusterName: exampleAwsEcsCluster.name,\n serviceName: exampleAwsEcsService.name,\n },\n loadBalancerInfo: {\n targetGroupPairInfo: {\n prodTrafficRoute: {\n listenerArns: [exampleAwsLbListener.arn],\n },\n targetGroups: [\n {\n name: blue.name,\n },\n {\n name: green.name,\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codedeploy.Application(\"example\",\n compute_platform=\"ECS\",\n name=\"example\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"example\",\n app_name=example.name,\n deployment_config_name=\"CodeDeployDefault.ECSAllAtOnce\",\n deployment_group_name=\"example\",\n service_role_arn=example_aws_iam_role[\"arn\"],\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_FAILURE\"],\n ),\n blue_green_deployment_config=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs(\n deployment_ready_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs(\n action_on_timeout=\"CONTINUE_DEPLOYMENT\",\n ),\n terminate_blue_instances_on_deployment_success=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs(\n action=\"TERMINATE\",\n termination_wait_time_in_minutes=5,\n ),\n ),\n deployment_style=aws.codedeploy.DeploymentGroupDeploymentStyleArgs(\n deployment_option=\"WITH_TRAFFIC_CONTROL\",\n deployment_type=\"BLUE_GREEN\",\n ),\n ecs_service=aws.codedeploy.DeploymentGroupEcsServiceArgs(\n cluster_name=example_aws_ecs_cluster[\"name\"],\n service_name=example_aws_ecs_service[\"name\"],\n ),\n load_balancer_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoArgs(\n target_group_pair_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs(\n prod_traffic_route=aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs(\n listener_arns=[example_aws_lb_listener[\"arn\"]],\n ),\n target_groups=[\n aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs(\n name=blue[\"name\"],\n ),\n aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs(\n name=green[\"name\"],\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CodeDeploy.Application(\"example\", new()\n {\n ComputePlatform = \"ECS\",\n Name = \"example\",\n });\n\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"example\", new()\n {\n AppName = example.Name,\n DeploymentConfigName = \"CodeDeployDefault.ECSAllAtOnce\",\n DeploymentGroupName = \"example\",\n ServiceRoleArn = exampleAwsIamRole.Arn,\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = new[]\n {\n \"DEPLOYMENT_FAILURE\",\n },\n },\n BlueGreenDeploymentConfig = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigArgs\n {\n DeploymentReadyOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs\n {\n ActionOnTimeout = \"CONTINUE_DEPLOYMENT\",\n },\n TerminateBlueInstancesOnDeploymentSuccess = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs\n {\n Action = \"TERMINATE\",\n TerminationWaitTimeInMinutes = 5,\n },\n },\n DeploymentStyle = new Aws.CodeDeploy.Inputs.DeploymentGroupDeploymentStyleArgs\n {\n DeploymentOption = \"WITH_TRAFFIC_CONTROL\",\n DeploymentType = \"BLUE_GREEN\",\n },\n EcsService = new Aws.CodeDeploy.Inputs.DeploymentGroupEcsServiceArgs\n {\n ClusterName = exampleAwsEcsCluster.Name,\n ServiceName = exampleAwsEcsService.Name,\n },\n LoadBalancerInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoArgs\n {\n TargetGroupPairInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs\n {\n ProdTrafficRoute = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs\n {\n ListenerArns = new[]\n {\n exampleAwsLbListener.Arn,\n },\n },\n TargetGroups = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs\n {\n Name = blue.Name,\n },\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs\n {\n Name = green.Name,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := codedeploy.NewApplication(ctx, \"example\", \u0026codedeploy.ApplicationArgs{\n\t\t\tComputePlatform: pulumi.String(\"ECS\"),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"example\", \u0026codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: example.Name,\n\t\t\tDeploymentConfigName: pulumi.String(\"CodeDeployDefault.ECSAllAtOnce\"),\n\t\t\tDeploymentGroupName: pulumi.String(\"example\"),\n\t\t\tServiceRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tAutoRollbackConfiguration: \u0026codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_FAILURE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlueGreenDeploymentConfig: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs{\n\t\t\t\tDeploymentReadyOption: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs{\n\t\t\t\t\tActionOnTimeout: pulumi.String(\"CONTINUE_DEPLOYMENT\"),\n\t\t\t\t},\n\t\t\t\tTerminateBlueInstancesOnDeploymentSuccess: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs{\n\t\t\t\t\tAction: pulumi.String(\"TERMINATE\"),\n\t\t\t\t\tTerminationWaitTimeInMinutes: pulumi.Int(5),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeploymentStyle: \u0026codedeploy.DeploymentGroupDeploymentStyleArgs{\n\t\t\t\tDeploymentOption: pulumi.String(\"WITH_TRAFFIC_CONTROL\"),\n\t\t\t\tDeploymentType: pulumi.String(\"BLUE_GREEN\"),\n\t\t\t},\n\t\t\tEcsService: \u0026codedeploy.DeploymentGroupEcsServiceArgs{\n\t\t\t\tClusterName: pulumi.Any(exampleAwsEcsCluster.Name),\n\t\t\t\tServiceName: pulumi.Any(exampleAwsEcsService.Name),\n\t\t\t},\n\t\t\tLoadBalancerInfo: \u0026codedeploy.DeploymentGroupLoadBalancerInfoArgs{\n\t\t\t\tTargetGroupPairInfo: \u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs{\n\t\t\t\t\tProdTrafficRoute: \u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs{\n\t\t\t\t\t\tListenerArns: pulumi.StringArray{\n\t\t\t\t\t\t\texampleAwsLbListener.Arn,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetGroups: codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArray{\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs{\n\t\t\t\t\t\t\tName: pulumi.Any(blue.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs{\n\t\t\t\t\t\t\tName: pulumi.Any(green.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codedeploy.Application;\nimport com.pulumi.aws.codedeploy.ApplicationArgs;\nimport com.pulumi.aws.codedeploy.DeploymentGroup;\nimport com.pulumi.aws.codedeploy.DeploymentGroupArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupAutoRollbackConfigurationArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupDeploymentStyleArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupEcsServiceArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Application(\"example\", ApplicationArgs.builder() \n .computePlatform(\"ECS\")\n .name(\"example\")\n .build());\n\n var exampleDeploymentGroup = new DeploymentGroup(\"exampleDeploymentGroup\", DeploymentGroupArgs.builder() \n .appName(example.name())\n .deploymentConfigName(\"CodeDeployDefault.ECSAllAtOnce\")\n .deploymentGroupName(\"example\")\n .serviceRoleArn(exampleAwsIamRole.arn())\n .autoRollbackConfiguration(DeploymentGroupAutoRollbackConfigurationArgs.builder()\n .enabled(true)\n .events(\"DEPLOYMENT_FAILURE\")\n .build())\n .blueGreenDeploymentConfig(DeploymentGroupBlueGreenDeploymentConfigArgs.builder()\n .deploymentReadyOption(DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs.builder()\n .actionOnTimeout(\"CONTINUE_DEPLOYMENT\")\n .build())\n .terminateBlueInstancesOnDeploymentSuccess(DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs.builder()\n .action(\"TERMINATE\")\n .terminationWaitTimeInMinutes(5)\n .build())\n .build())\n .deploymentStyle(DeploymentGroupDeploymentStyleArgs.builder()\n .deploymentOption(\"WITH_TRAFFIC_CONTROL\")\n .deploymentType(\"BLUE_GREEN\")\n .build())\n .ecsService(DeploymentGroupEcsServiceArgs.builder()\n .clusterName(exampleAwsEcsCluster.name())\n .serviceName(exampleAwsEcsService.name())\n .build())\n .loadBalancerInfo(DeploymentGroupLoadBalancerInfoArgs.builder()\n .targetGroupPairInfo(DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs.builder()\n .prodTrafficRoute(DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs.builder()\n .listenerArns(exampleAwsLbListener.arn())\n .build())\n .targetGroups( \n DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs.builder()\n .name(blue.name())\n .build(),\n DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs.builder()\n .name(green.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:codedeploy:Application\n properties:\n computePlatform: ECS\n name: example\n exampleDeploymentGroup:\n type: aws:codedeploy:DeploymentGroup\n name: example\n properties:\n appName: ${example.name}\n deploymentConfigName: CodeDeployDefault.ECSAllAtOnce\n deploymentGroupName: example\n serviceRoleArn: ${exampleAwsIamRole.arn}\n autoRollbackConfiguration:\n enabled: true\n events:\n - DEPLOYMENT_FAILURE\n blueGreenDeploymentConfig:\n deploymentReadyOption:\n actionOnTimeout: CONTINUE_DEPLOYMENT\n terminateBlueInstancesOnDeploymentSuccess:\n action: TERMINATE\n terminationWaitTimeInMinutes: 5\n deploymentStyle:\n deploymentOption: WITH_TRAFFIC_CONTROL\n deploymentType: BLUE_GREEN\n ecsService:\n clusterName: ${exampleAwsEcsCluster.name}\n serviceName: ${exampleAwsEcsService.name}\n loadBalancerInfo:\n targetGroupPairInfo:\n prodTrafficRoute:\n listenerArns:\n - ${exampleAwsLbListener.arn}\n targetGroups:\n - name: ${blue.name}\n - name: ${green.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Blue Green Deployments with Servers and Classic ELB\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codedeploy.Application(\"example\", {name: \"example-app\"});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"example\", {\n appName: example.name,\n deploymentGroupName: \"example-group\",\n serviceRoleArn: exampleAwsIamRole.arn,\n deploymentStyle: {\n deploymentOption: \"WITH_TRAFFIC_CONTROL\",\n deploymentType: \"BLUE_GREEN\",\n },\n loadBalancerInfo: {\n elbInfos: [{\n name: exampleAwsElb.name,\n }],\n },\n blueGreenDeploymentConfig: {\n deploymentReadyOption: {\n actionOnTimeout: \"STOP_DEPLOYMENT\",\n waitTimeInMinutes: 60,\n },\n greenFleetProvisioningOption: {\n action: \"DISCOVER_EXISTING\",\n },\n terminateBlueInstancesOnDeploymentSuccess: {\n action: \"KEEP_ALIVE\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codedeploy.Application(\"example\", name=\"example-app\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"example\",\n app_name=example.name,\n deployment_group_name=\"example-group\",\n service_role_arn=example_aws_iam_role[\"arn\"],\n deployment_style=aws.codedeploy.DeploymentGroupDeploymentStyleArgs(\n deployment_option=\"WITH_TRAFFIC_CONTROL\",\n deployment_type=\"BLUE_GREEN\",\n ),\n load_balancer_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoArgs(\n elb_infos=[aws.codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArgs(\n name=example_aws_elb[\"name\"],\n )],\n ),\n blue_green_deployment_config=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs(\n deployment_ready_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs(\n action_on_timeout=\"STOP_DEPLOYMENT\",\n wait_time_in_minutes=60,\n ),\n green_fleet_provisioning_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs(\n action=\"DISCOVER_EXISTING\",\n ),\n terminate_blue_instances_on_deployment_success=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs(\n action=\"KEEP_ALIVE\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CodeDeploy.Application(\"example\", new()\n {\n Name = \"example-app\",\n });\n\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"example\", new()\n {\n AppName = example.Name,\n DeploymentGroupName = \"example-group\",\n ServiceRoleArn = exampleAwsIamRole.Arn,\n DeploymentStyle = new Aws.CodeDeploy.Inputs.DeploymentGroupDeploymentStyleArgs\n {\n DeploymentOption = \"WITH_TRAFFIC_CONTROL\",\n DeploymentType = \"BLUE_GREEN\",\n },\n LoadBalancerInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoArgs\n {\n ElbInfos = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoElbInfoArgs\n {\n Name = exampleAwsElb.Name,\n },\n },\n },\n BlueGreenDeploymentConfig = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigArgs\n {\n DeploymentReadyOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs\n {\n ActionOnTimeout = \"STOP_DEPLOYMENT\",\n WaitTimeInMinutes = 60,\n },\n GreenFleetProvisioningOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs\n {\n Action = \"DISCOVER_EXISTING\",\n },\n TerminateBlueInstancesOnDeploymentSuccess = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs\n {\n Action = \"KEEP_ALIVE\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := codedeploy.NewApplication(ctx, \"example\", \u0026codedeploy.ApplicationArgs{\n\t\t\tName: pulumi.String(\"example-app\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"example\", \u0026codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: example.Name,\n\t\t\tDeploymentGroupName: pulumi.String(\"example-group\"),\n\t\t\tServiceRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tDeploymentStyle: \u0026codedeploy.DeploymentGroupDeploymentStyleArgs{\n\t\t\t\tDeploymentOption: pulumi.String(\"WITH_TRAFFIC_CONTROL\"),\n\t\t\t\tDeploymentType: pulumi.String(\"BLUE_GREEN\"),\n\t\t\t},\n\t\t\tLoadBalancerInfo: \u0026codedeploy.DeploymentGroupLoadBalancerInfoArgs{\n\t\t\t\tElbInfos: codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArray{\n\t\t\t\t\t\u0026codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArgs{\n\t\t\t\t\t\tName: pulumi.Any(exampleAwsElb.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlueGreenDeploymentConfig: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs{\n\t\t\t\tDeploymentReadyOption: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs{\n\t\t\t\t\tActionOnTimeout: pulumi.String(\"STOP_DEPLOYMENT\"),\n\t\t\t\t\tWaitTimeInMinutes: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tGreenFleetProvisioningOption: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs{\n\t\t\t\t\tAction: pulumi.String(\"DISCOVER_EXISTING\"),\n\t\t\t\t},\n\t\t\t\tTerminateBlueInstancesOnDeploymentSuccess: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs{\n\t\t\t\t\tAction: pulumi.String(\"KEEP_ALIVE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codedeploy.Application;\nimport com.pulumi.aws.codedeploy.ApplicationArgs;\nimport com.pulumi.aws.codedeploy.DeploymentGroup;\nimport com.pulumi.aws.codedeploy.DeploymentGroupArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupDeploymentStyleArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Application(\"example\", ApplicationArgs.builder() \n .name(\"example-app\")\n .build());\n\n var exampleDeploymentGroup = new DeploymentGroup(\"exampleDeploymentGroup\", DeploymentGroupArgs.builder() \n .appName(example.name())\n .deploymentGroupName(\"example-group\")\n .serviceRoleArn(exampleAwsIamRole.arn())\n .deploymentStyle(DeploymentGroupDeploymentStyleArgs.builder()\n .deploymentOption(\"WITH_TRAFFIC_CONTROL\")\n .deploymentType(\"BLUE_GREEN\")\n .build())\n .loadBalancerInfo(DeploymentGroupLoadBalancerInfoArgs.builder()\n .elbInfos(DeploymentGroupLoadBalancerInfoElbInfoArgs.builder()\n .name(exampleAwsElb.name())\n .build())\n .build())\n .blueGreenDeploymentConfig(DeploymentGroupBlueGreenDeploymentConfigArgs.builder()\n .deploymentReadyOption(DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs.builder()\n .actionOnTimeout(\"STOP_DEPLOYMENT\")\n .waitTimeInMinutes(60)\n .build())\n .greenFleetProvisioningOption(DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs.builder()\n .action(\"DISCOVER_EXISTING\")\n .build())\n .terminateBlueInstancesOnDeploymentSuccess(DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs.builder()\n .action(\"KEEP_ALIVE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:codedeploy:Application\n properties:\n name: example-app\n exampleDeploymentGroup:\n type: aws:codedeploy:DeploymentGroup\n name: example\n properties:\n appName: ${example.name}\n deploymentGroupName: example-group\n serviceRoleArn: ${exampleAwsIamRole.arn}\n deploymentStyle:\n deploymentOption: WITH_TRAFFIC_CONTROL\n deploymentType: BLUE_GREEN\n loadBalancerInfo:\n elbInfos:\n - name: ${exampleAwsElb.name}\n blueGreenDeploymentConfig:\n deploymentReadyOption:\n actionOnTimeout: STOP_DEPLOYMENT\n waitTimeInMinutes: 60\n greenFleetProvisioningOption:\n action: DISCOVER_EXISTING\n terminateBlueInstancesOnDeploymentSuccess:\n action: KEEP_ALIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodeDeploy Deployment Groups using `app_name`, a colon, and `deployment_group_name`. For example:\n\n```sh\n$ pulumi import aws:codedeploy/deploymentGroup:DeploymentGroup example my-application:my-deployment-group\n```\n", + "description": "Provides a CodeDeploy Deployment Group for a CodeDeploy Application\n\n\u003e **NOTE on blue/green deployments:** When using `green_fleet_provisioning_option` with the `COPY_AUTO_SCALING_GROUP` action, CodeDeploy will create a new ASG with a different name. This ASG is _not_ managed by this provider and will conflict with existing configuration and state. You may want to use a different approach to managing deployments that involve multiple ASG, such as `DISCOVER_EXISTING` with separate blue and green ASG.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codedeploy.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"example-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst aWSCodeDeployRole = new aws.iam.RolePolicyAttachment(\"AWSCodeDeployRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n role: example.name,\n});\nconst exampleApplication = new aws.codedeploy.Application(\"example\", {name: \"example-app\"});\nconst exampleTopic = new aws.sns.Topic(\"example\", {name: \"example-topic\"});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"example\", {\n appName: exampleApplication.name,\n deploymentGroupName: \"example-group\",\n serviceRoleArn: example.arn,\n ec2TagSets: [{\n ec2TagFilters: [\n {\n key: \"filterkey1\",\n type: \"KEY_AND_VALUE\",\n value: \"filtervalue\",\n },\n {\n key: \"filterkey2\",\n type: \"KEY_AND_VALUE\",\n value: \"filtervalue\",\n },\n ],\n }],\n triggerConfigurations: [{\n triggerEvents: [\"DeploymentFailure\"],\n triggerName: \"example-trigger\",\n triggerTargetArn: exampleTopic.arn,\n }],\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_FAILURE\"],\n },\n alarmConfiguration: {\n alarms: [\"my-alarm-name\"],\n enabled: true,\n },\n outdatedInstancesStrategy: \"UPDATE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codedeploy.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"example-role\",\n assume_role_policy=assume_role.json)\na_ws_code_deploy_role = aws.iam.RolePolicyAttachment(\"AWSCodeDeployRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n role=example.name)\nexample_application = aws.codedeploy.Application(\"example\", name=\"example-app\")\nexample_topic = aws.sns.Topic(\"example\", name=\"example-topic\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"example\",\n app_name=example_application.name,\n deployment_group_name=\"example-group\",\n service_role_arn=example.arn,\n ec2_tag_sets=[aws.codedeploy.DeploymentGroupEc2TagSetArgs(\n ec2_tag_filters=[\n aws.codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs(\n key=\"filterkey1\",\n type=\"KEY_AND_VALUE\",\n value=\"filtervalue\",\n ),\n aws.codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs(\n key=\"filterkey2\",\n type=\"KEY_AND_VALUE\",\n value=\"filtervalue\",\n ),\n ],\n )],\n trigger_configurations=[aws.codedeploy.DeploymentGroupTriggerConfigurationArgs(\n trigger_events=[\"DeploymentFailure\"],\n trigger_name=\"example-trigger\",\n trigger_target_arn=example_topic.arn,\n )],\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_FAILURE\"],\n ),\n alarm_configuration=aws.codedeploy.DeploymentGroupAlarmConfigurationArgs(\n alarms=[\"my-alarm-name\"],\n enabled=True,\n ),\n outdated_instances_strategy=\"UPDATE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codedeploy.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var aWSCodeDeployRole = new Aws.Iam.RolePolicyAttachment(\"AWSCodeDeployRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n Role = example.Name,\n });\n\n var exampleApplication = new Aws.CodeDeploy.Application(\"example\", new()\n {\n Name = \"example-app\",\n });\n\n var exampleTopic = new Aws.Sns.Topic(\"example\", new()\n {\n Name = \"example-topic\",\n });\n\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"example\", new()\n {\n AppName = exampleApplication.Name,\n DeploymentGroupName = \"example-group\",\n ServiceRoleArn = example.Arn,\n Ec2TagSets = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetArgs\n {\n Ec2TagFilters = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetEc2TagFilterArgs\n {\n Key = \"filterkey1\",\n Type = \"KEY_AND_VALUE\",\n Value = \"filtervalue\",\n },\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetEc2TagFilterArgs\n {\n Key = \"filterkey2\",\n Type = \"KEY_AND_VALUE\",\n Value = \"filtervalue\",\n },\n },\n },\n },\n TriggerConfigurations = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupTriggerConfigurationArgs\n {\n TriggerEvents = new[]\n {\n \"DeploymentFailure\",\n },\n TriggerName = \"example-trigger\",\n TriggerTargetArn = exampleTopic.Arn,\n },\n },\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = new[]\n {\n \"DEPLOYMENT_FAILURE\",\n },\n },\n AlarmConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAlarmConfigurationArgs\n {\n Alarms = new[]\n {\n \"my-alarm-name\",\n },\n Enabled = true,\n },\n OutdatedInstancesStrategy = \"UPDATE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"codedeploy.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"AWSCodeDeployRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := codedeploy.NewApplication(ctx, \"example\", \u0026codedeploy.ApplicationArgs{\n\t\t\tName: pulumi.String(\"example-app\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := sns.NewTopic(ctx, \"example\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"example-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"example\", \u0026codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: exampleApplication.Name,\n\t\t\tDeploymentGroupName: pulumi.String(\"example-group\"),\n\t\t\tServiceRoleArn: example.Arn,\n\t\t\tEc2TagSets: codedeploy.DeploymentGroupEc2TagSetArray{\n\t\t\t\t\u0026codedeploy.DeploymentGroupEc2TagSetArgs{\n\t\t\t\t\tEc2TagFilters: codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArray{\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"filterkey1\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"KEY_AND_VALUE\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"filtervalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"filterkey2\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"KEY_AND_VALUE\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"filtervalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTriggerConfigurations: codedeploy.DeploymentGroupTriggerConfigurationArray{\n\t\t\t\t\u0026codedeploy.DeploymentGroupTriggerConfigurationArgs{\n\t\t\t\t\tTriggerEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"DeploymentFailure\"),\n\t\t\t\t\t},\n\t\t\t\t\tTriggerName: pulumi.String(\"example-trigger\"),\n\t\t\t\t\tTriggerTargetArn: exampleTopic.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutoRollbackConfiguration: \u0026codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_FAILURE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAlarmConfiguration: \u0026codedeploy.DeploymentGroupAlarmConfigurationArgs{\n\t\t\t\tAlarms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"my-alarm-name\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tOutdatedInstancesStrategy: pulumi.String(\"UPDATE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.codedeploy.Application;\nimport com.pulumi.aws.codedeploy.ApplicationArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.codedeploy.DeploymentGroup;\nimport com.pulumi.aws.codedeploy.DeploymentGroupArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupEc2TagSetArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupTriggerConfigurationArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupAutoRollbackConfigurationArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupAlarmConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codedeploy.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"example-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var aWSCodeDeployRole = new RolePolicyAttachment(\"aWSCodeDeployRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\")\n .role(example.name())\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .name(\"example-app\")\n .build());\n\n var exampleTopic = new Topic(\"exampleTopic\", TopicArgs.builder() \n .name(\"example-topic\")\n .build());\n\n var exampleDeploymentGroup = new DeploymentGroup(\"exampleDeploymentGroup\", DeploymentGroupArgs.builder() \n .appName(exampleApplication.name())\n .deploymentGroupName(\"example-group\")\n .serviceRoleArn(example.arn())\n .ec2TagSets(DeploymentGroupEc2TagSetArgs.builder()\n .ec2TagFilters( \n DeploymentGroupEc2TagSetEc2TagFilterArgs.builder()\n .key(\"filterkey1\")\n .type(\"KEY_AND_VALUE\")\n .value(\"filtervalue\")\n .build(),\n DeploymentGroupEc2TagSetEc2TagFilterArgs.builder()\n .key(\"filterkey2\")\n .type(\"KEY_AND_VALUE\")\n .value(\"filtervalue\")\n .build())\n .build())\n .triggerConfigurations(DeploymentGroupTriggerConfigurationArgs.builder()\n .triggerEvents(\"DeploymentFailure\")\n .triggerName(\"example-trigger\")\n .triggerTargetArn(exampleTopic.arn())\n .build())\n .autoRollbackConfiguration(DeploymentGroupAutoRollbackConfigurationArgs.builder()\n .enabled(true)\n .events(\"DEPLOYMENT_FAILURE\")\n .build())\n .alarmConfiguration(DeploymentGroupAlarmConfigurationArgs.builder()\n .alarms(\"my-alarm-name\")\n .enabled(true)\n .build())\n .outdatedInstancesStrategy(\"UPDATE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: example-role\n assumeRolePolicy: ${assumeRole.json}\n aWSCodeDeployRole:\n type: aws:iam:RolePolicyAttachment\n name: AWSCodeDeployRole\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\n role: ${example.name}\n exampleApplication:\n type: aws:codedeploy:Application\n name: example\n properties:\n name: example-app\n exampleTopic:\n type: aws:sns:Topic\n name: example\n properties:\n name: example-topic\n exampleDeploymentGroup:\n type: aws:codedeploy:DeploymentGroup\n name: example\n properties:\n appName: ${exampleApplication.name}\n deploymentGroupName: example-group\n serviceRoleArn: ${example.arn}\n ec2TagSets:\n - ec2TagFilters:\n - key: filterkey1\n type: KEY_AND_VALUE\n value: filtervalue\n - key: filterkey2\n type: KEY_AND_VALUE\n value: filtervalue\n triggerConfigurations:\n - triggerEvents:\n - DeploymentFailure\n triggerName: example-trigger\n triggerTargetArn: ${exampleTopic.arn}\n autoRollbackConfiguration:\n enabled: true\n events:\n - DEPLOYMENT_FAILURE\n alarmConfiguration:\n alarms:\n - my-alarm-name\n enabled: true\n outdatedInstancesStrategy: UPDATE\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codedeploy.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Blue Green Deployments with ECS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codedeploy.Application(\"example\", {\n computePlatform: \"ECS\",\n name: \"example\",\n});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"example\", {\n appName: example.name,\n deploymentConfigName: \"CodeDeployDefault.ECSAllAtOnce\",\n deploymentGroupName: \"example\",\n serviceRoleArn: exampleAwsIamRole.arn,\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_FAILURE\"],\n },\n blueGreenDeploymentConfig: {\n deploymentReadyOption: {\n actionOnTimeout: \"CONTINUE_DEPLOYMENT\",\n },\n terminateBlueInstancesOnDeploymentSuccess: {\n action: \"TERMINATE\",\n terminationWaitTimeInMinutes: 5,\n },\n },\n deploymentStyle: {\n deploymentOption: \"WITH_TRAFFIC_CONTROL\",\n deploymentType: \"BLUE_GREEN\",\n },\n ecsService: {\n clusterName: exampleAwsEcsCluster.name,\n serviceName: exampleAwsEcsService.name,\n },\n loadBalancerInfo: {\n targetGroupPairInfo: {\n prodTrafficRoute: {\n listenerArns: [exampleAwsLbListener.arn],\n },\n targetGroups: [\n {\n name: blue.name,\n },\n {\n name: green.name,\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codedeploy.Application(\"example\",\n compute_platform=\"ECS\",\n name=\"example\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"example\",\n app_name=example.name,\n deployment_config_name=\"CodeDeployDefault.ECSAllAtOnce\",\n deployment_group_name=\"example\",\n service_role_arn=example_aws_iam_role[\"arn\"],\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_FAILURE\"],\n ),\n blue_green_deployment_config=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs(\n deployment_ready_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs(\n action_on_timeout=\"CONTINUE_DEPLOYMENT\",\n ),\n terminate_blue_instances_on_deployment_success=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs(\n action=\"TERMINATE\",\n termination_wait_time_in_minutes=5,\n ),\n ),\n deployment_style=aws.codedeploy.DeploymentGroupDeploymentStyleArgs(\n deployment_option=\"WITH_TRAFFIC_CONTROL\",\n deployment_type=\"BLUE_GREEN\",\n ),\n ecs_service=aws.codedeploy.DeploymentGroupEcsServiceArgs(\n cluster_name=example_aws_ecs_cluster[\"name\"],\n service_name=example_aws_ecs_service[\"name\"],\n ),\n load_balancer_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoArgs(\n target_group_pair_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs(\n prod_traffic_route=aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs(\n listener_arns=[example_aws_lb_listener[\"arn\"]],\n ),\n target_groups=[\n aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs(\n name=blue[\"name\"],\n ),\n aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs(\n name=green[\"name\"],\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CodeDeploy.Application(\"example\", new()\n {\n ComputePlatform = \"ECS\",\n Name = \"example\",\n });\n\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"example\", new()\n {\n AppName = example.Name,\n DeploymentConfigName = \"CodeDeployDefault.ECSAllAtOnce\",\n DeploymentGroupName = \"example\",\n ServiceRoleArn = exampleAwsIamRole.Arn,\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = new[]\n {\n \"DEPLOYMENT_FAILURE\",\n },\n },\n BlueGreenDeploymentConfig = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigArgs\n {\n DeploymentReadyOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs\n {\n ActionOnTimeout = \"CONTINUE_DEPLOYMENT\",\n },\n TerminateBlueInstancesOnDeploymentSuccess = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs\n {\n Action = \"TERMINATE\",\n TerminationWaitTimeInMinutes = 5,\n },\n },\n DeploymentStyle = new Aws.CodeDeploy.Inputs.DeploymentGroupDeploymentStyleArgs\n {\n DeploymentOption = \"WITH_TRAFFIC_CONTROL\",\n DeploymentType = \"BLUE_GREEN\",\n },\n EcsService = new Aws.CodeDeploy.Inputs.DeploymentGroupEcsServiceArgs\n {\n ClusterName = exampleAwsEcsCluster.Name,\n ServiceName = exampleAwsEcsService.Name,\n },\n LoadBalancerInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoArgs\n {\n TargetGroupPairInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs\n {\n ProdTrafficRoute = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs\n {\n ListenerArns = new[]\n {\n exampleAwsLbListener.Arn,\n },\n },\n TargetGroups = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs\n {\n Name = blue.Name,\n },\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs\n {\n Name = green.Name,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := codedeploy.NewApplication(ctx, \"example\", \u0026codedeploy.ApplicationArgs{\n\t\t\tComputePlatform: pulumi.String(\"ECS\"),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"example\", \u0026codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: example.Name,\n\t\t\tDeploymentConfigName: pulumi.String(\"CodeDeployDefault.ECSAllAtOnce\"),\n\t\t\tDeploymentGroupName: pulumi.String(\"example\"),\n\t\t\tServiceRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tAutoRollbackConfiguration: \u0026codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_FAILURE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlueGreenDeploymentConfig: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs{\n\t\t\t\tDeploymentReadyOption: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs{\n\t\t\t\t\tActionOnTimeout: pulumi.String(\"CONTINUE_DEPLOYMENT\"),\n\t\t\t\t},\n\t\t\t\tTerminateBlueInstancesOnDeploymentSuccess: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs{\n\t\t\t\t\tAction: pulumi.String(\"TERMINATE\"),\n\t\t\t\t\tTerminationWaitTimeInMinutes: pulumi.Int(5),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeploymentStyle: \u0026codedeploy.DeploymentGroupDeploymentStyleArgs{\n\t\t\t\tDeploymentOption: pulumi.String(\"WITH_TRAFFIC_CONTROL\"),\n\t\t\t\tDeploymentType: pulumi.String(\"BLUE_GREEN\"),\n\t\t\t},\n\t\t\tEcsService: \u0026codedeploy.DeploymentGroupEcsServiceArgs{\n\t\t\t\tClusterName: pulumi.Any(exampleAwsEcsCluster.Name),\n\t\t\t\tServiceName: pulumi.Any(exampleAwsEcsService.Name),\n\t\t\t},\n\t\t\tLoadBalancerInfo: \u0026codedeploy.DeploymentGroupLoadBalancerInfoArgs{\n\t\t\t\tTargetGroupPairInfo: \u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs{\n\t\t\t\t\tProdTrafficRoute: \u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs{\n\t\t\t\t\t\tListenerArns: pulumi.StringArray{\n\t\t\t\t\t\t\texampleAwsLbListener.Arn,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetGroups: codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArray{\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs{\n\t\t\t\t\t\t\tName: pulumi.Any(blue.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs{\n\t\t\t\t\t\t\tName: pulumi.Any(green.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codedeploy.Application;\nimport com.pulumi.aws.codedeploy.ApplicationArgs;\nimport com.pulumi.aws.codedeploy.DeploymentGroup;\nimport com.pulumi.aws.codedeploy.DeploymentGroupArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupAutoRollbackConfigurationArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupDeploymentStyleArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupEcsServiceArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Application(\"example\", ApplicationArgs.builder() \n .computePlatform(\"ECS\")\n .name(\"example\")\n .build());\n\n var exampleDeploymentGroup = new DeploymentGroup(\"exampleDeploymentGroup\", DeploymentGroupArgs.builder() \n .appName(example.name())\n .deploymentConfigName(\"CodeDeployDefault.ECSAllAtOnce\")\n .deploymentGroupName(\"example\")\n .serviceRoleArn(exampleAwsIamRole.arn())\n .autoRollbackConfiguration(DeploymentGroupAutoRollbackConfigurationArgs.builder()\n .enabled(true)\n .events(\"DEPLOYMENT_FAILURE\")\n .build())\n .blueGreenDeploymentConfig(DeploymentGroupBlueGreenDeploymentConfigArgs.builder()\n .deploymentReadyOption(DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs.builder()\n .actionOnTimeout(\"CONTINUE_DEPLOYMENT\")\n .build())\n .terminateBlueInstancesOnDeploymentSuccess(DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs.builder()\n .action(\"TERMINATE\")\n .terminationWaitTimeInMinutes(5)\n .build())\n .build())\n .deploymentStyle(DeploymentGroupDeploymentStyleArgs.builder()\n .deploymentOption(\"WITH_TRAFFIC_CONTROL\")\n .deploymentType(\"BLUE_GREEN\")\n .build())\n .ecsService(DeploymentGroupEcsServiceArgs.builder()\n .clusterName(exampleAwsEcsCluster.name())\n .serviceName(exampleAwsEcsService.name())\n .build())\n .loadBalancerInfo(DeploymentGroupLoadBalancerInfoArgs.builder()\n .targetGroupPairInfo(DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs.builder()\n .prodTrafficRoute(DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs.builder()\n .listenerArns(exampleAwsLbListener.arn())\n .build())\n .targetGroups( \n DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs.builder()\n .name(blue.name())\n .build(),\n DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs.builder()\n .name(green.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:codedeploy:Application\n properties:\n computePlatform: ECS\n name: example\n exampleDeploymentGroup:\n type: aws:codedeploy:DeploymentGroup\n name: example\n properties:\n appName: ${example.name}\n deploymentConfigName: CodeDeployDefault.ECSAllAtOnce\n deploymentGroupName: example\n serviceRoleArn: ${exampleAwsIamRole.arn}\n autoRollbackConfiguration:\n enabled: true\n events:\n - DEPLOYMENT_FAILURE\n blueGreenDeploymentConfig:\n deploymentReadyOption:\n actionOnTimeout: CONTINUE_DEPLOYMENT\n terminateBlueInstancesOnDeploymentSuccess:\n action: TERMINATE\n terminationWaitTimeInMinutes: 5\n deploymentStyle:\n deploymentOption: WITH_TRAFFIC_CONTROL\n deploymentType: BLUE_GREEN\n ecsService:\n clusterName: ${exampleAwsEcsCluster.name}\n serviceName: ${exampleAwsEcsService.name}\n loadBalancerInfo:\n targetGroupPairInfo:\n prodTrafficRoute:\n listenerArns:\n - ${exampleAwsLbListener.arn}\n targetGroups:\n - name: ${blue.name}\n - name: ${green.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Blue Green Deployments with Servers and Classic ELB\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codedeploy.Application(\"example\", {name: \"example-app\"});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"example\", {\n appName: example.name,\n deploymentGroupName: \"example-group\",\n serviceRoleArn: exampleAwsIamRole.arn,\n deploymentStyle: {\n deploymentOption: \"WITH_TRAFFIC_CONTROL\",\n deploymentType: \"BLUE_GREEN\",\n },\n loadBalancerInfo: {\n elbInfos: [{\n name: exampleAwsElb.name,\n }],\n },\n blueGreenDeploymentConfig: {\n deploymentReadyOption: {\n actionOnTimeout: \"STOP_DEPLOYMENT\",\n waitTimeInMinutes: 60,\n },\n greenFleetProvisioningOption: {\n action: \"DISCOVER_EXISTING\",\n },\n terminateBlueInstancesOnDeploymentSuccess: {\n action: \"KEEP_ALIVE\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codedeploy.Application(\"example\", name=\"example-app\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"example\",\n app_name=example.name,\n deployment_group_name=\"example-group\",\n service_role_arn=example_aws_iam_role[\"arn\"],\n deployment_style=aws.codedeploy.DeploymentGroupDeploymentStyleArgs(\n deployment_option=\"WITH_TRAFFIC_CONTROL\",\n deployment_type=\"BLUE_GREEN\",\n ),\n load_balancer_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoArgs(\n elb_infos=[aws.codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArgs(\n name=example_aws_elb[\"name\"],\n )],\n ),\n blue_green_deployment_config=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs(\n deployment_ready_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs(\n action_on_timeout=\"STOP_DEPLOYMENT\",\n wait_time_in_minutes=60,\n ),\n green_fleet_provisioning_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs(\n action=\"DISCOVER_EXISTING\",\n ),\n terminate_blue_instances_on_deployment_success=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs(\n action=\"KEEP_ALIVE\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CodeDeploy.Application(\"example\", new()\n {\n Name = \"example-app\",\n });\n\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"example\", new()\n {\n AppName = example.Name,\n DeploymentGroupName = \"example-group\",\n ServiceRoleArn = exampleAwsIamRole.Arn,\n DeploymentStyle = new Aws.CodeDeploy.Inputs.DeploymentGroupDeploymentStyleArgs\n {\n DeploymentOption = \"WITH_TRAFFIC_CONTROL\",\n DeploymentType = \"BLUE_GREEN\",\n },\n LoadBalancerInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoArgs\n {\n ElbInfos = new[]\n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoElbInfoArgs\n {\n Name = exampleAwsElb.Name,\n },\n },\n },\n BlueGreenDeploymentConfig = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigArgs\n {\n DeploymentReadyOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs\n {\n ActionOnTimeout = \"STOP_DEPLOYMENT\",\n WaitTimeInMinutes = 60,\n },\n GreenFleetProvisioningOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs\n {\n Action = \"DISCOVER_EXISTING\",\n },\n TerminateBlueInstancesOnDeploymentSuccess = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs\n {\n Action = \"KEEP_ALIVE\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := codedeploy.NewApplication(ctx, \"example\", \u0026codedeploy.ApplicationArgs{\n\t\t\tName: pulumi.String(\"example-app\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"example\", \u0026codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: example.Name,\n\t\t\tDeploymentGroupName: pulumi.String(\"example-group\"),\n\t\t\tServiceRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tDeploymentStyle: \u0026codedeploy.DeploymentGroupDeploymentStyleArgs{\n\t\t\t\tDeploymentOption: pulumi.String(\"WITH_TRAFFIC_CONTROL\"),\n\t\t\t\tDeploymentType: pulumi.String(\"BLUE_GREEN\"),\n\t\t\t},\n\t\t\tLoadBalancerInfo: \u0026codedeploy.DeploymentGroupLoadBalancerInfoArgs{\n\t\t\t\tElbInfos: codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArray{\n\t\t\t\t\t\u0026codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArgs{\n\t\t\t\t\t\tName: pulumi.Any(exampleAwsElb.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlueGreenDeploymentConfig: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs{\n\t\t\t\tDeploymentReadyOption: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs{\n\t\t\t\t\tActionOnTimeout: pulumi.String(\"STOP_DEPLOYMENT\"),\n\t\t\t\t\tWaitTimeInMinutes: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tGreenFleetProvisioningOption: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs{\n\t\t\t\t\tAction: pulumi.String(\"DISCOVER_EXISTING\"),\n\t\t\t\t},\n\t\t\t\tTerminateBlueInstancesOnDeploymentSuccess: \u0026codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs{\n\t\t\t\t\tAction: pulumi.String(\"KEEP_ALIVE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codedeploy.Application;\nimport com.pulumi.aws.codedeploy.ApplicationArgs;\nimport com.pulumi.aws.codedeploy.DeploymentGroup;\nimport com.pulumi.aws.codedeploy.DeploymentGroupArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupDeploymentStyleArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupLoadBalancerInfoArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs;\nimport com.pulumi.aws.codedeploy.inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Application(\"example\", ApplicationArgs.builder() \n .name(\"example-app\")\n .build());\n\n var exampleDeploymentGroup = new DeploymentGroup(\"exampleDeploymentGroup\", DeploymentGroupArgs.builder() \n .appName(example.name())\n .deploymentGroupName(\"example-group\")\n .serviceRoleArn(exampleAwsIamRole.arn())\n .deploymentStyle(DeploymentGroupDeploymentStyleArgs.builder()\n .deploymentOption(\"WITH_TRAFFIC_CONTROL\")\n .deploymentType(\"BLUE_GREEN\")\n .build())\n .loadBalancerInfo(DeploymentGroupLoadBalancerInfoArgs.builder()\n .elbInfos(DeploymentGroupLoadBalancerInfoElbInfoArgs.builder()\n .name(exampleAwsElb.name())\n .build())\n .build())\n .blueGreenDeploymentConfig(DeploymentGroupBlueGreenDeploymentConfigArgs.builder()\n .deploymentReadyOption(DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs.builder()\n .actionOnTimeout(\"STOP_DEPLOYMENT\")\n .waitTimeInMinutes(60)\n .build())\n .greenFleetProvisioningOption(DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs.builder()\n .action(\"DISCOVER_EXISTING\")\n .build())\n .terminateBlueInstancesOnDeploymentSuccess(DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs.builder()\n .action(\"KEEP_ALIVE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:codedeploy:Application\n properties:\n name: example-app\n exampleDeploymentGroup:\n type: aws:codedeploy:DeploymentGroup\n name: example\n properties:\n appName: ${example.name}\n deploymentGroupName: example-group\n serviceRoleArn: ${exampleAwsIamRole.arn}\n deploymentStyle:\n deploymentOption: WITH_TRAFFIC_CONTROL\n deploymentType: BLUE_GREEN\n loadBalancerInfo:\n elbInfos:\n - name: ${exampleAwsElb.name}\n blueGreenDeploymentConfig:\n deploymentReadyOption:\n actionOnTimeout: STOP_DEPLOYMENT\n waitTimeInMinutes: 60\n greenFleetProvisioningOption:\n action: DISCOVER_EXISTING\n terminateBlueInstancesOnDeploymentSuccess:\n action: KEEP_ALIVE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodeDeploy Deployment Groups using `app_name`, a colon, and `deployment_group_name`. For example:\n\n```sh\n$ pulumi import aws:codedeploy/deploymentGroup:DeploymentGroup example my-application:my-deployment-group\n```\n", "properties": { "alarmConfiguration": { "$ref": "#/types/aws:codedeploy/DeploymentGroupAlarmConfiguration:DeploymentGroupAlarmConfiguration", @@ -186950,7 +186950,7 @@ } }, "aws:codepipeline/pipeline:Pipeline": { - "description": "Provides a CodePipeline.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codestarconnections.Connection(\"example\", {\n name: \"example-connection\",\n providerType: \"GitHub\",\n});\nconst codepipelineBucket = new aws.s3.BucketV2(\"codepipeline_bucket\", {bucket: \"test-bucket\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codepipeline.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst codepipelineRole = new aws.iam.Role(\"codepipeline_role\", {\n name: \"test-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst s3kmskey = aws.kms.getAlias({\n name: \"alias/myKmsKey\",\n});\nconst codepipeline = new aws.codepipeline.Pipeline(\"codepipeline\", {\n name: \"tf-test-pipeline\",\n roleArn: codepipelineRole.arn,\n artifactStores: [{\n location: codepipelineBucket.bucket,\n type: \"S3\",\n encryptionKey: {\n id: s3kmskey.then(s3kmskey =\u003e s3kmskey.arn),\n type: \"KMS\",\n },\n }],\n stages: [\n {\n name: \"Source\",\n actions: [{\n name: \"Source\",\n category: \"Source\",\n owner: \"AWS\",\n provider: \"CodeStarSourceConnection\",\n version: \"1\",\n outputArtifacts: [\"source_output\"],\n configuration: {\n ConnectionArn: example.arn,\n FullRepositoryId: \"my-organization/example\",\n BranchName: \"main\",\n },\n }],\n },\n {\n name: \"Build\",\n actions: [{\n name: \"Build\",\n category: \"Build\",\n owner: \"AWS\",\n provider: \"CodeBuild\",\n inputArtifacts: [\"source_output\"],\n outputArtifacts: [\"build_output\"],\n version: \"1\",\n configuration: {\n ProjectName: \"test\",\n },\n }],\n },\n {\n name: \"Deploy\",\n actions: [{\n name: \"Deploy\",\n category: \"Deploy\",\n owner: \"AWS\",\n provider: \"CloudFormation\",\n inputArtifacts: [\"build_output\"],\n version: \"1\",\n configuration: {\n ActionMode: \"REPLACE_ON_FAILURE\",\n Capabilities: \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\",\n OutputFileName: \"CreateStackOutput.json\",\n StackName: \"MyStack\",\n TemplatePath: \"build_output::sam-templated.yaml\",\n },\n }],\n },\n ],\n});\nconst codepipelineBucketPab = new aws.s3.BucketPublicAccessBlock(\"codepipeline_bucket_pab\", {\n bucket: codepipelineBucket.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n ignorePublicAcls: true,\n restrictPublicBuckets: true,\n});\nconst codepipelinePolicy = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n ],\n resources: [\n codepipelineBucket.arn,\n pulumi.interpolate`${codepipelineBucket.arn}/*`,\n ],\n },\n {\n effect: \"Allow\",\n actions: [\"codestar-connections:UseConnection\"],\n resources: [example.arn],\n },\n {\n effect: \"Allow\",\n actions: [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\",\n ],\n resources: [\"*\"],\n },\n ],\n});\nconst codepipelinePolicyRolePolicy = new aws.iam.RolePolicy(\"codepipeline_policy\", {\n name: \"codepipeline_policy\",\n role: codepipelineRole.id,\n policy: codepipelinePolicy.apply(codepipelinePolicy =\u003e codepipelinePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codestarconnections.Connection(\"example\",\n name=\"example-connection\",\n provider_type=\"GitHub\")\ncodepipeline_bucket = aws.s3.BucketV2(\"codepipeline_bucket\", bucket=\"test-bucket\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codepipeline.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ncodepipeline_role = aws.iam.Role(\"codepipeline_role\",\n name=\"test-role\",\n assume_role_policy=assume_role.json)\ns3kmskey = aws.kms.get_alias(name=\"alias/myKmsKey\")\ncodepipeline = aws.codepipeline.Pipeline(\"codepipeline\",\n name=\"tf-test-pipeline\",\n role_arn=codepipeline_role.arn,\n artifact_stores=[aws.codepipeline.PipelineArtifactStoreArgs(\n location=codepipeline_bucket.bucket,\n type=\"S3\",\n encryption_key=aws.codepipeline.PipelineArtifactStoreEncryptionKeyArgs(\n id=s3kmskey.arn,\n type=\"KMS\",\n ),\n )],\n stages=[\n aws.codepipeline.PipelineStageArgs(\n name=\"Source\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Source\",\n category=\"Source\",\n owner=\"AWS\",\n provider=\"CodeStarSourceConnection\",\n version=\"1\",\n output_artifacts=[\"source_output\"],\n configuration={\n \"ConnectionArn\": example.arn,\n \"FullRepositoryId\": \"my-organization/example\",\n \"BranchName\": \"main\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Build\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Build\",\n category=\"Build\",\n owner=\"AWS\",\n provider=\"CodeBuild\",\n input_artifacts=[\"source_output\"],\n output_artifacts=[\"build_output\"],\n version=\"1\",\n configuration={\n \"ProjectName\": \"test\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Deploy\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Deploy\",\n category=\"Deploy\",\n owner=\"AWS\",\n provider=\"CloudFormation\",\n input_artifacts=[\"build_output\"],\n version=\"1\",\n configuration={\n \"ActionMode\": \"REPLACE_ON_FAILURE\",\n \"Capabilities\": \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\",\n \"OutputFileName\": \"CreateStackOutput.json\",\n \"StackName\": \"MyStack\",\n \"TemplatePath\": \"build_output::sam-templated.yaml\",\n },\n )],\n ),\n ])\ncodepipeline_bucket_pab = aws.s3.BucketPublicAccessBlock(\"codepipeline_bucket_pab\",\n bucket=codepipeline_bucket.id,\n block_public_acls=True,\n block_public_policy=True,\n ignore_public_acls=True,\n restrict_public_buckets=True)\ncodepipeline_policy = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n ],\n resources=[\n codepipeline_bucket.arn,\n codepipeline_bucket.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"codestar-connections:UseConnection\"],\n resources=[example.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\",\n ],\n resources=[\"*\"],\n ),\n])\ncodepipeline_policy_role_policy = aws.iam.RolePolicy(\"codepipeline_policy\",\n name=\"codepipeline_policy\",\n role=codepipeline_role.id,\n policy=codepipeline_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CodeStarConnections.Connection(\"example\", new()\n {\n Name = \"example-connection\",\n ProviderType = \"GitHub\",\n });\n\n var codepipelineBucket = new Aws.S3.BucketV2(\"codepipeline_bucket\", new()\n {\n Bucket = \"test-bucket\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codepipeline.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var codepipelineRole = new Aws.Iam.Role(\"codepipeline_role\", new()\n {\n Name = \"test-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var s3kmskey = Aws.Kms.GetAlias.Invoke(new()\n {\n Name = \"alias/myKmsKey\",\n });\n\n var codepipeline = new Aws.CodePipeline.Pipeline(\"codepipeline\", new()\n {\n Name = \"tf-test-pipeline\",\n RoleArn = codepipelineRole.Arn,\n ArtifactStores = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineArtifactStoreArgs\n {\n Location = codepipelineBucket.Bucket,\n Type = \"S3\",\n EncryptionKey = new Aws.CodePipeline.Inputs.PipelineArtifactStoreEncryptionKeyArgs\n {\n Id = s3kmskey.Apply(getAliasResult =\u003e getAliasResult.Arn),\n Type = \"KMS\",\n },\n },\n },\n Stages = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Source\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Source\",\n Category = \"Source\",\n Owner = \"AWS\",\n Provider = \"CodeStarSourceConnection\",\n Version = \"1\",\n OutputArtifacts = new[]\n {\n \"source_output\",\n },\n Configuration = \n {\n { \"ConnectionArn\", example.Arn },\n { \"FullRepositoryId\", \"my-organization/example\" },\n { \"BranchName\", \"main\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Build\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Build\",\n Category = \"Build\",\n Owner = \"AWS\",\n Provider = \"CodeBuild\",\n InputArtifacts = new[]\n {\n \"source_output\",\n },\n OutputArtifacts = new[]\n {\n \"build_output\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ProjectName\", \"test\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Deploy\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Deploy\",\n Category = \"Deploy\",\n Owner = \"AWS\",\n Provider = \"CloudFormation\",\n InputArtifacts = new[]\n {\n \"build_output\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ActionMode\", \"REPLACE_ON_FAILURE\" },\n { \"Capabilities\", \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\" },\n { \"OutputFileName\", \"CreateStackOutput.json\" },\n { \"StackName\", \"MyStack\" },\n { \"TemplatePath\", \"build_output::sam-templated.yaml\" },\n },\n },\n },\n },\n },\n });\n\n var codepipelineBucketPab = new Aws.S3.BucketPublicAccessBlock(\"codepipeline_bucket_pab\", new()\n {\n Bucket = codepipelineBucket.Id,\n BlockPublicAcls = true,\n BlockPublicPolicy = true,\n IgnorePublicAcls = true,\n RestrictPublicBuckets = true,\n });\n\n var codepipelinePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n codepipelineBucket.Arn,\n $\"{codepipelineBucket.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"codestar-connections:UseConnection\",\n },\n Resources = new[]\n {\n example.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var codepipelinePolicyRolePolicy = new Aws.Iam.RolePolicy(\"codepipeline_policy\", new()\n {\n Name = \"codepipeline_policy\",\n Role = codepipelineRole.Id,\n Policy = codepipelinePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codepipeline\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codestarconnections\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := codestarconnections.NewConnection(ctx, \"example\", \u0026codestarconnections.ConnectionArgs{\n\t\t\tName: pulumi.String(\"example-connection\"),\n\t\t\tProviderType: pulumi.String(\"GitHub\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelineBucket, err := s3.NewBucketV2(ctx, \"codepipeline_bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"codepipeline.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelineRole, err := iam.NewRole(ctx, \"codepipeline_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3kmskey, err := kms.LookupAlias(ctx, \u0026kms.LookupAliasArgs{\n\t\t\tName: \"alias/myKmsKey\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codepipeline.NewPipeline(ctx, \"codepipeline\", \u0026codepipeline.PipelineArgs{\n\t\t\tName: pulumi.String(\"tf-test-pipeline\"),\n\t\t\tRoleArn: codepipelineRole.Arn,\n\t\t\tArtifactStores: codepipeline.PipelineArtifactStoreArray{\n\t\t\t\t\u0026codepipeline.PipelineArtifactStoreArgs{\n\t\t\t\t\tLocation: codepipelineBucket.Bucket,\n\t\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\t\tEncryptionKey: \u0026codepipeline.PipelineArtifactStoreEncryptionKeyArgs{\n\t\t\t\t\t\tId: *pulumi.String(s3kmskey.Arn),\n\t\t\t\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tStages: codepipeline.PipelineStageArray{\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeStarSourceConnection\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"source_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ConnectionArn\": example.Arn,\n\t\t\t\t\t\t\t\t\"FullRepositoryId\": pulumi.String(\"my-organization/example\"),\n\t\t\t\t\t\t\t\t\"BranchName\": pulumi.String(\"main\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeBuild\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"source_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"build_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ProjectName\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Deploy\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Deploy\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Deploy\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CloudFormation\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"build_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ActionMode\": pulumi.String(\"REPLACE_ON_FAILURE\"),\n\t\t\t\t\t\t\t\t\"Capabilities\": pulumi.String(\"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\"),\n\t\t\t\t\t\t\t\t\"OutputFileName\": pulumi.String(\"CreateStackOutput.json\"),\n\t\t\t\t\t\t\t\t\"StackName\": pulumi.String(\"MyStack\"),\n\t\t\t\t\t\t\t\t\"TemplatePath\": pulumi.String(\"build_output::sam-templated.yaml\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPublicAccessBlock(ctx, \"codepipeline_bucket_pab\", \u0026s3.BucketPublicAccessBlockArgs{\n\t\t\tBucket: codepipelineBucket.ID(),\n\t\t\tBlockPublicAcls: pulumi.Bool(true),\n\t\t\tBlockPublicPolicy: pulumi.Bool(true),\n\t\t\tIgnorePublicAcls: pulumi.Bool(true),\n\t\t\tRestrictPublicBuckets: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelinePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersion\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketVersioning\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObjectAcl\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tcodepipelineBucket.Arn,\n\t\t\t\t\t\tcodepipelineBucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"codestar-connections:UseConnection\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"codebuild:BatchGetBuilds\"),\n\t\t\t\t\t\tpulumi.String(\"codebuild:StartBuild\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"codepipeline_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"codepipeline_policy\"),\n\t\t\tRole: codepipelineRole.ID(),\n\t\t\tPolicy: codepipelinePolicy.ApplyT(func(codepipelinePolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026codepipelinePolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codestarconnections.Connection;\nimport com.pulumi.aws.codestarconnections.ConnectionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetAliasArgs;\nimport com.pulumi.aws.codepipeline.Pipeline;\nimport com.pulumi.aws.codepipeline.PipelineArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreEncryptionKeyArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineStageArgs;\nimport com.pulumi.aws.s3.BucketPublicAccessBlock;\nimport com.pulumi.aws.s3.BucketPublicAccessBlockArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Connection(\"example\", ConnectionArgs.builder() \n .name(\"example-connection\")\n .providerType(\"GitHub\")\n .build());\n\n var codepipelineBucket = new BucketV2(\"codepipelineBucket\", BucketV2Args.builder() \n .bucket(\"test-bucket\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codepipeline.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var codepipelineRole = new Role(\"codepipelineRole\", RoleArgs.builder() \n .name(\"test-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var s3kmskey = KmsFunctions.getAlias(GetAliasArgs.builder()\n .name(\"alias/myKmsKey\")\n .build());\n\n var codepipeline = new Pipeline(\"codepipeline\", PipelineArgs.builder() \n .name(\"tf-test-pipeline\")\n .roleArn(codepipelineRole.arn())\n .artifactStores(PipelineArtifactStoreArgs.builder()\n .location(codepipelineBucket.bucket())\n .type(\"S3\")\n .encryptionKey(PipelineArtifactStoreEncryptionKeyArgs.builder()\n .id(s3kmskey.applyValue(getAliasResult -\u003e getAliasResult.arn()))\n .type(\"KMS\")\n .build())\n .build())\n .stages( \n PipelineStageArgs.builder()\n .name(\"Source\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Source\")\n .category(\"Source\")\n .owner(\"AWS\")\n .provider(\"CodeStarSourceConnection\")\n .version(\"1\")\n .outputArtifacts(\"source_output\")\n .configuration(Map.ofEntries(\n Map.entry(\"ConnectionArn\", example.arn()),\n Map.entry(\"FullRepositoryId\", \"my-organization/example\"),\n Map.entry(\"BranchName\", \"main\")\n ))\n .build())\n .build(),\n PipelineStageArgs.builder()\n .name(\"Build\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Build\")\n .category(\"Build\")\n .owner(\"AWS\")\n .provider(\"CodeBuild\")\n .inputArtifacts(\"source_output\")\n .outputArtifacts(\"build_output\")\n .version(\"1\")\n .configuration(Map.of(\"ProjectName\", \"test\"))\n .build())\n .build(),\n PipelineStageArgs.builder()\n .name(\"Deploy\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Deploy\")\n .category(\"Deploy\")\n .owner(\"AWS\")\n .provider(\"CloudFormation\")\n .inputArtifacts(\"build_output\")\n .version(\"1\")\n .configuration(Map.ofEntries(\n Map.entry(\"ActionMode\", \"REPLACE_ON_FAILURE\"),\n Map.entry(\"Capabilities\", \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\"),\n Map.entry(\"OutputFileName\", \"CreateStackOutput.json\"),\n Map.entry(\"StackName\", \"MyStack\"),\n Map.entry(\"TemplatePath\", \"build_output::sam-templated.yaml\")\n ))\n .build())\n .build())\n .build());\n\n var codepipelineBucketPab = new BucketPublicAccessBlock(\"codepipelineBucketPab\", BucketPublicAccessBlockArgs.builder() \n .bucket(codepipelineBucket.id())\n .blockPublicAcls(true)\n .blockPublicPolicy(true)\n .ignorePublicAcls(true)\n .restrictPublicBuckets(true)\n .build());\n\n final var codepipelinePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\")\n .resources( \n codepipelineBucket.arn(),\n codepipelineBucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"codestar-connections:UseConnection\")\n .resources(example.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\")\n .resources(\"*\")\n .build())\n .build());\n\n var codepipelinePolicyRolePolicy = new RolePolicy(\"codepipelinePolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"codepipeline_policy\")\n .role(codepipelineRole.id())\n .policy(codepipelinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(codepipelinePolicy -\u003e codepipelinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n codepipeline:\n type: aws:codepipeline:Pipeline\n properties:\n name: tf-test-pipeline\n roleArn: ${codepipelineRole.arn}\n artifactStores:\n - location: ${codepipelineBucket.bucket}\n type: S3\n encryptionKey:\n id: ${s3kmskey.arn}\n type: KMS\n stages:\n - name: Source\n actions:\n - name: Source\n category: Source\n owner: AWS\n provider: CodeStarSourceConnection\n version: '1'\n outputArtifacts:\n - source_output\n configuration:\n ConnectionArn: ${example.arn}\n FullRepositoryId: my-organization/example\n BranchName: main\n - name: Build\n actions:\n - name: Build\n category: Build\n owner: AWS\n provider: CodeBuild\n inputArtifacts:\n - source_output\n outputArtifacts:\n - build_output\n version: '1'\n configuration:\n ProjectName: test\n - name: Deploy\n actions:\n - name: Deploy\n category: Deploy\n owner: AWS\n provider: CloudFormation\n inputArtifacts:\n - build_output\n version: '1'\n configuration:\n ActionMode: REPLACE_ON_FAILURE\n Capabilities: CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\n OutputFileName: CreateStackOutput.json\n StackName: MyStack\n TemplatePath: build_output::sam-templated.yaml\n example:\n type: aws:codestarconnections:Connection\n properties:\n name: example-connection\n providerType: GitHub\n codepipelineBucket:\n type: aws:s3:BucketV2\n name: codepipeline_bucket\n properties:\n bucket: test-bucket\n codepipelineBucketPab:\n type: aws:s3:BucketPublicAccessBlock\n name: codepipeline_bucket_pab\n properties:\n bucket: ${codepipelineBucket.id}\n blockPublicAcls: true\n blockPublicPolicy: true\n ignorePublicAcls: true\n restrictPublicBuckets: true\n codepipelineRole:\n type: aws:iam:Role\n name: codepipeline_role\n properties:\n name: test-role\n assumeRolePolicy: ${assumeRole.json}\n codepipelinePolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: codepipeline_policy\n properties:\n name: codepipeline_policy\n role: ${codepipelineRole.id}\n policy: ${codepipelinePolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codepipeline.amazonaws.com\n actions:\n - sts:AssumeRole\n codepipelinePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:GetObject\n - s3:GetObjectVersion\n - s3:GetBucketVersioning\n - s3:PutObjectAcl\n - s3:PutObject\n resources:\n - ${codepipelineBucket.arn}\n - ${codepipelineBucket.arn}/*\n - effect: Allow\n actions:\n - codestar-connections:UseConnection\n resources:\n - ${example.arn}\n - effect: Allow\n actions:\n - codebuild:BatchGetBuilds\n - codebuild:StartBuild\n resources:\n - '*'\n s3kmskey:\n fn::invoke:\n Function: aws:kms:getAlias\n Arguments:\n name: alias/myKmsKey\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodePipelines using the name. For example:\n\n```sh\n$ pulumi import aws:codepipeline/pipeline:Pipeline foo example\n```\n", + "description": "Provides a CodePipeline.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codestarconnections.Connection(\"example\", {\n name: \"example-connection\",\n providerType: \"GitHub\",\n});\nconst codepipelineBucket = new aws.s3.BucketV2(\"codepipeline_bucket\", {bucket: \"test-bucket\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"codepipeline.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst codepipelineRole = new aws.iam.Role(\"codepipeline_role\", {\n name: \"test-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst s3kmskey = aws.kms.getAlias({\n name: \"alias/myKmsKey\",\n});\nconst codepipeline = new aws.codepipeline.Pipeline(\"codepipeline\", {\n name: \"tf-test-pipeline\",\n roleArn: codepipelineRole.arn,\n artifactStores: [{\n location: codepipelineBucket.bucket,\n type: \"S3\",\n encryptionKey: {\n id: s3kmskey.then(s3kmskey =\u003e s3kmskey.arn),\n type: \"KMS\",\n },\n }],\n stages: [\n {\n name: \"Source\",\n actions: [{\n name: \"Source\",\n category: \"Source\",\n owner: \"AWS\",\n provider: \"CodeStarSourceConnection\",\n version: \"1\",\n outputArtifacts: [\"source_output\"],\n configuration: {\n ConnectionArn: example.arn,\n FullRepositoryId: \"my-organization/example\",\n BranchName: \"main\",\n },\n }],\n },\n {\n name: \"Build\",\n actions: [{\n name: \"Build\",\n category: \"Build\",\n owner: \"AWS\",\n provider: \"CodeBuild\",\n inputArtifacts: [\"source_output\"],\n outputArtifacts: [\"build_output\"],\n version: \"1\",\n configuration: {\n ProjectName: \"test\",\n },\n }],\n },\n {\n name: \"Deploy\",\n actions: [{\n name: \"Deploy\",\n category: \"Deploy\",\n owner: \"AWS\",\n provider: \"CloudFormation\",\n inputArtifacts: [\"build_output\"],\n version: \"1\",\n configuration: {\n ActionMode: \"REPLACE_ON_FAILURE\",\n Capabilities: \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\",\n OutputFileName: \"CreateStackOutput.json\",\n StackName: \"MyStack\",\n TemplatePath: \"build_output::sam-templated.yaml\",\n },\n }],\n },\n ],\n});\nconst codepipelineBucketPab = new aws.s3.BucketPublicAccessBlock(\"codepipeline_bucket_pab\", {\n bucket: codepipelineBucket.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n ignorePublicAcls: true,\n restrictPublicBuckets: true,\n});\nconst codepipelinePolicy = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n ],\n resources: [\n codepipelineBucket.arn,\n pulumi.interpolate`${codepipelineBucket.arn}/*`,\n ],\n },\n {\n effect: \"Allow\",\n actions: [\"codestar-connections:UseConnection\"],\n resources: [example.arn],\n },\n {\n effect: \"Allow\",\n actions: [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\",\n ],\n resources: [\"*\"],\n },\n ],\n});\nconst codepipelinePolicyRolePolicy = new aws.iam.RolePolicy(\"codepipeline_policy\", {\n name: \"codepipeline_policy\",\n role: codepipelineRole.id,\n policy: codepipelinePolicy.apply(codepipelinePolicy =\u003e codepipelinePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codestarconnections.Connection(\"example\",\n name=\"example-connection\",\n provider_type=\"GitHub\")\ncodepipeline_bucket = aws.s3.BucketV2(\"codepipeline_bucket\", bucket=\"test-bucket\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codepipeline.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ncodepipeline_role = aws.iam.Role(\"codepipeline_role\",\n name=\"test-role\",\n assume_role_policy=assume_role.json)\ns3kmskey = aws.kms.get_alias(name=\"alias/myKmsKey\")\ncodepipeline = aws.codepipeline.Pipeline(\"codepipeline\",\n name=\"tf-test-pipeline\",\n role_arn=codepipeline_role.arn,\n artifact_stores=[aws.codepipeline.PipelineArtifactStoreArgs(\n location=codepipeline_bucket.bucket,\n type=\"S3\",\n encryption_key=aws.codepipeline.PipelineArtifactStoreEncryptionKeyArgs(\n id=s3kmskey.arn,\n type=\"KMS\",\n ),\n )],\n stages=[\n aws.codepipeline.PipelineStageArgs(\n name=\"Source\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Source\",\n category=\"Source\",\n owner=\"AWS\",\n provider=\"CodeStarSourceConnection\",\n version=\"1\",\n output_artifacts=[\"source_output\"],\n configuration={\n \"ConnectionArn\": example.arn,\n \"FullRepositoryId\": \"my-organization/example\",\n \"BranchName\": \"main\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Build\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Build\",\n category=\"Build\",\n owner=\"AWS\",\n provider=\"CodeBuild\",\n input_artifacts=[\"source_output\"],\n output_artifacts=[\"build_output\"],\n version=\"1\",\n configuration={\n \"ProjectName\": \"test\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Deploy\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Deploy\",\n category=\"Deploy\",\n owner=\"AWS\",\n provider=\"CloudFormation\",\n input_artifacts=[\"build_output\"],\n version=\"1\",\n configuration={\n \"ActionMode\": \"REPLACE_ON_FAILURE\",\n \"Capabilities\": \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\",\n \"OutputFileName\": \"CreateStackOutput.json\",\n \"StackName\": \"MyStack\",\n \"TemplatePath\": \"build_output::sam-templated.yaml\",\n },\n )],\n ),\n ])\ncodepipeline_bucket_pab = aws.s3.BucketPublicAccessBlock(\"codepipeline_bucket_pab\",\n bucket=codepipeline_bucket.id,\n block_public_acls=True,\n block_public_policy=True,\n ignore_public_acls=True,\n restrict_public_buckets=True)\ncodepipeline_policy = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n ],\n resources=[\n codepipeline_bucket.arn,\n codepipeline_bucket.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"codestar-connections:UseConnection\"],\n resources=[example.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\",\n ],\n resources=[\"*\"],\n ),\n])\ncodepipeline_policy_role_policy = aws.iam.RolePolicy(\"codepipeline_policy\",\n name=\"codepipeline_policy\",\n role=codepipeline_role.id,\n policy=codepipeline_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CodeStarConnections.Connection(\"example\", new()\n {\n Name = \"example-connection\",\n ProviderType = \"GitHub\",\n });\n\n var codepipelineBucket = new Aws.S3.BucketV2(\"codepipeline_bucket\", new()\n {\n Bucket = \"test-bucket\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"codepipeline.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var codepipelineRole = new Aws.Iam.Role(\"codepipeline_role\", new()\n {\n Name = \"test-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var s3kmskey = Aws.Kms.GetAlias.Invoke(new()\n {\n Name = \"alias/myKmsKey\",\n });\n\n var codepipeline = new Aws.CodePipeline.Pipeline(\"codepipeline\", new()\n {\n Name = \"tf-test-pipeline\",\n RoleArn = codepipelineRole.Arn,\n ArtifactStores = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineArtifactStoreArgs\n {\n Location = codepipelineBucket.Bucket,\n Type = \"S3\",\n EncryptionKey = new Aws.CodePipeline.Inputs.PipelineArtifactStoreEncryptionKeyArgs\n {\n Id = s3kmskey.Apply(getAliasResult =\u003e getAliasResult.Arn),\n Type = \"KMS\",\n },\n },\n },\n Stages = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Source\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Source\",\n Category = \"Source\",\n Owner = \"AWS\",\n Provider = \"CodeStarSourceConnection\",\n Version = \"1\",\n OutputArtifacts = new[]\n {\n \"source_output\",\n },\n Configuration = \n {\n { \"ConnectionArn\", example.Arn },\n { \"FullRepositoryId\", \"my-organization/example\" },\n { \"BranchName\", \"main\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Build\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Build\",\n Category = \"Build\",\n Owner = \"AWS\",\n Provider = \"CodeBuild\",\n InputArtifacts = new[]\n {\n \"source_output\",\n },\n OutputArtifacts = new[]\n {\n \"build_output\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ProjectName\", \"test\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Deploy\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Deploy\",\n Category = \"Deploy\",\n Owner = \"AWS\",\n Provider = \"CloudFormation\",\n InputArtifacts = new[]\n {\n \"build_output\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ActionMode\", \"REPLACE_ON_FAILURE\" },\n { \"Capabilities\", \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\" },\n { \"OutputFileName\", \"CreateStackOutput.json\" },\n { \"StackName\", \"MyStack\" },\n { \"TemplatePath\", \"build_output::sam-templated.yaml\" },\n },\n },\n },\n },\n },\n });\n\n var codepipelineBucketPab = new Aws.S3.BucketPublicAccessBlock(\"codepipeline_bucket_pab\", new()\n {\n Bucket = codepipelineBucket.Id,\n BlockPublicAcls = true,\n BlockPublicPolicy = true,\n IgnorePublicAcls = true,\n RestrictPublicBuckets = true,\n });\n\n var codepipelinePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n codepipelineBucket.Arn,\n $\"{codepipelineBucket.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"codestar-connections:UseConnection\",\n },\n Resources = new[]\n {\n example.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var codepipelinePolicyRolePolicy = new Aws.Iam.RolePolicy(\"codepipeline_policy\", new()\n {\n Name = \"codepipeline_policy\",\n Role = codepipelineRole.Id,\n Policy = codepipelinePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codepipeline\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codestarconnections\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := codestarconnections.NewConnection(ctx, \"example\", \u0026codestarconnections.ConnectionArgs{\n\t\t\tName: pulumi.String(\"example-connection\"),\n\t\t\tProviderType: pulumi.String(\"GitHub\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelineBucket, err := s3.NewBucketV2(ctx, \"codepipeline_bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"codepipeline.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelineRole, err := iam.NewRole(ctx, \"codepipeline_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3kmskey, err := kms.LookupAlias(ctx, \u0026kms.LookupAliasArgs{\n\t\t\tName: \"alias/myKmsKey\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codepipeline.NewPipeline(ctx, \"codepipeline\", \u0026codepipeline.PipelineArgs{\n\t\t\tName: pulumi.String(\"tf-test-pipeline\"),\n\t\t\tRoleArn: codepipelineRole.Arn,\n\t\t\tArtifactStores: codepipeline.PipelineArtifactStoreArray{\n\t\t\t\t\u0026codepipeline.PipelineArtifactStoreArgs{\n\t\t\t\t\tLocation: codepipelineBucket.Bucket,\n\t\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\t\tEncryptionKey: \u0026codepipeline.PipelineArtifactStoreEncryptionKeyArgs{\n\t\t\t\t\t\tId: pulumi.String(s3kmskey.Arn),\n\t\t\t\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tStages: codepipeline.PipelineStageArray{\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeStarSourceConnection\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"source_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ConnectionArn\": example.Arn,\n\t\t\t\t\t\t\t\t\"FullRepositoryId\": pulumi.String(\"my-organization/example\"),\n\t\t\t\t\t\t\t\t\"BranchName\": pulumi.String(\"main\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeBuild\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"source_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"build_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ProjectName\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Deploy\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Deploy\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Deploy\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CloudFormation\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"build_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ActionMode\": pulumi.String(\"REPLACE_ON_FAILURE\"),\n\t\t\t\t\t\t\t\t\"Capabilities\": pulumi.String(\"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\"),\n\t\t\t\t\t\t\t\t\"OutputFileName\": pulumi.String(\"CreateStackOutput.json\"),\n\t\t\t\t\t\t\t\t\"StackName\": pulumi.String(\"MyStack\"),\n\t\t\t\t\t\t\t\t\"TemplatePath\": pulumi.String(\"build_output::sam-templated.yaml\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPublicAccessBlock(ctx, \"codepipeline_bucket_pab\", \u0026s3.BucketPublicAccessBlockArgs{\n\t\t\tBucket: codepipelineBucket.ID(),\n\t\t\tBlockPublicAcls: pulumi.Bool(true),\n\t\t\tBlockPublicPolicy: pulumi.Bool(true),\n\t\t\tIgnorePublicAcls: pulumi.Bool(true),\n\t\t\tRestrictPublicBuckets: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelinePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersion\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketVersioning\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObjectAcl\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tcodepipelineBucket.Arn,\n\t\t\t\t\t\tcodepipelineBucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"codestar-connections:UseConnection\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"codebuild:BatchGetBuilds\"),\n\t\t\t\t\t\tpulumi.String(\"codebuild:StartBuild\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"codepipeline_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"codepipeline_policy\"),\n\t\t\tRole: codepipelineRole.ID(),\n\t\t\tPolicy: codepipelinePolicy.ApplyT(func(codepipelinePolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026codepipelinePolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codestarconnections.Connection;\nimport com.pulumi.aws.codestarconnections.ConnectionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetAliasArgs;\nimport com.pulumi.aws.codepipeline.Pipeline;\nimport com.pulumi.aws.codepipeline.PipelineArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreEncryptionKeyArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineStageArgs;\nimport com.pulumi.aws.s3.BucketPublicAccessBlock;\nimport com.pulumi.aws.s3.BucketPublicAccessBlockArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Connection(\"example\", ConnectionArgs.builder() \n .name(\"example-connection\")\n .providerType(\"GitHub\")\n .build());\n\n var codepipelineBucket = new BucketV2(\"codepipelineBucket\", BucketV2Args.builder() \n .bucket(\"test-bucket\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"codepipeline.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var codepipelineRole = new Role(\"codepipelineRole\", RoleArgs.builder() \n .name(\"test-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var s3kmskey = KmsFunctions.getAlias(GetAliasArgs.builder()\n .name(\"alias/myKmsKey\")\n .build());\n\n var codepipeline = new Pipeline(\"codepipeline\", PipelineArgs.builder() \n .name(\"tf-test-pipeline\")\n .roleArn(codepipelineRole.arn())\n .artifactStores(PipelineArtifactStoreArgs.builder()\n .location(codepipelineBucket.bucket())\n .type(\"S3\")\n .encryptionKey(PipelineArtifactStoreEncryptionKeyArgs.builder()\n .id(s3kmskey.applyValue(getAliasResult -\u003e getAliasResult.arn()))\n .type(\"KMS\")\n .build())\n .build())\n .stages( \n PipelineStageArgs.builder()\n .name(\"Source\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Source\")\n .category(\"Source\")\n .owner(\"AWS\")\n .provider(\"CodeStarSourceConnection\")\n .version(\"1\")\n .outputArtifacts(\"source_output\")\n .configuration(Map.ofEntries(\n Map.entry(\"ConnectionArn\", example.arn()),\n Map.entry(\"FullRepositoryId\", \"my-organization/example\"),\n Map.entry(\"BranchName\", \"main\")\n ))\n .build())\n .build(),\n PipelineStageArgs.builder()\n .name(\"Build\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Build\")\n .category(\"Build\")\n .owner(\"AWS\")\n .provider(\"CodeBuild\")\n .inputArtifacts(\"source_output\")\n .outputArtifacts(\"build_output\")\n .version(\"1\")\n .configuration(Map.of(\"ProjectName\", \"test\"))\n .build())\n .build(),\n PipelineStageArgs.builder()\n .name(\"Deploy\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Deploy\")\n .category(\"Deploy\")\n .owner(\"AWS\")\n .provider(\"CloudFormation\")\n .inputArtifacts(\"build_output\")\n .version(\"1\")\n .configuration(Map.ofEntries(\n Map.entry(\"ActionMode\", \"REPLACE_ON_FAILURE\"),\n Map.entry(\"Capabilities\", \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\"),\n Map.entry(\"OutputFileName\", \"CreateStackOutput.json\"),\n Map.entry(\"StackName\", \"MyStack\"),\n Map.entry(\"TemplatePath\", \"build_output::sam-templated.yaml\")\n ))\n .build())\n .build())\n .build());\n\n var codepipelineBucketPab = new BucketPublicAccessBlock(\"codepipelineBucketPab\", BucketPublicAccessBlockArgs.builder() \n .bucket(codepipelineBucket.id())\n .blockPublicAcls(true)\n .blockPublicPolicy(true)\n .ignorePublicAcls(true)\n .restrictPublicBuckets(true)\n .build());\n\n final var codepipelinePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\")\n .resources( \n codepipelineBucket.arn(),\n codepipelineBucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"codestar-connections:UseConnection\")\n .resources(example.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\")\n .resources(\"*\")\n .build())\n .build());\n\n var codepipelinePolicyRolePolicy = new RolePolicy(\"codepipelinePolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"codepipeline_policy\")\n .role(codepipelineRole.id())\n .policy(codepipelinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(codepipelinePolicy -\u003e codepipelinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n codepipeline:\n type: aws:codepipeline:Pipeline\n properties:\n name: tf-test-pipeline\n roleArn: ${codepipelineRole.arn}\n artifactStores:\n - location: ${codepipelineBucket.bucket}\n type: S3\n encryptionKey:\n id: ${s3kmskey.arn}\n type: KMS\n stages:\n - name: Source\n actions:\n - name: Source\n category: Source\n owner: AWS\n provider: CodeStarSourceConnection\n version: '1'\n outputArtifacts:\n - source_output\n configuration:\n ConnectionArn: ${example.arn}\n FullRepositoryId: my-organization/example\n BranchName: main\n - name: Build\n actions:\n - name: Build\n category: Build\n owner: AWS\n provider: CodeBuild\n inputArtifacts:\n - source_output\n outputArtifacts:\n - build_output\n version: '1'\n configuration:\n ProjectName: test\n - name: Deploy\n actions:\n - name: Deploy\n category: Deploy\n owner: AWS\n provider: CloudFormation\n inputArtifacts:\n - build_output\n version: '1'\n configuration:\n ActionMode: REPLACE_ON_FAILURE\n Capabilities: CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\n OutputFileName: CreateStackOutput.json\n StackName: MyStack\n TemplatePath: build_output::sam-templated.yaml\n example:\n type: aws:codestarconnections:Connection\n properties:\n name: example-connection\n providerType: GitHub\n codepipelineBucket:\n type: aws:s3:BucketV2\n name: codepipeline_bucket\n properties:\n bucket: test-bucket\n codepipelineBucketPab:\n type: aws:s3:BucketPublicAccessBlock\n name: codepipeline_bucket_pab\n properties:\n bucket: ${codepipelineBucket.id}\n blockPublicAcls: true\n blockPublicPolicy: true\n ignorePublicAcls: true\n restrictPublicBuckets: true\n codepipelineRole:\n type: aws:iam:Role\n name: codepipeline_role\n properties:\n name: test-role\n assumeRolePolicy: ${assumeRole.json}\n codepipelinePolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: codepipeline_policy\n properties:\n name: codepipeline_policy\n role: ${codepipelineRole.id}\n policy: ${codepipelinePolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - codepipeline.amazonaws.com\n actions:\n - sts:AssumeRole\n codepipelinePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:GetObject\n - s3:GetObjectVersion\n - s3:GetBucketVersioning\n - s3:PutObjectAcl\n - s3:PutObject\n resources:\n - ${codepipelineBucket.arn}\n - ${codepipelineBucket.arn}/*\n - effect: Allow\n actions:\n - codestar-connections:UseConnection\n resources:\n - ${example.arn}\n - effect: Allow\n actions:\n - codebuild:BatchGetBuilds\n - codebuild:StartBuild\n resources:\n - '*'\n s3kmskey:\n fn::invoke:\n Function: aws:kms:getAlias\n Arguments:\n name: alias/myKmsKey\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CodePipelines using the name. For example:\n\n```sh\n$ pulumi import aws:codepipeline/pipeline:Pipeline foo example\n```\n", "properties": { "arn": { "type": "string", @@ -188192,7 +188192,7 @@ } }, "aws:cognito/managedUserPoolClient:ManagedUserPoolClient": { - "description": "Use the `aws.cognito.UserPoolClient` resource to manage a Cognito User Pool Client.\n\n**This resource is advanced** and has special caveats to consider before use. Please read this document completely before using the resource.\n\nUse the `aws.cognito.ManagedUserPoolClient` resource to manage a Cognito User Pool Client that is automatically created by an AWS service. For instance, when [configuring an OpenSearch Domain to use Cognito authentication](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html), the OpenSearch service creates the User Pool Client during setup and removes it when it is no longer required. As a result, the `aws.cognito.ManagedUserPoolClient` resource does not create or delete this resource, but instead assumes management of it.\n\nUse the `aws.cognito.UserPoolClient` resource to manage Cognito User Pool Clients for normal use cases.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleUserPool = new aws.cognito.UserPool(\"example\", {name: \"example\"});\nconst exampleManagedUserPoolClient = new aws.cognito.ManagedUserPoolClient(\"example\", {\n namePrefix: \"AmazonOpenSearchService-example\",\n userPoolId: exampleUserPool.id,\n});\nconst exampleIdentityPool = new aws.cognito.IdentityPool(\"example\", {identityPoolName: \"example\"});\nconst current = aws.getPartition({});\nconst example = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"\",\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [`es.${current.dnsSuffix}`],\n }],\n }],\n}));\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example-role\",\n path: \"/service-role/\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {\n domainName: \"example\",\n cognitoOptions: {\n enabled: true,\n userPoolId: exampleUserPool.id,\n identityPoolId: exampleIdentityPool.id,\n roleArn: exampleRole.arn,\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n role: exampleRole.name,\n policyArn: current.then(current =\u003e `arn:${current.partition}:iam::aws:policy/AmazonESCognitoAccess`),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_user_pool = aws.cognito.UserPool(\"example\", name=\"example\")\nexample_managed_user_pool_client = aws.cognito.ManagedUserPoolClient(\"example\",\n name_prefix=\"AmazonOpenSearchService-example\",\n user_pool_id=example_user_pool.id)\nexample_identity_pool = aws.cognito.IdentityPool(\"example\", identity_pool_name=\"example\")\ncurrent = aws.get_partition()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"\",\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[f\"es.{current.dns_suffix}\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example-role\",\n path=\"/service-role/\",\n assume_role_policy=example.json)\nexample_domain = aws.opensearch.Domain(\"example\",\n domain_name=\"example\",\n cognito_options=aws.opensearch.DomainCognitoOptionsArgs(\n enabled=True,\n user_pool_id=example_user_pool.id,\n identity_pool_id=example_identity_pool.id,\n role_arn=example_role.arn,\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ))\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n role=example_role.name,\n policy_arn=f\"arn:{current.partition}:iam::aws:policy/AmazonESCognitoAccess\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleUserPool = new Aws.Cognito.UserPool(\"example\", new()\n {\n Name = \"example\",\n });\n\n var exampleManagedUserPoolClient = new Aws.Cognito.ManagedUserPoolClient(\"example\", new()\n {\n NamePrefix = \"AmazonOpenSearchService-example\",\n UserPoolId = exampleUserPool.Id,\n });\n\n var exampleIdentityPool = new Aws.Cognito.IdentityPool(\"example\", new()\n {\n IdentityPoolName = \"example\",\n });\n\n var current = Aws.GetPartition.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"\",\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n $\"es.{current.Apply(getPartitionResult =\u003e getPartitionResult.DnsSuffix)}\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example-role\",\n Path = \"/service-role/\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"example\",\n CognitoOptions = new Aws.OpenSearch.Inputs.DomainCognitoOptionsArgs\n {\n Enabled = true,\n UserPoolId = exampleUserPool.Id,\n IdentityPoolId = exampleIdentityPool.Id,\n RoleArn = exampleRole.Arn,\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n Role = exampleRole.Name,\n PolicyArn = $\"arn:{current.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:iam::aws:policy/AmazonESCognitoAccess\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleUserPool, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewManagedUserPoolClient(ctx, \"example\", \u0026cognito.ManagedUserPoolClientArgs{\n\t\t\tNamePrefix: pulumi.String(\"AmazonOpenSearchService-example\"),\n\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleIdentityPool, err := cognito.NewIdentityPool(ctx, \"example\", \u0026cognito.IdentityPoolArgs{\n\t\t\tIdentityPoolName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"es.%v\", current.DnsSuffix),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example-role\"),\n\t\t\tPath: pulumi.String(\"/service-role/\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tCognitoOptions: \u0026opensearch.DomainCognitoOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t\t\tIdentityPoolId: exampleIdentityPool.ID(),\n\t\t\t\tRoleArn: exampleRole.Arn,\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: exampleRole.Name,\n\t\t\tPolicyArn: pulumi.String(fmt.Sprintf(\"arn:%v:iam::aws:policy/AmazonESCognitoAccess\", current.Partition)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.ManagedUserPoolClient;\nimport com.pulumi.aws.cognito.ManagedUserPoolClientArgs;\nimport com.pulumi.aws.cognito.IdentityPool;\nimport com.pulumi.aws.cognito.IdentityPoolArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainCognitoOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleUserPool = new UserPool(\"exampleUserPool\", UserPoolArgs.builder() \n .name(\"example\")\n .build());\n\n var exampleManagedUserPoolClient = new ManagedUserPoolClient(\"exampleManagedUserPoolClient\", ManagedUserPoolClientArgs.builder() \n .namePrefix(\"AmazonOpenSearchService-example\")\n .userPoolId(exampleUserPool.id())\n .build());\n\n var exampleIdentityPool = new IdentityPool(\"exampleIdentityPool\", IdentityPoolArgs.builder() \n .identityPoolName(\"example\")\n .build());\n\n final var current = AwsFunctions.getPartition();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"\")\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(String.format(\"es.%s\", current.applyValue(getPartitionResult -\u003e getPartitionResult.dnsSuffix())))\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example-role\")\n .path(\"/service-role/\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(\"example\")\n .cognitoOptions(DomainCognitoOptionsArgs.builder()\n .enabled(true)\n .userPoolId(exampleUserPool.id())\n .identityPoolId(exampleIdentityPool.id())\n .roleArn(exampleRole.arn())\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(exampleRole.name())\n .policyArn(String.format(\"arn:%s:iam::aws:policy/AmazonESCognitoAccess\", current.applyValue(getPartitionResult -\u003e getPartitionResult.partition())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleManagedUserPoolClient:\n type: aws:cognito:ManagedUserPoolClient\n name: example\n properties:\n namePrefix: AmazonOpenSearchService-example\n userPoolId: ${exampleUserPool.id}\n exampleUserPool:\n type: aws:cognito:UserPool\n name: example\n properties:\n name: example\n exampleIdentityPool:\n type: aws:cognito:IdentityPool\n name: example\n properties:\n identityPoolName: example\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n domainName: example\n cognitoOptions:\n enabled: true\n userPoolId: ${exampleUserPool.id}\n identityPoolId: ${exampleIdentityPool.id}\n roleArn: ${exampleRole.arn}\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example-role\n path: /service-role/\n assumeRolePolicy: ${example.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n role: ${exampleRole.name}\n policyArn: arn:${current.partition}:iam::aws:policy/AmazonESCognitoAccess\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid:\n actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.${current.dnsSuffix}\n current:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pool Clients using the `id` of the Cognito User Pool and the `id` of the Cognito User Pool Client. For example:\n\n```sh\n$ pulumi import aws:cognito/managedUserPoolClient:ManagedUserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko\n```\n", + "description": "Use the `aws.cognito.UserPoolClient` resource to manage a Cognito User Pool Client.\n\n**This resource is advanced** and has special caveats to consider before use. Please read this document completely before using the resource.\n\nUse the `aws.cognito.ManagedUserPoolClient` resource to manage a Cognito User Pool Client that is automatically created by an AWS service. For instance, when [configuring an OpenSearch Domain to use Cognito authentication](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html), the OpenSearch service creates the User Pool Client during setup and removes it when it is no longer required. As a result, the `aws.cognito.ManagedUserPoolClient` resource does not create or delete this resource, but instead assumes management of it.\n\nUse the `aws.cognito.UserPoolClient` resource to manage Cognito User Pool Clients for normal use cases.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleUserPool = new aws.cognito.UserPool(\"example\", {name: \"example\"});\nconst exampleManagedUserPoolClient = new aws.cognito.ManagedUserPoolClient(\"example\", {\n namePrefix: \"AmazonOpenSearchService-example\",\n userPoolId: exampleUserPool.id,\n});\nconst exampleIdentityPool = new aws.cognito.IdentityPool(\"example\", {identityPoolName: \"example\"});\nconst current = aws.getPartition({});\nconst example = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"\",\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [`es.${current.dnsSuffix}`],\n }],\n }],\n}));\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example-role\",\n path: \"/service-role/\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {\n domainName: \"example\",\n cognitoOptions: {\n enabled: true,\n userPoolId: exampleUserPool.id,\n identityPoolId: exampleIdentityPool.id,\n roleArn: exampleRole.arn,\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n role: exampleRole.name,\n policyArn: current.then(current =\u003e `arn:${current.partition}:iam::aws:policy/AmazonESCognitoAccess`),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_user_pool = aws.cognito.UserPool(\"example\", name=\"example\")\nexample_managed_user_pool_client = aws.cognito.ManagedUserPoolClient(\"example\",\n name_prefix=\"AmazonOpenSearchService-example\",\n user_pool_id=example_user_pool.id)\nexample_identity_pool = aws.cognito.IdentityPool(\"example\", identity_pool_name=\"example\")\ncurrent = aws.get_partition()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"\",\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[f\"es.{current.dns_suffix}\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example-role\",\n path=\"/service-role/\",\n assume_role_policy=example.json)\nexample_domain = aws.opensearch.Domain(\"example\",\n domain_name=\"example\",\n cognito_options=aws.opensearch.DomainCognitoOptionsArgs(\n enabled=True,\n user_pool_id=example_user_pool.id,\n identity_pool_id=example_identity_pool.id,\n role_arn=example_role.arn,\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ))\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n role=example_role.name,\n policy_arn=f\"arn:{current.partition}:iam::aws:policy/AmazonESCognitoAccess\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleUserPool = new Aws.Cognito.UserPool(\"example\", new()\n {\n Name = \"example\",\n });\n\n var exampleManagedUserPoolClient = new Aws.Cognito.ManagedUserPoolClient(\"example\", new()\n {\n NamePrefix = \"AmazonOpenSearchService-example\",\n UserPoolId = exampleUserPool.Id,\n });\n\n var exampleIdentityPool = new Aws.Cognito.IdentityPool(\"example\", new()\n {\n IdentityPoolName = \"example\",\n });\n\n var current = Aws.GetPartition.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"\",\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n $\"es.{current.Apply(getPartitionResult =\u003e getPartitionResult.DnsSuffix)}\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example-role\",\n Path = \"/service-role/\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"example\",\n CognitoOptions = new Aws.OpenSearch.Inputs.DomainCognitoOptionsArgs\n {\n Enabled = true,\n UserPoolId = exampleUserPool.Id,\n IdentityPoolId = exampleIdentityPool.Id,\n RoleArn = exampleRole.Arn,\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n Role = exampleRole.Name,\n PolicyArn = $\"arn:{current.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:iam::aws:policy/AmazonESCognitoAccess\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleUserPool, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewManagedUserPoolClient(ctx, \"example\", \u0026cognito.ManagedUserPoolClientArgs{\n\t\t\tNamePrefix: pulumi.String(\"AmazonOpenSearchService-example\"),\n\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleIdentityPool, err := cognito.NewIdentityPool(ctx, \"example\", \u0026cognito.IdentityPoolArgs{\n\t\t\tIdentityPoolName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"es.%v\", current.DnsSuffix),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example-role\"),\n\t\t\tPath: pulumi.String(\"/service-role/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tCognitoOptions: \u0026opensearch.DomainCognitoOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t\t\tIdentityPoolId: exampleIdentityPool.ID(),\n\t\t\t\tRoleArn: exampleRole.Arn,\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: exampleRole.Name,\n\t\t\tPolicyArn: pulumi.String(fmt.Sprintf(\"arn:%v:iam::aws:policy/AmazonESCognitoAccess\", current.Partition)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.ManagedUserPoolClient;\nimport com.pulumi.aws.cognito.ManagedUserPoolClientArgs;\nimport com.pulumi.aws.cognito.IdentityPool;\nimport com.pulumi.aws.cognito.IdentityPoolArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainCognitoOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleUserPool = new UserPool(\"exampleUserPool\", UserPoolArgs.builder() \n .name(\"example\")\n .build());\n\n var exampleManagedUserPoolClient = new ManagedUserPoolClient(\"exampleManagedUserPoolClient\", ManagedUserPoolClientArgs.builder() \n .namePrefix(\"AmazonOpenSearchService-example\")\n .userPoolId(exampleUserPool.id())\n .build());\n\n var exampleIdentityPool = new IdentityPool(\"exampleIdentityPool\", IdentityPoolArgs.builder() \n .identityPoolName(\"example\")\n .build());\n\n final var current = AwsFunctions.getPartition();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"\")\n .actions(\"sts:AssumeRole\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(String.format(\"es.%s\", current.applyValue(getPartitionResult -\u003e getPartitionResult.dnsSuffix())))\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example-role\")\n .path(\"/service-role/\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(\"example\")\n .cognitoOptions(DomainCognitoOptionsArgs.builder()\n .enabled(true)\n .userPoolId(exampleUserPool.id())\n .identityPoolId(exampleIdentityPool.id())\n .roleArn(exampleRole.arn())\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(exampleRole.name())\n .policyArn(String.format(\"arn:%s:iam::aws:policy/AmazonESCognitoAccess\", current.applyValue(getPartitionResult -\u003e getPartitionResult.partition())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleManagedUserPoolClient:\n type: aws:cognito:ManagedUserPoolClient\n name: example\n properties:\n namePrefix: AmazonOpenSearchService-example\n userPoolId: ${exampleUserPool.id}\n exampleUserPool:\n type: aws:cognito:UserPool\n name: example\n properties:\n name: example\n exampleIdentityPool:\n type: aws:cognito:IdentityPool\n name: example\n properties:\n identityPoolName: example\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n domainName: example\n cognitoOptions:\n enabled: true\n userPoolId: ${exampleUserPool.id}\n identityPoolId: ${exampleIdentityPool.id}\n roleArn: ${exampleRole.arn}\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example-role\n path: /service-role/\n assumeRolePolicy: ${example.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n role: ${exampleRole.name}\n policyArn: arn:${current.partition}:iam::aws:policy/AmazonESCognitoAccess\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid:\n actions:\n - sts:AssumeRole\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.${current.dnsSuffix}\n current:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pool Clients using the `id` of the Cognito User Pool and the `id` of the Cognito User Pool Client. For example:\n\n```sh\n$ pulumi import aws:cognito/managedUserPoolClient:ManagedUserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko\n```\n", "properties": { "accessTokenValidity": { "type": "integer", @@ -189018,7 +189018,7 @@ } }, "aws:cognito/userGroup:UserGroup": { - "description": "Provides a Cognito User Group resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.cognito.UserPool(\"main\", {name: \"identity pool\"});\nconst groupRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Federated\",\n identifiers: [\"cognito-identity.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRoleWithWebIdentity\"],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"cognito-identity.amazonaws.com:aud\",\n values: [\"us-east-1:12345678-dead-beef-cafe-123456790ab\"],\n },\n {\n test: \"ForAnyValue:StringLike\",\n variable: \"cognito-identity.amazonaws.com:amr\",\n values: [\"authenticated\"],\n },\n ],\n }],\n});\nconst groupRoleRole = new aws.iam.Role(\"group_role\", {\n name: \"user-group-role\",\n assumeRolePolicy: groupRole.then(groupRole =\u003e groupRole.json),\n});\nconst mainUserGroup = new aws.cognito.UserGroup(\"main\", {\n name: \"user-group\",\n userPoolId: main.id,\n description: \"Managed by Pulumi\",\n precedence: 42,\n roleArn: groupRoleRole.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cognito.UserPool(\"main\", name=\"identity pool\")\ngroup_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Federated\",\n identifiers=[\"cognito-identity.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRoleWithWebIdentity\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"cognito-identity.amazonaws.com:aud\",\n values=[\"us-east-1:12345678-dead-beef-cafe-123456790ab\"],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringLike\",\n variable=\"cognito-identity.amazonaws.com:amr\",\n values=[\"authenticated\"],\n ),\n ],\n)])\ngroup_role_role = aws.iam.Role(\"group_role\",\n name=\"user-group-role\",\n assume_role_policy=group_role.json)\nmain_user_group = aws.cognito.UserGroup(\"main\",\n name=\"user-group\",\n user_pool_id=main.id,\n description=\"Managed by Pulumi\",\n precedence=42,\n role_arn=group_role_role.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Cognito.UserPool(\"main\", new()\n {\n Name = \"identity pool\",\n });\n\n var groupRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Federated\",\n Identifiers = new[]\n {\n \"cognito-identity.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRoleWithWebIdentity\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"cognito-identity.amazonaws.com:aud\",\n Values = new[]\n {\n \"us-east-1:12345678-dead-beef-cafe-123456790ab\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringLike\",\n Variable = \"cognito-identity.amazonaws.com:amr\",\n Values = new[]\n {\n \"authenticated\",\n },\n },\n },\n },\n },\n });\n\n var groupRoleRole = new Aws.Iam.Role(\"group_role\", new()\n {\n Name = \"user-group-role\",\n AssumeRolePolicy = groupRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var mainUserGroup = new Aws.Cognito.UserGroup(\"main\", new()\n {\n Name = \"user-group\",\n UserPoolId = main.Id,\n Description = \"Managed by Pulumi\",\n Precedence = 42,\n RoleArn = groupRoleRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := cognito.NewUserPool(ctx, \"main\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"identity pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Federated\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"cognito-identity.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringEquals\",\n\t\t\t\t\t\t\tVariable: \"cognito-identity.amazonaws.com:aud\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"us-east-1:12345678-dead-beef-cafe-123456790ab\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringLike\",\n\t\t\t\t\t\t\tVariable: \"cognito-identity.amazonaws.com:amr\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"authenticated\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupRoleRole, err := iam.NewRole(ctx, \"group_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"user-group-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(groupRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserGroup(ctx, \"main\", \u0026cognito.UserGroupArgs{\n\t\t\tName: pulumi.String(\"user-group\"),\n\t\t\tUserPoolId: main.ID(),\n\t\t\tDescription: pulumi.String(\"Managed by Pulumi\"),\n\t\t\tPrecedence: pulumi.Int(42),\n\t\t\tRoleArn: groupRoleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cognito.UserGroup;\nimport com.pulumi.aws.cognito.UserGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new UserPool(\"main\", UserPoolArgs.builder() \n .name(\"identity pool\")\n .build());\n\n final var groupRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Federated\")\n .identifiers(\"cognito-identity.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRoleWithWebIdentity\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"cognito-identity.amazonaws.com:aud\")\n .values(\"us-east-1:12345678-dead-beef-cafe-123456790ab\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringLike\")\n .variable(\"cognito-identity.amazonaws.com:amr\")\n .values(\"authenticated\")\n .build())\n .build())\n .build());\n\n var groupRoleRole = new Role(\"groupRoleRole\", RoleArgs.builder() \n .name(\"user-group-role\")\n .assumeRolePolicy(groupRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var mainUserGroup = new UserGroup(\"mainUserGroup\", UserGroupArgs.builder() \n .name(\"user-group\")\n .userPoolId(main.id())\n .description(\"Managed by Pulumi\")\n .precedence(42)\n .roleArn(groupRoleRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cognito:UserPool\n properties:\n name: identity pool\n groupRoleRole:\n type: aws:iam:Role\n name: group_role\n properties:\n name: user-group-role\n assumeRolePolicy: ${groupRole.json}\n mainUserGroup:\n type: aws:cognito:UserGroup\n name: main\n properties:\n name: user-group\n userPoolId: ${main.id}\n description: Managed by Pulumi\n precedence: 42\n roleArn: ${groupRoleRole.arn}\nvariables:\n groupRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Federated\n identifiers:\n - cognito-identity.amazonaws.com\n actions:\n - sts:AssumeRoleWithWebIdentity\n conditions:\n - test: StringEquals\n variable: cognito-identity.amazonaws.com:aud\n values:\n - us-east-1:12345678-dead-beef-cafe-123456790ab\n - test: ForAnyValue:StringLike\n variable: cognito-identity.amazonaws.com:amr\n values:\n - authenticated\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Groups using the `user_pool_id`/`name` attributes concatenated. For example:\n\n```sh\n$ pulumi import aws:cognito/userGroup:UserGroup group us-east-1_vG78M4goG/user-group\n```\n", + "description": "Provides a Cognito User Group resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.cognito.UserPool(\"main\", {name: \"identity pool\"});\nconst groupRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Federated\",\n identifiers: [\"cognito-identity.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRoleWithWebIdentity\"],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"cognito-identity.amazonaws.com:aud\",\n values: [\"us-east-1:12345678-dead-beef-cafe-123456790ab\"],\n },\n {\n test: \"ForAnyValue:StringLike\",\n variable: \"cognito-identity.amazonaws.com:amr\",\n values: [\"authenticated\"],\n },\n ],\n }],\n});\nconst groupRoleRole = new aws.iam.Role(\"group_role\", {\n name: \"user-group-role\",\n assumeRolePolicy: groupRole.then(groupRole =\u003e groupRole.json),\n});\nconst mainUserGroup = new aws.cognito.UserGroup(\"main\", {\n name: \"user-group\",\n userPoolId: main.id,\n description: \"Managed by Pulumi\",\n precedence: 42,\n roleArn: groupRoleRole.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cognito.UserPool(\"main\", name=\"identity pool\")\ngroup_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Federated\",\n identifiers=[\"cognito-identity.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRoleWithWebIdentity\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"cognito-identity.amazonaws.com:aud\",\n values=[\"us-east-1:12345678-dead-beef-cafe-123456790ab\"],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringLike\",\n variable=\"cognito-identity.amazonaws.com:amr\",\n values=[\"authenticated\"],\n ),\n ],\n)])\ngroup_role_role = aws.iam.Role(\"group_role\",\n name=\"user-group-role\",\n assume_role_policy=group_role.json)\nmain_user_group = aws.cognito.UserGroup(\"main\",\n name=\"user-group\",\n user_pool_id=main.id,\n description=\"Managed by Pulumi\",\n precedence=42,\n role_arn=group_role_role.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Cognito.UserPool(\"main\", new()\n {\n Name = \"identity pool\",\n });\n\n var groupRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Federated\",\n Identifiers = new[]\n {\n \"cognito-identity.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRoleWithWebIdentity\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"cognito-identity.amazonaws.com:aud\",\n Values = new[]\n {\n \"us-east-1:12345678-dead-beef-cafe-123456790ab\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringLike\",\n Variable = \"cognito-identity.amazonaws.com:amr\",\n Values = new[]\n {\n \"authenticated\",\n },\n },\n },\n },\n },\n });\n\n var groupRoleRole = new Aws.Iam.Role(\"group_role\", new()\n {\n Name = \"user-group-role\",\n AssumeRolePolicy = groupRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var mainUserGroup = new Aws.Cognito.UserGroup(\"main\", new()\n {\n Name = \"user-group\",\n UserPoolId = main.Id,\n Description = \"Managed by Pulumi\",\n Precedence = 42,\n RoleArn = groupRoleRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := cognito.NewUserPool(ctx, \"main\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"identity pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Federated\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"cognito-identity.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringEquals\",\n\t\t\t\t\t\t\tVariable: \"cognito-identity.amazonaws.com:aud\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"us-east-1:12345678-dead-beef-cafe-123456790ab\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringLike\",\n\t\t\t\t\t\t\tVariable: \"cognito-identity.amazonaws.com:amr\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"authenticated\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupRoleRole, err := iam.NewRole(ctx, \"group_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"user-group-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(groupRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserGroup(ctx, \"main\", \u0026cognito.UserGroupArgs{\n\t\t\tName: pulumi.String(\"user-group\"),\n\t\t\tUserPoolId: main.ID(),\n\t\t\tDescription: pulumi.String(\"Managed by Pulumi\"),\n\t\t\tPrecedence: pulumi.Int(42),\n\t\t\tRoleArn: groupRoleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cognito.UserGroup;\nimport com.pulumi.aws.cognito.UserGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new UserPool(\"main\", UserPoolArgs.builder() \n .name(\"identity pool\")\n .build());\n\n final var groupRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Federated\")\n .identifiers(\"cognito-identity.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRoleWithWebIdentity\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"cognito-identity.amazonaws.com:aud\")\n .values(\"us-east-1:12345678-dead-beef-cafe-123456790ab\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringLike\")\n .variable(\"cognito-identity.amazonaws.com:amr\")\n .values(\"authenticated\")\n .build())\n .build())\n .build());\n\n var groupRoleRole = new Role(\"groupRoleRole\", RoleArgs.builder() \n .name(\"user-group-role\")\n .assumeRolePolicy(groupRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var mainUserGroup = new UserGroup(\"mainUserGroup\", UserGroupArgs.builder() \n .name(\"user-group\")\n .userPoolId(main.id())\n .description(\"Managed by Pulumi\")\n .precedence(42)\n .roleArn(groupRoleRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cognito:UserPool\n properties:\n name: identity pool\n groupRoleRole:\n type: aws:iam:Role\n name: group_role\n properties:\n name: user-group-role\n assumeRolePolicy: ${groupRole.json}\n mainUserGroup:\n type: aws:cognito:UserGroup\n name: main\n properties:\n name: user-group\n userPoolId: ${main.id}\n description: Managed by Pulumi\n precedence: 42\n roleArn: ${groupRoleRole.arn}\nvariables:\n groupRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Federated\n identifiers:\n - cognito-identity.amazonaws.com\n actions:\n - sts:AssumeRoleWithWebIdentity\n conditions:\n - test: StringEquals\n variable: cognito-identity.amazonaws.com:aud\n values:\n - us-east-1:12345678-dead-beef-cafe-123456790ab\n - test: ForAnyValue:StringLike\n variable: cognito-identity.amazonaws.com:amr\n values:\n - authenticated\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Groups using the `user_pool_id`/`name` attributes concatenated. For example:\n\n```sh\n$ pulumi import aws:cognito/userGroup:UserGroup group us-east-1_vG78M4goG/user-group\n```\n", "properties": { "description": { "type": "string", @@ -189609,7 +189609,7 @@ } }, "aws:cognito/userPoolClient:UserPoolClient": { - "description": "Provides a Cognito User Pool Client resource.\n\nTo manage a User Pool Client created by another service, such as when [configuring an OpenSearch Domain to use Cognito authentication](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html),\nuse the `aws.cognito.ManagedUserPoolClient` resource instead.\n\n## Example Usage\n\n### Create a basic user pool client\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {name: \"pool\"});\nconst client = new aws.cognito.UserPoolClient(\"client\", {\n name: \"client\",\n userPoolId: pool.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\", name=\"pool\")\nclient = aws.cognito.UserPoolClient(\"client\",\n name=\"client\",\n user_pool_id=pool.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\", new()\n {\n Name = \"pool\",\n });\n\n var client = new Aws.Cognito.UserPoolClient(\"client\", new()\n {\n Name = \"client\",\n UserPoolId = pool.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"client\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tUserPoolId: pool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var client = new UserPoolClient(\"client\", UserPoolClientArgs.builder() \n .name(\"client\")\n .userPoolId(pool.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n client:\n type: aws:cognito:UserPoolClient\n properties:\n name: client\n userPoolId: ${pool.id}\n pool:\n type: aws:cognito:UserPool\n properties:\n name: pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create a user pool client with no SRP authentication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {name: \"pool\"});\nconst client = new aws.cognito.UserPoolClient(\"client\", {\n name: \"client\",\n userPoolId: pool.id,\n generateSecret: true,\n explicitAuthFlows: [\"ADMIN_NO_SRP_AUTH\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\", name=\"pool\")\nclient = aws.cognito.UserPoolClient(\"client\",\n name=\"client\",\n user_pool_id=pool.id,\n generate_secret=True,\n explicit_auth_flows=[\"ADMIN_NO_SRP_AUTH\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\", new()\n {\n Name = \"pool\",\n });\n\n var client = new Aws.Cognito.UserPoolClient(\"client\", new()\n {\n Name = \"client\",\n UserPoolId = pool.Id,\n GenerateSecret = true,\n ExplicitAuthFlows = new[]\n {\n \"ADMIN_NO_SRP_AUTH\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"client\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tUserPoolId: pool.ID(),\n\t\t\tGenerateSecret: pulumi.Bool(true),\n\t\t\tExplicitAuthFlows: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ADMIN_NO_SRP_AUTH\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var client = new UserPoolClient(\"client\", UserPoolClientArgs.builder() \n .name(\"client\")\n .userPoolId(pool.id())\n .generateSecret(true)\n .explicitAuthFlows(\"ADMIN_NO_SRP_AUTH\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n client:\n type: aws:cognito:UserPoolClient\n properties:\n name: client\n userPoolId: ${pool.id}\n generateSecret: true\n explicitAuthFlows:\n - ADMIN_NO_SRP_AUTH\n pool:\n type: aws:cognito:UserPool\n properties:\n name: pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create a user pool client with pinpoint analytics\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testUserPool = new aws.cognito.UserPool(\"test\", {name: \"pool\"});\nconst testApp = new aws.pinpoint.App(\"test\", {name: \"pinpoint\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cognito-idp.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst testRole = new aws.iam.Role(\"test\", {\n name: \"role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testUserPoolClient = new aws.cognito.UserPoolClient(\"test\", {\n name: \"pool_client\",\n userPoolId: testUserPool.id,\n analyticsConfiguration: {\n applicationId: testApp.applicationId,\n externalId: \"some_id\",\n roleArn: testRole.arn,\n userDataShared: true,\n },\n});\nconst current = aws.getCallerIdentity({});\nconst test = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\",\n ],\n resources: [pulumi.all([current, testApp.applicationId]).apply(([current, applicationId]) =\u003e `arn:aws:mobiletargeting:*:${current.accountId}:apps/${applicationId}*`)],\n }],\n});\nconst testRolePolicy = new aws.iam.RolePolicy(\"test\", {\n name: \"role_policy\",\n role: testRole.id,\n policy: test.apply(test =\u003e test.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_user_pool = aws.cognito.UserPool(\"test\", name=\"pool\")\ntest_app = aws.pinpoint.App(\"test\", name=\"pinpoint\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"cognito-idp.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ntest_role = aws.iam.Role(\"test\",\n name=\"role\",\n assume_role_policy=assume_role.json)\ntest_user_pool_client = aws.cognito.UserPoolClient(\"test\",\n name=\"pool_client\",\n user_pool_id=test_user_pool.id,\n analytics_configuration=aws.cognito.UserPoolClientAnalyticsConfigurationArgs(\n application_id=test_app.application_id,\n external_id=\"some_id\",\n role_arn=test_role.arn,\n user_data_shared=True,\n ))\ncurrent = aws.get_caller_identity()\ntest = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\",\n ],\n resources=[test_app.application_id.apply(lambda application_id: f\"arn:aws:mobiletargeting:*:{current.account_id}:apps/{application_id}*\")],\n)])\ntest_role_policy = aws.iam.RolePolicy(\"test\",\n name=\"role_policy\",\n role=test_role.id,\n policy=test.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testUserPool = new Aws.Cognito.UserPool(\"test\", new()\n {\n Name = \"pool\",\n });\n\n var testApp = new Aws.Pinpoint.App(\"test\", new()\n {\n Name = \"pinpoint\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cognito-idp.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test\", new()\n {\n Name = \"role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testUserPoolClient = new Aws.Cognito.UserPoolClient(\"test\", new()\n {\n Name = \"pool_client\",\n UserPoolId = testUserPool.Id,\n AnalyticsConfiguration = new Aws.Cognito.Inputs.UserPoolClientAnalyticsConfigurationArgs\n {\n ApplicationId = testApp.ApplicationId,\n ExternalId = \"some_id\",\n RoleArn = testRole.Arn,\n UserDataShared = true,\n },\n });\n\n var current = Aws.GetCallerIdentity.Invoke();\n\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\",\n },\n Resources = new[]\n {\n $\"arn:aws:mobiletargeting:*:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:apps/{testApp.ApplicationId}*\",\n },\n },\n },\n });\n\n var testRolePolicy = new Aws.Iam.RolePolicy(\"test\", new()\n {\n Name = \"role_policy\",\n Role = testRole.Id,\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestUserPool, err := cognito.NewUserPool(ctx, \"test\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestApp, err := pinpoint.NewApp(ctx, \"test\", \u0026pinpoint.AppArgs{\n\t\t\tName: pulumi.String(\"pinpoint\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"cognito-idp.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"test\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"pool_client\"),\n\t\t\tUserPoolId: testUserPool.ID(),\n\t\t\tAnalyticsConfiguration: \u0026cognito.UserPoolClientAnalyticsConfigurationArgs{\n\t\t\t\tApplicationId: testApp.ApplicationId,\n\t\t\t\tExternalId: pulumi.String(\"some_id\"),\n\t\t\t\tRoleArn: testRole.Arn,\n\t\t\t\tUserDataShared: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mobiletargeting:UpdateEndpoint\"),\n\t\t\t\t\t\tpulumi.String(\"mobiletargeting:PutEvents\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ttestApp.ApplicationId.ApplyT(func(applicationId string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"arn:aws:mobiletargeting:*:%v:apps/%v*\", current.AccountId, applicationId), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"test\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"role_policy\"),\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: test.ApplyT(func(test iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026test.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.pinpoint.App;\nimport com.pulumi.aws.pinpoint.AppArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolClientAnalyticsConfigurationArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testUserPool = new UserPool(\"testUserPool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var testApp = new App(\"testApp\", AppArgs.builder() \n .name(\"pinpoint\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cognito-idp.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testUserPoolClient = new UserPoolClient(\"testUserPoolClient\", UserPoolClientArgs.builder() \n .name(\"pool_client\")\n .userPoolId(testUserPool.id())\n .analyticsConfiguration(UserPoolClientAnalyticsConfigurationArgs.builder()\n .applicationId(testApp.applicationId())\n .externalId(\"some_id\")\n .roleArn(testRole.arn())\n .userDataShared(true)\n .build())\n .build());\n\n final var current = AwsFunctions.getCallerIdentity();\n\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\")\n .resources(testApp.applicationId().applyValue(applicationId -\u003e String.format(\"arn:aws:mobiletargeting:*:%s:apps/%s*\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),applicationId)))\n .build())\n .build());\n\n var testRolePolicy = new RolePolicy(\"testRolePolicy\", RolePolicyArgs.builder() \n .name(\"role_policy\")\n .role(testRole.id())\n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(test -\u003e test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testUserPoolClient:\n type: aws:cognito:UserPoolClient\n name: test\n properties:\n name: pool_client\n userPoolId: ${testUserPool.id}\n analyticsConfiguration:\n applicationId: ${testApp.applicationId}\n externalId: some_id\n roleArn: ${testRole.arn}\n userDataShared: true\n testUserPool:\n type: aws:cognito:UserPool\n name: test\n properties:\n name: pool\n testApp:\n type: aws:pinpoint:App\n name: test\n properties:\n name: pinpoint\n testRole:\n type: aws:iam:Role\n name: test\n properties:\n name: role\n assumeRolePolicy: ${assumeRole.json}\n testRolePolicy:\n type: aws:iam:RolePolicy\n name: test\n properties:\n name: role_policy\n role: ${testRole.id}\n policy: ${test.json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - cognito-idp.amazonaws.com\n actions:\n - sts:AssumeRole\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - mobiletargeting:UpdateEndpoint\n - mobiletargeting:PutEvents\n resources:\n - arn:aws:mobiletargeting:*:${current.accountId}:apps/${testApp.applicationId}*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create a user pool client with Cognito as the identity provider\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {name: \"pool\"});\nconst userpoolClient = new aws.cognito.UserPoolClient(\"userpool_client\", {\n name: \"client\",\n userPoolId: pool.id,\n callbackUrls: [\"https://example.com\"],\n allowedOauthFlowsUserPoolClient: true,\n allowedOauthFlows: [\n \"code\",\n \"implicit\",\n ],\n allowedOauthScopes: [\n \"email\",\n \"openid\",\n ],\n supportedIdentityProviders: [\"COGNITO\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\", name=\"pool\")\nuserpool_client = aws.cognito.UserPoolClient(\"userpool_client\",\n name=\"client\",\n user_pool_id=pool.id,\n callback_urls=[\"https://example.com\"],\n allowed_oauth_flows_user_pool_client=True,\n allowed_oauth_flows=[\n \"code\",\n \"implicit\",\n ],\n allowed_oauth_scopes=[\n \"email\",\n \"openid\",\n ],\n supported_identity_providers=[\"COGNITO\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\", new()\n {\n Name = \"pool\",\n });\n\n var userpoolClient = new Aws.Cognito.UserPoolClient(\"userpool_client\", new()\n {\n Name = \"client\",\n UserPoolId = pool.Id,\n CallbackUrls = new[]\n {\n \"https://example.com\",\n },\n AllowedOauthFlowsUserPoolClient = true,\n AllowedOauthFlows = new[]\n {\n \"code\",\n \"implicit\",\n },\n AllowedOauthScopes = new[]\n {\n \"email\",\n \"openid\",\n },\n SupportedIdentityProviders = new[]\n {\n \"COGNITO\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"userpool_client\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tUserPoolId: pool.ID(),\n\t\t\tCallbackUrls: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t\tAllowedOauthFlowsUserPoolClient: pulumi.Bool(true),\n\t\t\tAllowedOauthFlows: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"code\"),\n\t\t\t\tpulumi.String(\"implicit\"),\n\t\t\t},\n\t\t\tAllowedOauthScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"openid\"),\n\t\t\t},\n\t\t\tSupportedIdentityProviders: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"COGNITO\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var userpoolClient = new UserPoolClient(\"userpoolClient\", UserPoolClientArgs.builder() \n .name(\"client\")\n .userPoolId(pool.id())\n .callbackUrls(\"https://example.com\")\n .allowedOauthFlowsUserPoolClient(true)\n .allowedOauthFlows( \n \"code\",\n \"implicit\")\n .allowedOauthScopes( \n \"email\",\n \"openid\")\n .supportedIdentityProviders(\"COGNITO\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userpoolClient:\n type: aws:cognito:UserPoolClient\n name: userpool_client\n properties:\n name: client\n userPoolId: ${pool.id}\n callbackUrls:\n - https://example.com\n allowedOauthFlowsUserPoolClient: true\n allowedOauthFlows:\n - code\n - implicit\n allowedOauthScopes:\n - email\n - openid\n supportedIdentityProviders:\n - COGNITO\n pool:\n type: aws:cognito:UserPool\n properties:\n name: pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pool Clients using the `id` of the Cognito User Pool, and the `id` of the Cognito User Pool Client. For example:\n\n```sh\n$ pulumi import aws:cognito/userPoolClient:UserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko\n```\n", + "description": "Provides a Cognito User Pool Client resource.\n\nTo manage a User Pool Client created by another service, such as when [configuring an OpenSearch Domain to use Cognito authentication](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html),\nuse the `aws.cognito.ManagedUserPoolClient` resource instead.\n\n## Example Usage\n\n### Create a basic user pool client\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {name: \"pool\"});\nconst client = new aws.cognito.UserPoolClient(\"client\", {\n name: \"client\",\n userPoolId: pool.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\", name=\"pool\")\nclient = aws.cognito.UserPoolClient(\"client\",\n name=\"client\",\n user_pool_id=pool.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\", new()\n {\n Name = \"pool\",\n });\n\n var client = new Aws.Cognito.UserPoolClient(\"client\", new()\n {\n Name = \"client\",\n UserPoolId = pool.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"client\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tUserPoolId: pool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var client = new UserPoolClient(\"client\", UserPoolClientArgs.builder() \n .name(\"client\")\n .userPoolId(pool.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n client:\n type: aws:cognito:UserPoolClient\n properties:\n name: client\n userPoolId: ${pool.id}\n pool:\n type: aws:cognito:UserPool\n properties:\n name: pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create a user pool client with no SRP authentication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {name: \"pool\"});\nconst client = new aws.cognito.UserPoolClient(\"client\", {\n name: \"client\",\n userPoolId: pool.id,\n generateSecret: true,\n explicitAuthFlows: [\"ADMIN_NO_SRP_AUTH\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\", name=\"pool\")\nclient = aws.cognito.UserPoolClient(\"client\",\n name=\"client\",\n user_pool_id=pool.id,\n generate_secret=True,\n explicit_auth_flows=[\"ADMIN_NO_SRP_AUTH\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\", new()\n {\n Name = \"pool\",\n });\n\n var client = new Aws.Cognito.UserPoolClient(\"client\", new()\n {\n Name = \"client\",\n UserPoolId = pool.Id,\n GenerateSecret = true,\n ExplicitAuthFlows = new[]\n {\n \"ADMIN_NO_SRP_AUTH\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"client\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tUserPoolId: pool.ID(),\n\t\t\tGenerateSecret: pulumi.Bool(true),\n\t\t\tExplicitAuthFlows: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ADMIN_NO_SRP_AUTH\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var client = new UserPoolClient(\"client\", UserPoolClientArgs.builder() \n .name(\"client\")\n .userPoolId(pool.id())\n .generateSecret(true)\n .explicitAuthFlows(\"ADMIN_NO_SRP_AUTH\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n client:\n type: aws:cognito:UserPoolClient\n properties:\n name: client\n userPoolId: ${pool.id}\n generateSecret: true\n explicitAuthFlows:\n - ADMIN_NO_SRP_AUTH\n pool:\n type: aws:cognito:UserPool\n properties:\n name: pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create a user pool client with pinpoint analytics\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testUserPool = new aws.cognito.UserPool(\"test\", {name: \"pool\"});\nconst testApp = new aws.pinpoint.App(\"test\", {name: \"pinpoint\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cognito-idp.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst testRole = new aws.iam.Role(\"test\", {\n name: \"role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testUserPoolClient = new aws.cognito.UserPoolClient(\"test\", {\n name: \"pool_client\",\n userPoolId: testUserPool.id,\n analyticsConfiguration: {\n applicationId: testApp.applicationId,\n externalId: \"some_id\",\n roleArn: testRole.arn,\n userDataShared: true,\n },\n});\nconst current = aws.getCallerIdentity({});\nconst test = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\",\n ],\n resources: [pulumi.all([current, testApp.applicationId]).apply(([current, applicationId]) =\u003e `arn:aws:mobiletargeting:*:${current.accountId}:apps/${applicationId}*`)],\n }],\n});\nconst testRolePolicy = new aws.iam.RolePolicy(\"test\", {\n name: \"role_policy\",\n role: testRole.id,\n policy: test.apply(test =\u003e test.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_user_pool = aws.cognito.UserPool(\"test\", name=\"pool\")\ntest_app = aws.pinpoint.App(\"test\", name=\"pinpoint\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"cognito-idp.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ntest_role = aws.iam.Role(\"test\",\n name=\"role\",\n assume_role_policy=assume_role.json)\ntest_user_pool_client = aws.cognito.UserPoolClient(\"test\",\n name=\"pool_client\",\n user_pool_id=test_user_pool.id,\n analytics_configuration=aws.cognito.UserPoolClientAnalyticsConfigurationArgs(\n application_id=test_app.application_id,\n external_id=\"some_id\",\n role_arn=test_role.arn,\n user_data_shared=True,\n ))\ncurrent = aws.get_caller_identity()\ntest = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\",\n ],\n resources=[test_app.application_id.apply(lambda application_id: f\"arn:aws:mobiletargeting:*:{current.account_id}:apps/{application_id}*\")],\n)])\ntest_role_policy = aws.iam.RolePolicy(\"test\",\n name=\"role_policy\",\n role=test_role.id,\n policy=test.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testUserPool = new Aws.Cognito.UserPool(\"test\", new()\n {\n Name = \"pool\",\n });\n\n var testApp = new Aws.Pinpoint.App(\"test\", new()\n {\n Name = \"pinpoint\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cognito-idp.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test\", new()\n {\n Name = \"role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testUserPoolClient = new Aws.Cognito.UserPoolClient(\"test\", new()\n {\n Name = \"pool_client\",\n UserPoolId = testUserPool.Id,\n AnalyticsConfiguration = new Aws.Cognito.Inputs.UserPoolClientAnalyticsConfigurationArgs\n {\n ApplicationId = testApp.ApplicationId,\n ExternalId = \"some_id\",\n RoleArn = testRole.Arn,\n UserDataShared = true,\n },\n });\n\n var current = Aws.GetCallerIdentity.Invoke();\n\n var test = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\",\n },\n Resources = new[]\n {\n $\"arn:aws:mobiletargeting:*:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:apps/{testApp.ApplicationId}*\",\n },\n },\n },\n });\n\n var testRolePolicy = new Aws.Iam.RolePolicy(\"test\", new()\n {\n Name = \"role_policy\",\n Role = testRole.Id,\n Policy = test.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestUserPool, err := cognito.NewUserPool(ctx, \"test\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestApp, err := pinpoint.NewApp(ctx, \"test\", \u0026pinpoint.AppArgs{\n\t\t\tName: pulumi.String(\"pinpoint\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"cognito-idp.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"test\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"pool_client\"),\n\t\t\tUserPoolId: testUserPool.ID(),\n\t\t\tAnalyticsConfiguration: \u0026cognito.UserPoolClientAnalyticsConfigurationArgs{\n\t\t\t\tApplicationId: testApp.ApplicationId,\n\t\t\t\tExternalId: pulumi.String(\"some_id\"),\n\t\t\t\tRoleArn: testRole.Arn,\n\t\t\t\tUserDataShared: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mobiletargeting:UpdateEndpoint\"),\n\t\t\t\t\t\tpulumi.String(\"mobiletargeting:PutEvents\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ttestApp.ApplicationId.ApplyT(func(applicationId string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"arn:aws:mobiletargeting:*:%v:apps/%v*\", current.AccountId, applicationId), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"test\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"role_policy\"),\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: test.ApplyT(func(test iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026test.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.pinpoint.App;\nimport com.pulumi.aws.pinpoint.AppArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolClientAnalyticsConfigurationArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testUserPool = new UserPool(\"testUserPool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var testApp = new App(\"testApp\", AppArgs.builder() \n .name(\"pinpoint\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cognito-idp.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testUserPoolClient = new UserPoolClient(\"testUserPoolClient\", UserPoolClientArgs.builder() \n .name(\"pool_client\")\n .userPoolId(testUserPool.id())\n .analyticsConfiguration(UserPoolClientAnalyticsConfigurationArgs.builder()\n .applicationId(testApp.applicationId())\n .externalId(\"some_id\")\n .roleArn(testRole.arn())\n .userDataShared(true)\n .build())\n .build());\n\n final var current = AwsFunctions.getCallerIdentity();\n\n final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutEvents\")\n .resources(testApp.applicationId().applyValue(applicationId -\u003e String.format(\"arn:aws:mobiletargeting:*:%s:apps/%s*\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),applicationId)))\n .build())\n .build());\n\n var testRolePolicy = new RolePolicy(\"testRolePolicy\", RolePolicyArgs.builder() \n .name(\"role_policy\")\n .role(testRole.id())\n .policy(test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(test -\u003e test.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testUserPoolClient:\n type: aws:cognito:UserPoolClient\n name: test\n properties:\n name: pool_client\n userPoolId: ${testUserPool.id}\n analyticsConfiguration:\n applicationId: ${testApp.applicationId}\n externalId: some_id\n roleArn: ${testRole.arn}\n userDataShared: true\n testUserPool:\n type: aws:cognito:UserPool\n name: test\n properties:\n name: pool\n testApp:\n type: aws:pinpoint:App\n name: test\n properties:\n name: pinpoint\n testRole:\n type: aws:iam:Role\n name: test\n properties:\n name: role\n assumeRolePolicy: ${assumeRole.json}\n testRolePolicy:\n type: aws:iam:RolePolicy\n name: test\n properties:\n name: role_policy\n role: ${testRole.id}\n policy: ${test.json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - cognito-idp.amazonaws.com\n actions:\n - sts:AssumeRole\n test:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - mobiletargeting:UpdateEndpoint\n - mobiletargeting:PutEvents\n resources:\n - arn:aws:mobiletargeting:*:${current.accountId}:apps/${testApp.applicationId}*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create a user pool client with Cognito as the identity provider\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {name: \"pool\"});\nconst userpoolClient = new aws.cognito.UserPoolClient(\"userpool_client\", {\n name: \"client\",\n userPoolId: pool.id,\n callbackUrls: [\"https://example.com\"],\n allowedOauthFlowsUserPoolClient: true,\n allowedOauthFlows: [\n \"code\",\n \"implicit\",\n ],\n allowedOauthScopes: [\n \"email\",\n \"openid\",\n ],\n supportedIdentityProviders: [\"COGNITO\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\", name=\"pool\")\nuserpool_client = aws.cognito.UserPoolClient(\"userpool_client\",\n name=\"client\",\n user_pool_id=pool.id,\n callback_urls=[\"https://example.com\"],\n allowed_oauth_flows_user_pool_client=True,\n allowed_oauth_flows=[\n \"code\",\n \"implicit\",\n ],\n allowed_oauth_scopes=[\n \"email\",\n \"openid\",\n ],\n supported_identity_providers=[\"COGNITO\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\", new()\n {\n Name = \"pool\",\n });\n\n var userpoolClient = new Aws.Cognito.UserPoolClient(\"userpool_client\", new()\n {\n Name = \"client\",\n UserPoolId = pool.Id,\n CallbackUrls = new[]\n {\n \"https://example.com\",\n },\n AllowedOauthFlowsUserPoolClient = true,\n AllowedOauthFlows = new[]\n {\n \"code\",\n \"implicit\",\n },\n AllowedOauthScopes = new[]\n {\n \"email\",\n \"openid\",\n },\n SupportedIdentityProviders = new[]\n {\n \"COGNITO\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"userpool_client\", \u0026cognito.UserPoolClientArgs{\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tUserPoolId: pool.ID(),\n\t\t\tCallbackUrls: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t\tAllowedOauthFlowsUserPoolClient: pulumi.Bool(true),\n\t\t\tAllowedOauthFlows: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"code\"),\n\t\t\t\tpulumi.String(\"implicit\"),\n\t\t\t},\n\t\t\tAllowedOauthScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"openid\"),\n\t\t\t},\n\t\t\tSupportedIdentityProviders: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"COGNITO\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolClient;\nimport com.pulumi.aws.cognito.UserPoolClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\", UserPoolArgs.builder() \n .name(\"pool\")\n .build());\n\n var userpoolClient = new UserPoolClient(\"userpoolClient\", UserPoolClientArgs.builder() \n .name(\"client\")\n .userPoolId(pool.id())\n .callbackUrls(\"https://example.com\")\n .allowedOauthFlowsUserPoolClient(true)\n .allowedOauthFlows( \n \"code\",\n \"implicit\")\n .allowedOauthScopes( \n \"email\",\n \"openid\")\n .supportedIdentityProviders(\"COGNITO\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userpoolClient:\n type: aws:cognito:UserPoolClient\n name: userpool_client\n properties:\n name: client\n userPoolId: ${pool.id}\n callbackUrls:\n - https://example.com\n allowedOauthFlowsUserPoolClient: true\n allowedOauthFlows:\n - code\n - implicit\n allowedOauthScopes:\n - email\n - openid\n supportedIdentityProviders:\n - COGNITO\n pool:\n type: aws:cognito:UserPool\n properties:\n name: pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pool Clients using the `id` of the Cognito User Pool, and the `id` of the Cognito User Pool Client. For example:\n\n```sh\n$ pulumi import aws:cognito/userPoolClient:UserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko\n```\n", "properties": { "accessTokenValidity": { "type": "integer", @@ -189993,7 +189993,7 @@ } }, "aws:cognito/userPoolDomain:UserPoolDomain": { - "description": "Provides a Cognito User Pool Domain resource.\n\n## Example Usage\n\n### Amazon Cognito domain\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cognito.UserPool(\"example\", {name: \"example-pool\"});\nconst main = new aws.cognito.UserPoolDomain(\"main\", {\n domain: \"example-domain\",\n userPoolId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cognito.UserPool(\"example\", name=\"example-pool\")\nmain = aws.cognito.UserPoolDomain(\"main\",\n domain=\"example-domain\",\n user_pool_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cognito.UserPool(\"example\", new()\n {\n Name = \"example-pool\",\n });\n\n var main = new Aws.Cognito.UserPoolDomain(\"main\", new()\n {\n Domain = \"example-domain\",\n UserPoolId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolDomain(ctx, \"main\", \u0026cognito.UserPoolDomainArgs{\n\t\t\tDomain: pulumi.String(\"example-domain\"),\n\t\t\tUserPoolId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolDomain;\nimport com.pulumi.aws.cognito.UserPoolDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new UserPool(\"example\", UserPoolArgs.builder() \n .name(\"example-pool\")\n .build());\n\n var main = new UserPoolDomain(\"main\", UserPoolDomainArgs.builder() \n .domain(\"example-domain\")\n .userPoolId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cognito:UserPoolDomain\n properties:\n domain: example-domain\n userPoolId: ${example.id}\n example:\n type: aws:cognito:UserPool\n properties:\n name: example-pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Cognito domain\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleUserPool = new aws.cognito.UserPool(\"example\", {name: \"example-pool\"});\nconst main = new aws.cognito.UserPoolDomain(\"main\", {\n domain: \"example-domain\",\n certificateArn: cert.arn,\n userPoolId: exampleUserPool.id,\n});\nconst example = aws.route53.getZone({\n name: \"example.com\",\n});\nconst auth_cognito_A = new aws.route53.Record(\"auth-cognito-A\", {\n name: main.domain,\n type: \"A\",\n zoneId: example.then(example =\u003e example.zoneId),\n aliases: [{\n evaluateTargetHealth: false,\n name: main.cloudfrontDistribution,\n zoneId: main.cloudfrontDistributionZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_user_pool = aws.cognito.UserPool(\"example\", name=\"example-pool\")\nmain = aws.cognito.UserPoolDomain(\"main\",\n domain=\"example-domain\",\n certificate_arn=cert[\"arn\"],\n user_pool_id=example_user_pool.id)\nexample = aws.route53.get_zone(name=\"example.com\")\nauth_cognito__a = aws.route53.Record(\"auth-cognito-A\",\n name=main.domain,\n type=\"A\",\n zone_id=example.zone_id,\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=False,\n name=main.cloudfront_distribution,\n zone_id=main.cloudfront_distribution_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleUserPool = new Aws.Cognito.UserPool(\"example\", new()\n {\n Name = \"example-pool\",\n });\n\n var main = new Aws.Cognito.UserPoolDomain(\"main\", new()\n {\n Domain = \"example-domain\",\n CertificateArn = cert.Arn,\n UserPoolId = exampleUserPool.Id,\n });\n\n var example = Aws.Route53.GetZone.Invoke(new()\n {\n Name = \"example.com\",\n });\n\n var auth_cognito_A = new Aws.Route53.Record(\"auth-cognito-A\", new()\n {\n Name = main.Domain,\n Type = \"A\",\n ZoneId = example.Apply(getZoneResult =\u003e getZoneResult.ZoneId),\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = false,\n Name = main.CloudfrontDistribution,\n ZoneId = main.CloudfrontDistributionZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleUserPool, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := cognito.NewUserPoolDomain(ctx, \"main\", \u0026cognito.UserPoolDomainArgs{\n\t\t\tDomain: pulumi.String(\"example-domain\"),\n\t\t\tCertificateArn: pulumi.Any(cert.Arn),\n\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := route53.LookupZone(ctx, \u0026route53.LookupZoneArgs{\n\t\t\tName: pulumi.StringRef(\"example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"auth-cognito-A\", \u0026route53.RecordArgs{\n\t\t\tName: main.Domain,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: *pulumi.String(example.ZoneId),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(false),\n\t\t\t\t\tName: main.CloudfrontDistribution,\n\t\t\t\t\tZoneId: main.CloudfrontDistributionZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolDomain;\nimport com.pulumi.aws.cognito.UserPoolDomainArgs;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleUserPool = new UserPool(\"exampleUserPool\", UserPoolArgs.builder() \n .name(\"example-pool\")\n .build());\n\n var main = new UserPoolDomain(\"main\", UserPoolDomainArgs.builder() \n .domain(\"example-domain\")\n .certificateArn(cert.arn())\n .userPoolId(exampleUserPool.id())\n .build());\n\n final var example = Route53Functions.getZone(GetZoneArgs.builder()\n .name(\"example.com\")\n .build());\n\n var auth_cognito_A = new Record(\"auth-cognito-A\", RecordArgs.builder() \n .name(main.domain())\n .type(\"A\")\n .zoneId(example.applyValue(getZoneResult -\u003e getZoneResult.zoneId()))\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(false)\n .name(main.cloudfrontDistribution())\n .zoneId(main.cloudfrontDistributionZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cognito:UserPoolDomain\n properties:\n domain: example-domain\n certificateArn: ${cert.arn}\n userPoolId: ${exampleUserPool.id}\n exampleUserPool:\n type: aws:cognito:UserPool\n name: example\n properties:\n name: example-pool\n auth-cognito-A:\n type: aws:route53:Record\n properties:\n name: ${main.domain}\n type: A\n zoneId: ${example.zoneId}\n aliases:\n - evaluateTargetHealth: false\n name: ${main.cloudfrontDistribution}\n zoneId: ${main.cloudfrontDistributionZoneId}\nvariables:\n example:\n fn::invoke:\n Function: aws:route53:getZone\n Arguments:\n name: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pool Domains using the `domain`. For example:\n\n```sh\n$ pulumi import aws:cognito/userPoolDomain:UserPoolDomain main auth.example.org\n```\n", + "description": "Provides a Cognito User Pool Domain resource.\n\n## Example Usage\n\n### Amazon Cognito domain\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cognito.UserPool(\"example\", {name: \"example-pool\"});\nconst main = new aws.cognito.UserPoolDomain(\"main\", {\n domain: \"example-domain\",\n userPoolId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cognito.UserPool(\"example\", name=\"example-pool\")\nmain = aws.cognito.UserPoolDomain(\"main\",\n domain=\"example-domain\",\n user_pool_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cognito.UserPool(\"example\", new()\n {\n Name = \"example-pool\",\n });\n\n var main = new Aws.Cognito.UserPoolDomain(\"main\", new()\n {\n Domain = \"example-domain\",\n UserPoolId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolDomain(ctx, \"main\", \u0026cognito.UserPoolDomainArgs{\n\t\t\tDomain: pulumi.String(\"example-domain\"),\n\t\t\tUserPoolId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolDomain;\nimport com.pulumi.aws.cognito.UserPoolDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new UserPool(\"example\", UserPoolArgs.builder() \n .name(\"example-pool\")\n .build());\n\n var main = new UserPoolDomain(\"main\", UserPoolDomainArgs.builder() \n .domain(\"example-domain\")\n .userPoolId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cognito:UserPoolDomain\n properties:\n domain: example-domain\n userPoolId: ${example.id}\n example:\n type: aws:cognito:UserPool\n properties:\n name: example-pool\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Custom Cognito domain\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleUserPool = new aws.cognito.UserPool(\"example\", {name: \"example-pool\"});\nconst main = new aws.cognito.UserPoolDomain(\"main\", {\n domain: \"example-domain\",\n certificateArn: cert.arn,\n userPoolId: exampleUserPool.id,\n});\nconst example = aws.route53.getZone({\n name: \"example.com\",\n});\nconst auth_cognito_A = new aws.route53.Record(\"auth-cognito-A\", {\n name: main.domain,\n type: aws.route53.RecordType.A,\n zoneId: example.then(example =\u003e example.zoneId),\n aliases: [{\n evaluateTargetHealth: false,\n name: main.cloudfrontDistribution,\n zoneId: main.cloudfrontDistributionZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_user_pool = aws.cognito.UserPool(\"example\", name=\"example-pool\")\nmain = aws.cognito.UserPoolDomain(\"main\",\n domain=\"example-domain\",\n certificate_arn=cert[\"arn\"],\n user_pool_id=example_user_pool.id)\nexample = aws.route53.get_zone(name=\"example.com\")\nauth_cognito__a = aws.route53.Record(\"auth-cognito-A\",\n name=main.domain,\n type=aws.route53.RecordType.A,\n zone_id=example.zone_id,\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=False,\n name=main.cloudfront_distribution,\n zone_id=main.cloudfront_distribution_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleUserPool = new Aws.Cognito.UserPool(\"example\", new()\n {\n Name = \"example-pool\",\n });\n\n var main = new Aws.Cognito.UserPoolDomain(\"main\", new()\n {\n Domain = \"example-domain\",\n CertificateArn = cert.Arn,\n UserPoolId = exampleUserPool.Id,\n });\n\n var example = Aws.Route53.GetZone.Invoke(new()\n {\n Name = \"example.com\",\n });\n\n var auth_cognito_A = new Aws.Route53.Record(\"auth-cognito-A\", new()\n {\n Name = main.Domain,\n Type = Aws.Route53.RecordType.A,\n ZoneId = example.Apply(getZoneResult =\u003e getZoneResult.ZoneId),\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = false,\n Name = main.CloudfrontDistribution,\n ZoneId = main.CloudfrontDistributionZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleUserPool, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tName: pulumi.String(\"example-pool\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := cognito.NewUserPoolDomain(ctx, \"main\", \u0026cognito.UserPoolDomainArgs{\n\t\t\tDomain: pulumi.String(\"example-domain\"),\n\t\t\tCertificateArn: pulumi.Any(cert.Arn),\n\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := route53.LookupZone(ctx, \u0026route53.LookupZoneArgs{\n\t\t\tName: pulumi.StringRef(\"example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"auth-cognito-A\", \u0026route53.RecordArgs{\n\t\t\tName: main.Domain,\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tZoneId: pulumi.String(example.ZoneId),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(false),\n\t\t\t\t\tName: main.CloudfrontDistribution,\n\t\t\t\t\tZoneId: main.CloudfrontDistributionZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.UserPoolDomain;\nimport com.pulumi.aws.cognito.UserPoolDomainArgs;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleUserPool = new UserPool(\"exampleUserPool\", UserPoolArgs.builder() \n .name(\"example-pool\")\n .build());\n\n var main = new UserPoolDomain(\"main\", UserPoolDomainArgs.builder() \n .domain(\"example-domain\")\n .certificateArn(cert.arn())\n .userPoolId(exampleUserPool.id())\n .build());\n\n final var example = Route53Functions.getZone(GetZoneArgs.builder()\n .name(\"example.com\")\n .build());\n\n var auth_cognito_A = new Record(\"auth-cognito-A\", RecordArgs.builder() \n .name(main.domain())\n .type(\"A\")\n .zoneId(example.applyValue(getZoneResult -\u003e getZoneResult.zoneId()))\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(false)\n .name(main.cloudfrontDistribution())\n .zoneId(main.cloudfrontDistributionZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:cognito:UserPoolDomain\n properties:\n domain: example-domain\n certificateArn: ${cert.arn}\n userPoolId: ${exampleUserPool.id}\n exampleUserPool:\n type: aws:cognito:UserPool\n name: example\n properties:\n name: example-pool\n auth-cognito-A:\n type: aws:route53:Record\n properties:\n name: ${main.domain}\n type: A\n zoneId: ${example.zoneId}\n aliases:\n - evaluateTargetHealth: false\n name: ${main.cloudfrontDistribution}\n zoneId: ${main.cloudfrontDistributionZoneId}\nvariables:\n example:\n fn::invoke:\n Function: aws:route53:getZone\n Arguments:\n name: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pool Domains using the `domain`. For example:\n\n```sh\n$ pulumi import aws:cognito/userPoolDomain:UserPoolDomain main auth.example.org\n```\n", "properties": { "awsAccountId": { "type": "string", @@ -190598,7 +190598,7 @@ } }, "aws:connect/botAssociation:BotAssociation": { - "description": "Allows the specified Amazon Connect instance to access the specified Amazon Lex (V1) bot. For more information see\n[Amazon Connect: Getting Started](https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-get-started.html) and [Add an Amazon Lex bot](https://docs.aws.amazon.com/connect/latest/adminguide/amazon-lex.html).\n\n\u003e **NOTE:** This resource only currently supports Amazon Lex (V1) Associations.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.connect.BotAssociation(\"example\", {\n instanceId: exampleAwsConnectInstance.id,\n lexBot: {\n lexRegion: \"us-west-2\",\n name: \"Test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.connect.BotAssociation(\"example\",\n instance_id=example_aws_connect_instance[\"id\"],\n lex_bot=aws.connect.BotAssociationLexBotArgs(\n lex_region=\"us-west-2\",\n name=\"Test\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Connect.BotAssociation(\"example\", new()\n {\n InstanceId = exampleAwsConnectInstance.Id,\n LexBot = new Aws.Connect.Inputs.BotAssociationLexBotArgs\n {\n LexRegion = \"us-west-2\",\n Name = \"Test\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/connect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := connect.NewBotAssociation(ctx, \"example\", \u0026connect.BotAssociationArgs{\n\t\t\tInstanceId: pulumi.Any(exampleAwsConnectInstance.Id),\n\t\t\tLexBot: \u0026connect.BotAssociationLexBotArgs{\n\t\t\t\tLexRegion: pulumi.String(\"us-west-2\"),\n\t\t\t\tName: pulumi.String(\"Test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.connect.BotAssociation;\nimport com.pulumi.aws.connect.BotAssociationArgs;\nimport com.pulumi.aws.connect.inputs.BotAssociationLexBotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BotAssociation(\"example\", BotAssociationArgs.builder() \n .instanceId(exampleAwsConnectInstance.id())\n .lexBot(BotAssociationLexBotArgs.builder()\n .lexRegion(\"us-west-2\")\n .name(\"Test\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:connect:BotAssociation\n properties:\n instanceId: ${exampleAwsConnectInstance.id}\n lexBot:\n lexRegion: us-west-2\n name: Test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Including a sample Lex bot\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.lex.Intent(\"example\", {\n createVersion: true,\n name: \"connect_lex_intent\",\n fulfillmentActivity: {\n type: \"ReturnIntent\",\n },\n sampleUtterances: [\"I would like to pick up flowers.\"],\n});\nconst exampleBot = new aws.lex.Bot(\"example\", {\n abortStatement: {\n messages: [{\n content: \"Sorry, I am not able to assist at this time.\",\n contentType: \"PlainText\",\n }],\n },\n clarificationPrompt: {\n maxAttempts: 2,\n messages: [{\n content: \"I didn't understand you, what would you like to do?\",\n contentType: \"PlainText\",\n }],\n },\n intents: [{\n intentName: example.name,\n intentVersion: \"1\",\n }],\n childDirected: false,\n name: \"connect_lex_bot\",\n processBehavior: \"BUILD\",\n});\nconst exampleBotAssociation = new aws.connect.BotAssociation(\"example\", {\n instanceId: exampleAwsConnectInstance.id,\n lexBot: {\n lexRegion: current.then(current =\u003e current.name),\n name: exampleBot.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.lex.Intent(\"example\",\n create_version=True,\n name=\"connect_lex_intent\",\n fulfillment_activity=aws.lex.IntentFulfillmentActivityArgs(\n type=\"ReturnIntent\",\n ),\n sample_utterances=[\"I would like to pick up flowers.\"])\nexample_bot = aws.lex.Bot(\"example\",\n abort_statement=aws.lex.BotAbortStatementArgs(\n messages=[aws.lex.BotAbortStatementMessageArgs(\n content=\"Sorry, I am not able to assist at this time.\",\n content_type=\"PlainText\",\n )],\n ),\n clarification_prompt=aws.lex.BotClarificationPromptArgs(\n max_attempts=2,\n messages=[aws.lex.BotClarificationPromptMessageArgs(\n content=\"I didn't understand you, what would you like to do?\",\n content_type=\"PlainText\",\n )],\n ),\n intents=[aws.lex.BotIntentArgs(\n intent_name=example.name,\n intent_version=\"1\",\n )],\n child_directed=False,\n name=\"connect_lex_bot\",\n process_behavior=\"BUILD\")\nexample_bot_association = aws.connect.BotAssociation(\"example\",\n instance_id=example_aws_connect_instance[\"id\"],\n lex_bot=aws.connect.BotAssociationLexBotArgs(\n lex_region=current.name,\n name=example_bot.name,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Lex.Intent(\"example\", new()\n {\n CreateVersion = true,\n Name = \"connect_lex_intent\",\n FulfillmentActivity = new Aws.Lex.Inputs.IntentFulfillmentActivityArgs\n {\n Type = \"ReturnIntent\",\n },\n SampleUtterances = new[]\n {\n \"I would like to pick up flowers.\",\n },\n });\n\n var exampleBot = new Aws.Lex.Bot(\"example\", new()\n {\n AbortStatement = new Aws.Lex.Inputs.BotAbortStatementArgs\n {\n Messages = new[]\n {\n new Aws.Lex.Inputs.BotAbortStatementMessageArgs\n {\n Content = \"Sorry, I am not able to assist at this time.\",\n ContentType = \"PlainText\",\n },\n },\n },\n ClarificationPrompt = new Aws.Lex.Inputs.BotClarificationPromptArgs\n {\n MaxAttempts = 2,\n Messages = new[]\n {\n new Aws.Lex.Inputs.BotClarificationPromptMessageArgs\n {\n Content = \"I didn't understand you, what would you like to do?\",\n ContentType = \"PlainText\",\n },\n },\n },\n Intents = new[]\n {\n new Aws.Lex.Inputs.BotIntentArgs\n {\n IntentName = example.Name,\n IntentVersion = \"1\",\n },\n },\n ChildDirected = false,\n Name = \"connect_lex_bot\",\n ProcessBehavior = \"BUILD\",\n });\n\n var exampleBotAssociation = new Aws.Connect.BotAssociation(\"example\", new()\n {\n InstanceId = exampleAwsConnectInstance.Id,\n LexBot = new Aws.Connect.Inputs.BotAssociationLexBotArgs\n {\n LexRegion = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Name = exampleBot.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/connect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := lex.NewIntent(ctx, \"example\", \u0026lex.IntentArgs{\n\t\t\tCreateVersion: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"connect_lex_intent\"),\n\t\t\tFulfillmentActivity: \u0026lex.IntentFulfillmentActivityArgs{\n\t\t\t\tType: pulumi.String(\"ReturnIntent\"),\n\t\t\t},\n\t\t\tSampleUtterances: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"I would like to pick up flowers.\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBot, err := lex.NewBot(ctx, \"example\", \u0026lex.BotArgs{\n\t\t\tAbortStatement: \u0026lex.BotAbortStatementArgs{\n\t\t\t\tMessages: lex.BotAbortStatementMessageArray{\n\t\t\t\t\t\u0026lex.BotAbortStatementMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"Sorry, I am not able to assist at this time.\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tClarificationPrompt: \u0026lex.BotClarificationPromptArgs{\n\t\t\t\tMaxAttempts: pulumi.Int(2),\n\t\t\t\tMessages: lex.BotClarificationPromptMessageArray{\n\t\t\t\t\t\u0026lex.BotClarificationPromptMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"I didn't understand you, what would you like to do?\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tIntents: lex.BotIntentArray{\n\t\t\t\t\u0026lex.BotIntentArgs{\n\t\t\t\t\tIntentName: example.Name,\n\t\t\t\t\tIntentVersion: pulumi.String(\"1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tChildDirected: pulumi.Bool(false),\n\t\t\tName: pulumi.String(\"connect_lex_bot\"),\n\t\t\tProcessBehavior: pulumi.String(\"BUILD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = connect.NewBotAssociation(ctx, \"example\", \u0026connect.BotAssociationArgs{\n\t\t\tInstanceId: pulumi.Any(exampleAwsConnectInstance.Id),\n\t\t\tLexBot: \u0026connect.BotAssociationLexBotArgs{\n\t\t\t\tLexRegion: *pulumi.String(current.Name),\n\t\t\t\tName: exampleBot.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.lex.Intent;\nimport com.pulumi.aws.lex.IntentArgs;\nimport com.pulumi.aws.lex.inputs.IntentFulfillmentActivityArgs;\nimport com.pulumi.aws.lex.Bot;\nimport com.pulumi.aws.lex.BotArgs;\nimport com.pulumi.aws.lex.inputs.BotAbortStatementArgs;\nimport com.pulumi.aws.lex.inputs.BotClarificationPromptArgs;\nimport com.pulumi.aws.lex.inputs.BotIntentArgs;\nimport com.pulumi.aws.connect.BotAssociation;\nimport com.pulumi.aws.connect.BotAssociationArgs;\nimport com.pulumi.aws.connect.inputs.BotAssociationLexBotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new Intent(\"example\", IntentArgs.builder() \n .createVersion(true)\n .name(\"connect_lex_intent\")\n .fulfillmentActivity(IntentFulfillmentActivityArgs.builder()\n .type(\"ReturnIntent\")\n .build())\n .sampleUtterances(\"I would like to pick up flowers.\")\n .build());\n\n var exampleBot = new Bot(\"exampleBot\", BotArgs.builder() \n .abortStatement(BotAbortStatementArgs.builder()\n .messages(BotAbortStatementMessageArgs.builder()\n .content(\"Sorry, I am not able to assist at this time.\")\n .contentType(\"PlainText\")\n .build())\n .build())\n .clarificationPrompt(BotClarificationPromptArgs.builder()\n .maxAttempts(2)\n .messages(BotClarificationPromptMessageArgs.builder()\n .content(\"I didn't understand you, what would you like to do?\")\n .contentType(\"PlainText\")\n .build())\n .build())\n .intents(BotIntentArgs.builder()\n .intentName(example.name())\n .intentVersion(\"1\")\n .build())\n .childDirected(false)\n .name(\"connect_lex_bot\")\n .processBehavior(\"BUILD\")\n .build());\n\n var exampleBotAssociation = new BotAssociation(\"exampleBotAssociation\", BotAssociationArgs.builder() \n .instanceId(exampleAwsConnectInstance.id())\n .lexBot(BotAssociationLexBotArgs.builder()\n .lexRegion(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .name(exampleBot.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lex:Intent\n properties:\n createVersion: true\n name: connect_lex_intent\n fulfillmentActivity:\n type: ReturnIntent\n sampleUtterances:\n - I would like to pick up flowers.\n exampleBot:\n type: aws:lex:Bot\n name: example\n properties:\n abortStatement:\n messages:\n - content: Sorry, I am not able to assist at this time.\n contentType: PlainText\n clarificationPrompt:\n maxAttempts: 2\n messages:\n - content: I didn't understand you, what would you like to do?\n contentType: PlainText\n intents:\n - intentName: ${example.name}\n intentVersion: '1'\n childDirected: false\n name: connect_lex_bot\n processBehavior: BUILD\n exampleBotAssociation:\n type: aws:connect:BotAssociation\n name: example\n properties:\n instanceId: ${exampleAwsConnectInstance.id}\n lexBot:\n lexRegion: ${current.name}\n name: ${exampleBot.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_connect_bot_association` using the Amazon Connect instance ID, Lex (V1) bot name, and Lex (V1) bot region separated by colons (`:`). For example:\n\n```sh\n$ pulumi import aws:connect/botAssociation:BotAssociation example aaaaaaaa-bbbb-cccc-dddd-111111111111:Example:us-west-2\n```\n", + "description": "Allows the specified Amazon Connect instance to access the specified Amazon Lex (V1) bot. For more information see\n[Amazon Connect: Getting Started](https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-get-started.html) and [Add an Amazon Lex bot](https://docs.aws.amazon.com/connect/latest/adminguide/amazon-lex.html).\n\n\u003e **NOTE:** This resource only currently supports Amazon Lex (V1) Associations.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.connect.BotAssociation(\"example\", {\n instanceId: exampleAwsConnectInstance.id,\n lexBot: {\n lexRegion: \"us-west-2\",\n name: \"Test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.connect.BotAssociation(\"example\",\n instance_id=example_aws_connect_instance[\"id\"],\n lex_bot=aws.connect.BotAssociationLexBotArgs(\n lex_region=\"us-west-2\",\n name=\"Test\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Connect.BotAssociation(\"example\", new()\n {\n InstanceId = exampleAwsConnectInstance.Id,\n LexBot = new Aws.Connect.Inputs.BotAssociationLexBotArgs\n {\n LexRegion = \"us-west-2\",\n Name = \"Test\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/connect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := connect.NewBotAssociation(ctx, \"example\", \u0026connect.BotAssociationArgs{\n\t\t\tInstanceId: pulumi.Any(exampleAwsConnectInstance.Id),\n\t\t\tLexBot: \u0026connect.BotAssociationLexBotArgs{\n\t\t\t\tLexRegion: pulumi.String(\"us-west-2\"),\n\t\t\t\tName: pulumi.String(\"Test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.connect.BotAssociation;\nimport com.pulumi.aws.connect.BotAssociationArgs;\nimport com.pulumi.aws.connect.inputs.BotAssociationLexBotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BotAssociation(\"example\", BotAssociationArgs.builder() \n .instanceId(exampleAwsConnectInstance.id())\n .lexBot(BotAssociationLexBotArgs.builder()\n .lexRegion(\"us-west-2\")\n .name(\"Test\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:connect:BotAssociation\n properties:\n instanceId: ${exampleAwsConnectInstance.id}\n lexBot:\n lexRegion: us-west-2\n name: Test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Including a sample Lex bot\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.lex.Intent(\"example\", {\n createVersion: true,\n name: \"connect_lex_intent\",\n fulfillmentActivity: {\n type: \"ReturnIntent\",\n },\n sampleUtterances: [\"I would like to pick up flowers.\"],\n});\nconst exampleBot = new aws.lex.Bot(\"example\", {\n abortStatement: {\n messages: [{\n content: \"Sorry, I am not able to assist at this time.\",\n contentType: \"PlainText\",\n }],\n },\n clarificationPrompt: {\n maxAttempts: 2,\n messages: [{\n content: \"I didn't understand you, what would you like to do?\",\n contentType: \"PlainText\",\n }],\n },\n intents: [{\n intentName: example.name,\n intentVersion: \"1\",\n }],\n childDirected: false,\n name: \"connect_lex_bot\",\n processBehavior: \"BUILD\",\n});\nconst exampleBotAssociation = new aws.connect.BotAssociation(\"example\", {\n instanceId: exampleAwsConnectInstance.id,\n lexBot: {\n lexRegion: current.then(current =\u003e current.name),\n name: exampleBot.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.lex.Intent(\"example\",\n create_version=True,\n name=\"connect_lex_intent\",\n fulfillment_activity=aws.lex.IntentFulfillmentActivityArgs(\n type=\"ReturnIntent\",\n ),\n sample_utterances=[\"I would like to pick up flowers.\"])\nexample_bot = aws.lex.Bot(\"example\",\n abort_statement=aws.lex.BotAbortStatementArgs(\n messages=[aws.lex.BotAbortStatementMessageArgs(\n content=\"Sorry, I am not able to assist at this time.\",\n content_type=\"PlainText\",\n )],\n ),\n clarification_prompt=aws.lex.BotClarificationPromptArgs(\n max_attempts=2,\n messages=[aws.lex.BotClarificationPromptMessageArgs(\n content=\"I didn't understand you, what would you like to do?\",\n content_type=\"PlainText\",\n )],\n ),\n intents=[aws.lex.BotIntentArgs(\n intent_name=example.name,\n intent_version=\"1\",\n )],\n child_directed=False,\n name=\"connect_lex_bot\",\n process_behavior=\"BUILD\")\nexample_bot_association = aws.connect.BotAssociation(\"example\",\n instance_id=example_aws_connect_instance[\"id\"],\n lex_bot=aws.connect.BotAssociationLexBotArgs(\n lex_region=current.name,\n name=example_bot.name,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Lex.Intent(\"example\", new()\n {\n CreateVersion = true,\n Name = \"connect_lex_intent\",\n FulfillmentActivity = new Aws.Lex.Inputs.IntentFulfillmentActivityArgs\n {\n Type = \"ReturnIntent\",\n },\n SampleUtterances = new[]\n {\n \"I would like to pick up flowers.\",\n },\n });\n\n var exampleBot = new Aws.Lex.Bot(\"example\", new()\n {\n AbortStatement = new Aws.Lex.Inputs.BotAbortStatementArgs\n {\n Messages = new[]\n {\n new Aws.Lex.Inputs.BotAbortStatementMessageArgs\n {\n Content = \"Sorry, I am not able to assist at this time.\",\n ContentType = \"PlainText\",\n },\n },\n },\n ClarificationPrompt = new Aws.Lex.Inputs.BotClarificationPromptArgs\n {\n MaxAttempts = 2,\n Messages = new[]\n {\n new Aws.Lex.Inputs.BotClarificationPromptMessageArgs\n {\n Content = \"I didn't understand you, what would you like to do?\",\n ContentType = \"PlainText\",\n },\n },\n },\n Intents = new[]\n {\n new Aws.Lex.Inputs.BotIntentArgs\n {\n IntentName = example.Name,\n IntentVersion = \"1\",\n },\n },\n ChildDirected = false,\n Name = \"connect_lex_bot\",\n ProcessBehavior = \"BUILD\",\n });\n\n var exampleBotAssociation = new Aws.Connect.BotAssociation(\"example\", new()\n {\n InstanceId = exampleAwsConnectInstance.Id,\n LexBot = new Aws.Connect.Inputs.BotAssociationLexBotArgs\n {\n LexRegion = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Name = exampleBot.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/connect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := lex.NewIntent(ctx, \"example\", \u0026lex.IntentArgs{\n\t\t\tCreateVersion: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"connect_lex_intent\"),\n\t\t\tFulfillmentActivity: \u0026lex.IntentFulfillmentActivityArgs{\n\t\t\t\tType: pulumi.String(\"ReturnIntent\"),\n\t\t\t},\n\t\t\tSampleUtterances: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"I would like to pick up flowers.\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBot, err := lex.NewBot(ctx, \"example\", \u0026lex.BotArgs{\n\t\t\tAbortStatement: \u0026lex.BotAbortStatementArgs{\n\t\t\t\tMessages: lex.BotAbortStatementMessageArray{\n\t\t\t\t\t\u0026lex.BotAbortStatementMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"Sorry, I am not able to assist at this time.\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tClarificationPrompt: \u0026lex.BotClarificationPromptArgs{\n\t\t\t\tMaxAttempts: pulumi.Int(2),\n\t\t\t\tMessages: lex.BotClarificationPromptMessageArray{\n\t\t\t\t\t\u0026lex.BotClarificationPromptMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"I didn't understand you, what would you like to do?\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tIntents: lex.BotIntentArray{\n\t\t\t\t\u0026lex.BotIntentArgs{\n\t\t\t\t\tIntentName: example.Name,\n\t\t\t\t\tIntentVersion: pulumi.String(\"1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tChildDirected: pulumi.Bool(false),\n\t\t\tName: pulumi.String(\"connect_lex_bot\"),\n\t\t\tProcessBehavior: pulumi.String(\"BUILD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = connect.NewBotAssociation(ctx, \"example\", \u0026connect.BotAssociationArgs{\n\t\t\tInstanceId: pulumi.Any(exampleAwsConnectInstance.Id),\n\t\t\tLexBot: \u0026connect.BotAssociationLexBotArgs{\n\t\t\t\tLexRegion: pulumi.String(current.Name),\n\t\t\t\tName: exampleBot.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.lex.Intent;\nimport com.pulumi.aws.lex.IntentArgs;\nimport com.pulumi.aws.lex.inputs.IntentFulfillmentActivityArgs;\nimport com.pulumi.aws.lex.Bot;\nimport com.pulumi.aws.lex.BotArgs;\nimport com.pulumi.aws.lex.inputs.BotAbortStatementArgs;\nimport com.pulumi.aws.lex.inputs.BotClarificationPromptArgs;\nimport com.pulumi.aws.lex.inputs.BotIntentArgs;\nimport com.pulumi.aws.connect.BotAssociation;\nimport com.pulumi.aws.connect.BotAssociationArgs;\nimport com.pulumi.aws.connect.inputs.BotAssociationLexBotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new Intent(\"example\", IntentArgs.builder() \n .createVersion(true)\n .name(\"connect_lex_intent\")\n .fulfillmentActivity(IntentFulfillmentActivityArgs.builder()\n .type(\"ReturnIntent\")\n .build())\n .sampleUtterances(\"I would like to pick up flowers.\")\n .build());\n\n var exampleBot = new Bot(\"exampleBot\", BotArgs.builder() \n .abortStatement(BotAbortStatementArgs.builder()\n .messages(BotAbortStatementMessageArgs.builder()\n .content(\"Sorry, I am not able to assist at this time.\")\n .contentType(\"PlainText\")\n .build())\n .build())\n .clarificationPrompt(BotClarificationPromptArgs.builder()\n .maxAttempts(2)\n .messages(BotClarificationPromptMessageArgs.builder()\n .content(\"I didn't understand you, what would you like to do?\")\n .contentType(\"PlainText\")\n .build())\n .build())\n .intents(BotIntentArgs.builder()\n .intentName(example.name())\n .intentVersion(\"1\")\n .build())\n .childDirected(false)\n .name(\"connect_lex_bot\")\n .processBehavior(\"BUILD\")\n .build());\n\n var exampleBotAssociation = new BotAssociation(\"exampleBotAssociation\", BotAssociationArgs.builder() \n .instanceId(exampleAwsConnectInstance.id())\n .lexBot(BotAssociationLexBotArgs.builder()\n .lexRegion(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .name(exampleBot.name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lex:Intent\n properties:\n createVersion: true\n name: connect_lex_intent\n fulfillmentActivity:\n type: ReturnIntent\n sampleUtterances:\n - I would like to pick up flowers.\n exampleBot:\n type: aws:lex:Bot\n name: example\n properties:\n abortStatement:\n messages:\n - content: Sorry, I am not able to assist at this time.\n contentType: PlainText\n clarificationPrompt:\n maxAttempts: 2\n messages:\n - content: I didn't understand you, what would you like to do?\n contentType: PlainText\n intents:\n - intentName: ${example.name}\n intentVersion: '1'\n childDirected: false\n name: connect_lex_bot\n processBehavior: BUILD\n exampleBotAssociation:\n type: aws:connect:BotAssociation\n name: example\n properties:\n instanceId: ${exampleAwsConnectInstance.id}\n lexBot:\n lexRegion: ${current.name}\n name: ${exampleBot.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_connect_bot_association` using the Amazon Connect instance ID, Lex (V1) bot name, and Lex (V1) bot region separated by colons (`:`). For example:\n\n```sh\n$ pulumi import aws:connect/botAssociation:BotAssociation example aaaaaaaa-bbbb-cccc-dddd-111111111111:Example:us-west-2\n```\n", "properties": { "instanceId": { "type": "string", @@ -199414,7 +199414,7 @@ } }, "aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter": { - "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted private virtual interface.\nThis resource accepts ownership of a private virtual interface created by another AWS account.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPrivateVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepter.then(accepter =\u003e accepter.accountId),\n name: \"vif-foo\",\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n});\n// Accepter's side of the VIF.\nconst vpnGw = new aws.ec2.VpnGateway(\"vpn_gw\", {});\nconst accepterHostedPrivateVirtualInterfaceAccepter = new aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepter\", {\n virtualInterfaceId: creator.id,\n vpnGatewayId: vpnGw.id,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPrivateVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter.account_id,\n name=\"vif-foo\",\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352)\n# Accepter's side of the VIF.\nvpn_gw = aws.ec2.VpnGateway(\"vpn_gw\")\naccepter_hosted_private_virtual_interface_accepter = aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepter\",\n virtual_interface_id=creator.id,\n vpn_gateway_id=vpn_gw.id,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPrivateVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepter.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Name = \"vif-foo\",\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n });\n\n // Accepter's side of the VIF.\n var vpnGw = new Aws.Ec2.VpnGateway(\"vpn_gw\");\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPrivateVirtualInterfaceAccepter(\"accepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n VpnGatewayId = vpnGw.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccepter, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedPrivateVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPrivateVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepter.AccountId),\n\t\t\tName: pulumi.String(\"vif-foo\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\tvpnGw, err := ec2.NewVpnGateway(ctx, \"vpn_gw\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedPrivateVirtualInterfaceAccepter(ctx, \"accepter\", \u0026directconnect.HostedPrivateVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tVpnGatewayId: vpnGw.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceArgs;\nimport com.pulumi.aws.ec2.VpnGateway;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var accepter = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedPrivateVirtualInterface(\"creator\", HostedPrivateVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepter.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .name(\"vif-foo\")\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build());\n\n var vpnGw = new VpnGateway(\"vpnGw\");\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", HostedPrivateVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .vpnGatewayId(vpnGw.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPrivateVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepter.accountId}\n name: vif-foo\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352 # The aws_dx_hosted_private_virtual_interface\n # # must be destroyed before the aws_vpn_gateway.\n # Accepter's side of the VIF.\n vpnGw:\n type: aws:ec2:VpnGateway\n name: vpn_gw\n accepterHostedPrivateVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPrivateVirtualInterfaceAccepter\n name: accepter\n properties:\n virtualInterfaceId: ${creator.id}\n vpnGatewayId: ${vpnGw.id}\n tags:\n Side: Accepter\nvariables:\n accepter:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted private virtual interfaces using the VIF `id`. For example:\n\n```sh\n$ pulumi import aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n", + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted private virtual interface.\nThis resource accepts ownership of a private virtual interface created by another AWS account.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPrivateVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepter.then(accepter =\u003e accepter.accountId),\n name: \"vif-foo\",\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n});\n// Accepter's side of the VIF.\nconst vpnGw = new aws.ec2.VpnGateway(\"vpn_gw\", {});\nconst accepterHostedPrivateVirtualInterfaceAccepter = new aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepter\", {\n virtualInterfaceId: creator.id,\n vpnGatewayId: vpnGw.id,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPrivateVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter.account_id,\n name=\"vif-foo\",\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352)\n# Accepter's side of the VIF.\nvpn_gw = aws.ec2.VpnGateway(\"vpn_gw\")\naccepter_hosted_private_virtual_interface_accepter = aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepter\",\n virtual_interface_id=creator.id,\n vpn_gateway_id=vpn_gw.id,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPrivateVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepter.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Name = \"vif-foo\",\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n });\n\n // Accepter's side of the VIF.\n var vpnGw = new Aws.Ec2.VpnGateway(\"vpn_gw\");\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPrivateVirtualInterfaceAccepter(\"accepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n VpnGatewayId = vpnGw.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccepter, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedPrivateVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPrivateVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: pulumi.String(accepter.AccountId),\n\t\t\tName: pulumi.String(\"vif-foo\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\tvpnGw, err := ec2.NewVpnGateway(ctx, \"vpn_gw\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedPrivateVirtualInterfaceAccepter(ctx, \"accepter\", \u0026directconnect.HostedPrivateVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tVpnGatewayId: vpnGw.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceArgs;\nimport com.pulumi.aws.ec2.VpnGateway;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var accepter = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedPrivateVirtualInterface(\"creator\", HostedPrivateVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepter.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .name(\"vif-foo\")\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build());\n\n var vpnGw = new VpnGateway(\"vpnGw\");\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", HostedPrivateVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .vpnGatewayId(vpnGw.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPrivateVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepter.accountId}\n name: vif-foo\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352 # The aws_dx_hosted_private_virtual_interface\n # # must be destroyed before the aws_vpn_gateway.\n # Accepter's side of the VIF.\n vpnGw:\n type: aws:ec2:VpnGateway\n name: vpn_gw\n accepterHostedPrivateVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPrivateVirtualInterfaceAccepter\n name: accepter\n properties:\n virtualInterfaceId: ${creator.id}\n vpnGatewayId: ${vpnGw.id}\n tags:\n Side: Accepter\nvariables:\n accepter:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted private virtual interfaces using the VIF `id`. For example:\n\n```sh\n$ pulumi import aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n", "properties": { "arn": { "type": "string", @@ -199729,7 +199729,7 @@ } }, "aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter": { - "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted public virtual interface.\nThis resource accepts ownership of a public virtual interface created by another AWS account.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPublicVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepter.then(accepter =\u003e accepter.accountId),\n name: \"vif-foo\",\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n customerAddress: \"175.45.176.1/30\",\n amazonAddress: \"175.45.176.2/30\",\n routeFilterPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n});\n// Accepter's side of the VIF.\nconst accepterHostedPublicVirtualInterfaceAccepter = new aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepter\", {\n virtualInterfaceId: creator.id,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPublicVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter.account_id,\n name=\"vif-foo\",\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n customer_address=\"175.45.176.1/30\",\n amazon_address=\"175.45.176.2/30\",\n route_filter_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ])\n# Accepter's side of the VIF.\naccepter_hosted_public_virtual_interface_accepter = aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepter\",\n virtual_interface_id=creator.id,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPublicVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepter.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Name = \"vif-foo\",\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n CustomerAddress = \"175.45.176.1/30\",\n AmazonAddress = \"175.45.176.2/30\",\n RouteFilterPrefixes = new[]\n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n });\n\n // Accepter's side of the VIF.\n var accepterHostedPublicVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPublicVirtualInterfaceAccepter(\"accepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccepter, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedPublicVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPublicVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepter.AccountId),\n\t\t\tName: pulumi.String(\"vif-foo\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tCustomerAddress: pulumi.String(\"175.45.176.1/30\"),\n\t\t\tAmazonAddress: pulumi.String(\"175.45.176.2/30\"),\n\t\t\tRouteFilterPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\t_, err = directconnect.NewHostedPublicVirtualInterfaceAccepter(ctx, \"accepter\", \u0026directconnect.HostedPublicVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var accepter = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedPublicVirtualInterface(\"creator\", HostedPublicVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepter.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .name(\"vif-foo\")\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .customerAddress(\"175.45.176.1/30\")\n .amazonAddress(\"175.45.176.2/30\")\n .routeFilterPrefixes( \n \"210.52.109.0/24\",\n \"175.45.176.0/22\")\n .build());\n\n var accepterHostedPublicVirtualInterfaceAccepter = new HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", HostedPublicVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPublicVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepter.accountId}\n name: vif-foo\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n customerAddress: 175.45.176.1/30\n amazonAddress: 175.45.176.2/30\n routeFilterPrefixes:\n - 210.52.109.0/24\n - 175.45.176.0/22\n # Accepter's side of the VIF.\n accepterHostedPublicVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPublicVirtualInterfaceAccepter\n name: accepter\n properties:\n virtualInterfaceId: ${creator.id}\n tags:\n Side: Accepter\nvariables:\n accepter:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted public virtual interfaces using the VIF `id`. For example:\n\n```sh\n$ pulumi import aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n", + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted public virtual interface.\nThis resource accepts ownership of a public virtual interface created by another AWS account.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPublicVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepter.then(accepter =\u003e accepter.accountId),\n name: \"vif-foo\",\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n customerAddress: \"175.45.176.1/30\",\n amazonAddress: \"175.45.176.2/30\",\n routeFilterPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n});\n// Accepter's side of the VIF.\nconst accepterHostedPublicVirtualInterfaceAccepter = new aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepter\", {\n virtualInterfaceId: creator.id,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPublicVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter.account_id,\n name=\"vif-foo\",\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n customer_address=\"175.45.176.1/30\",\n amazon_address=\"175.45.176.2/30\",\n route_filter_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ])\n# Accepter's side of the VIF.\naccepter_hosted_public_virtual_interface_accepter = aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepter\",\n virtual_interface_id=creator.id,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPublicVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepter.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Name = \"vif-foo\",\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n CustomerAddress = \"175.45.176.1/30\",\n AmazonAddress = \"175.45.176.2/30\",\n RouteFilterPrefixes = new[]\n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n });\n\n // Accepter's side of the VIF.\n var accepterHostedPublicVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPublicVirtualInterfaceAccepter(\"accepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccepter, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedPublicVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPublicVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: pulumi.String(accepter.AccountId),\n\t\t\tName: pulumi.String(\"vif-foo\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tCustomerAddress: pulumi.String(\"175.45.176.1/30\"),\n\t\t\tAmazonAddress: pulumi.String(\"175.45.176.2/30\"),\n\t\t\tRouteFilterPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\t_, err = directconnect.NewHostedPublicVirtualInterfaceAccepter(ctx, \"accepter\", \u0026directconnect.HostedPublicVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var accepter = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedPublicVirtualInterface(\"creator\", HostedPublicVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepter.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .name(\"vif-foo\")\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .customerAddress(\"175.45.176.1/30\")\n .amazonAddress(\"175.45.176.2/30\")\n .routeFilterPrefixes( \n \"210.52.109.0/24\",\n \"175.45.176.0/22\")\n .build());\n\n var accepterHostedPublicVirtualInterfaceAccepter = new HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", HostedPublicVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPublicVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepter.accountId}\n name: vif-foo\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n customerAddress: 175.45.176.1/30\n amazonAddress: 175.45.176.2/30\n routeFilterPrefixes:\n - 210.52.109.0/24\n - 175.45.176.0/22\n # Accepter's side of the VIF.\n accepterHostedPublicVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPublicVirtualInterfaceAccepter\n name: accepter\n properties:\n virtualInterfaceId: ${creator.id}\n tags:\n Side: Accepter\nvariables:\n accepter:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted public virtual interfaces using the VIF `id`. For example:\n\n```sh\n$ pulumi import aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n", "properties": { "arn": { "type": "string", @@ -200014,7 +200014,7 @@ } }, "aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor": { - "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted transit virtual interface.\nThis resource accepts ownership of a transit virtual interface created by another AWS account.\n\n\u003e **NOTE:** AWS allows a Direct Connect hosted transit virtual interface to be deleted from either the allocator's or accepter's side. However, this provider only allows the Direct Connect hosted transit virtual interface to be deleted from the allocator's side by removing the corresponding `aws.directconnect.HostedTransitVirtualInterface` resource from your configuration. Removing a `aws.directconnect.HostedTransitVirtualInterfaceAcceptor` resource from your configuration will remove it from your statefile and management, **but will not delete the Direct Connect virtual interface.**\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedTransitVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepter.then(accepter =\u003e accepter.accountId),\n name: \"tf-transit-vif-example\",\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n});\n// Accepter's side of the VIF.\nconst example = new aws.directconnect.Gateway(\"example\", {\n name: \"tf-dxg-example\",\n amazonSideAsn: \"64512\",\n});\nconst accepterHostedTransitVirtualInterfaceAcceptor = new aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepter\", {\n virtualInterfaceId: creator.id,\n dxGatewayId: example.id,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedTransitVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter.account_id,\n name=\"tf-transit-vif-example\",\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352)\n# Accepter's side of the VIF.\nexample = aws.directconnect.Gateway(\"example\",\n name=\"tf-dxg-example\",\n amazon_side_asn=\"64512\")\naccepter_hosted_transit_virtual_interface_acceptor = aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepter\",\n virtual_interface_id=creator.id,\n dx_gateway_id=example.id,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedTransitVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepter.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Name = \"tf-transit-vif-example\",\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n });\n\n // Accepter's side of the VIF.\n var example = new Aws.DirectConnect.Gateway(\"example\", new()\n {\n Name = \"tf-dxg-example\",\n AmazonSideAsn = \"64512\",\n });\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new Aws.DirectConnect.HostedTransitVirtualInterfaceAcceptor(\"accepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n DxGatewayId = example.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccepter, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedTransitVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedTransitVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepter.AccountId),\n\t\t\tName: pulumi.String(\"tf-transit-vif-example\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\texample, err := directconnect.NewGateway(ctx, \"example\", \u0026directconnect.GatewayArgs{\n\t\t\tName: pulumi.String(\"tf-dxg-example\"),\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedTransitVirtualInterfaceAcceptor(ctx, \"accepter\", \u0026directconnect.HostedTransitVirtualInterfaceAcceptorArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tDxGatewayId: example.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.Gateway;\nimport com.pulumi.aws.directconnect.GatewayArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptor;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var accepter = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedTransitVirtualInterface(\"creator\", HostedTransitVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepter.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .name(\"tf-transit-vif-example\")\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build());\n\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .name(\"tf-dxg-example\")\n .amazonSideAsn(64512)\n .build());\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", HostedTransitVirtualInterfaceAcceptorArgs.builder() \n .virtualInterfaceId(creator.id())\n .dxGatewayId(example.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedTransitVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepter.accountId}\n name: tf-transit-vif-example\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352 # The aws_dx_hosted_transit_virtual_interface\n # # must be destroyed before the aws_dx_gateway.\n # Accepter's side of the VIF.\n example:\n type: aws:directconnect:Gateway\n properties:\n name: tf-dxg-example\n amazonSideAsn: 64512\n accepterHostedTransitVirtualInterfaceAcceptor:\n type: aws:directconnect:HostedTransitVirtualInterfaceAcceptor\n name: accepter\n properties:\n virtualInterfaceId: ${creator.id}\n dxGatewayId: ${example.id}\n tags:\n Side: Accepter\nvariables:\n accepter:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted transit virtual interfaces using the VIF `id`. For example:\n\n```sh\n$ pulumi import aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor test dxvif-33cc44dd\n```\n", + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted transit virtual interface.\nThis resource accepts ownership of a transit virtual interface created by another AWS account.\n\n\u003e **NOTE:** AWS allows a Direct Connect hosted transit virtual interface to be deleted from either the allocator's or accepter's side. However, this provider only allows the Direct Connect hosted transit virtual interface to be deleted from the allocator's side by removing the corresponding `aws.directconnect.HostedTransitVirtualInterface` resource from your configuration. Removing a `aws.directconnect.HostedTransitVirtualInterfaceAcceptor` resource from your configuration will remove it from your statefile and management, **but will not delete the Direct Connect virtual interface.**\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedTransitVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepter.then(accepter =\u003e accepter.accountId),\n name: \"tf-transit-vif-example\",\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n});\n// Accepter's side of the VIF.\nconst example = new aws.directconnect.Gateway(\"example\", {\n name: \"tf-dxg-example\",\n amazonSideAsn: \"64512\",\n});\nconst accepterHostedTransitVirtualInterfaceAcceptor = new aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepter\", {\n virtualInterfaceId: creator.id,\n dxGatewayId: example.id,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedTransitVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter.account_id,\n name=\"tf-transit-vif-example\",\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352)\n# Accepter's side of the VIF.\nexample = aws.directconnect.Gateway(\"example\",\n name=\"tf-dxg-example\",\n amazon_side_asn=\"64512\")\naccepter_hosted_transit_virtual_interface_acceptor = aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepter\",\n virtual_interface_id=creator.id,\n dx_gateway_id=example.id,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedTransitVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepter.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Name = \"tf-transit-vif-example\",\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n });\n\n // Accepter's side of the VIF.\n var example = new Aws.DirectConnect.Gateway(\"example\", new()\n {\n Name = \"tf-dxg-example\",\n AmazonSideAsn = \"64512\",\n });\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new Aws.DirectConnect.HostedTransitVirtualInterfaceAcceptor(\"accepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n DxGatewayId = example.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taccepter, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedTransitVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedTransitVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: pulumi.String(accepter.AccountId),\n\t\t\tName: pulumi.String(\"tf-transit-vif-example\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\texample, err := directconnect.NewGateway(ctx, \"example\", \u0026directconnect.GatewayArgs{\n\t\t\tName: pulumi.String(\"tf-dxg-example\"),\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedTransitVirtualInterfaceAcceptor(ctx, \"accepter\", \u0026directconnect.HostedTransitVirtualInterfaceAcceptorArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tDxGatewayId: example.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.Gateway;\nimport com.pulumi.aws.directconnect.GatewayArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptor;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var accepter = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedTransitVirtualInterface(\"creator\", HostedTransitVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepter.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .name(\"tf-transit-vif-example\")\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build());\n\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .name(\"tf-dxg-example\")\n .amazonSideAsn(64512)\n .build());\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", HostedTransitVirtualInterfaceAcceptorArgs.builder() \n .virtualInterfaceId(creator.id())\n .dxGatewayId(example.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedTransitVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepter.accountId}\n name: tf-transit-vif-example\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352 # The aws_dx_hosted_transit_virtual_interface\n # # must be destroyed before the aws_dx_gateway.\n # Accepter's side of the VIF.\n example:\n type: aws:directconnect:Gateway\n properties:\n name: tf-dxg-example\n amazonSideAsn: 64512\n accepterHostedTransitVirtualInterfaceAcceptor:\n type: aws:directconnect:HostedTransitVirtualInterfaceAcceptor\n name: accepter\n properties:\n virtualInterfaceId: ${creator.id}\n dxGatewayId: ${example.id}\n tags:\n Side: Accepter\nvariables:\n accepter:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted transit virtual interfaces using the VIF `id`. For example:\n\n```sh\n$ pulumi import aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor test dxvif-33cc44dd\n```\n", "properties": { "arn": { "type": "string", @@ -200287,7 +200287,7 @@ } }, "aws:directconnect/macsecKeyAssociation:MacsecKeyAssociation": { - "description": "Provides a MAC Security (MACSec) secret key resource for use with Direct Connect. See [MACsec prerequisites](https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-mac-sec-getting-started.html#mac-sec-prerequisites) for information about MAC Security (MACsec) prerequisites.\n\nCreating this resource will also create a resource of type `aws.secretsmanager.Secret` which is managed by Direct Connect. While you can import this resource into your state, because this secret is managed by Direct Connect, you will not be able to make any modifications to it. See [How AWS Direct Connect uses AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_how-services-use-secrets_directconnect.html) for details.\n\n\u003e **Note:** All arguments including `ckn` and `cak` will be stored in the raw state as plain-text.\n\u003e **Note:** The `secret_arn` argument can only be used to reference a previously created MACSec key. You cannot associate a Secrets Manager secret created outside of the `aws.directconnect.MacsecKeyAssociation` resource.\n\n## Example Usage\n\n### Create MACSec key with CKN and CAK\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.directconnect.getConnection({\n name: \"tf-dx-connection\",\n});\nconst test = new aws.directconnect.MacsecKeyAssociation(\"test\", {\n connectionId: example.then(example =\u003e example.id),\n ckn: \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n cak: \"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.get_connection(name=\"tf-dx-connection\")\ntest = aws.directconnect.MacsecKeyAssociation(\"test\",\n connection_id=example.id,\n ckn=\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n cak=\"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.DirectConnect.GetConnection.Invoke(new()\n {\n Name = \"tf-dx-connection\",\n });\n\n var test = new Aws.DirectConnect.MacsecKeyAssociation(\"test\", new()\n {\n ConnectionId = example.Apply(getConnectionResult =\u003e getConnectionResult.Id),\n Ckn = \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n Cak = \"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := directconnect.LookupConnection(ctx, \u0026directconnect.LookupConnectionArgs{\n\t\t\tName: \"tf-dx-connection\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewMacsecKeyAssociation(ctx, \"test\", \u0026directconnect.MacsecKeyAssociationArgs{\n\t\t\tConnectionId: *pulumi.String(example.Id),\n\t\t\tCkn: pulumi.String(\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"),\n\t\t\tCak: pulumi.String(\"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.directconnect.DirectconnectFunctions;\nimport com.pulumi.aws.directconnect.inputs.GetConnectionArgs;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociation;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = DirectconnectFunctions.getConnection(GetConnectionArgs.builder()\n .name(\"tf-dx-connection\")\n .build());\n\n var test = new MacsecKeyAssociation(\"test\", MacsecKeyAssociationArgs.builder() \n .connectionId(example.applyValue(getConnectionResult -\u003e getConnectionResult.id()))\n .ckn(\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\")\n .cak(\"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:directconnect:MacsecKeyAssociation\n properties:\n connectionId: ${example.id}\n ckn: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n cak: abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\nvariables:\n example:\n fn::invoke:\n Function: aws:directconnect:getConnection\n Arguments:\n name: tf-dx-connection\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create MACSec key with existing Secrets Manager secret\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.directconnect.getConnection({\n name: \"tf-dx-connection\",\n});\nconst exampleGetSecret = aws.secretsmanager.getSecret({\n name: \"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n});\nconst test = new aws.directconnect.MacsecKeyAssociation(\"test\", {\n connectionId: example.then(example =\u003e example.id),\n secretArn: exampleGetSecret.then(exampleGetSecret =\u003e exampleGetSecret.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.get_connection(name=\"tf-dx-connection\")\nexample_get_secret = aws.secretsmanager.get_secret(name=\"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\")\ntest = aws.directconnect.MacsecKeyAssociation(\"test\",\n connection_id=example.id,\n secret_arn=example_get_secret.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.DirectConnect.GetConnection.Invoke(new()\n {\n Name = \"tf-dx-connection\",\n });\n\n var exampleGetSecret = Aws.SecretsManager.GetSecret.Invoke(new()\n {\n Name = \"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n });\n\n var test = new Aws.DirectConnect.MacsecKeyAssociation(\"test\", new()\n {\n ConnectionId = example.Apply(getConnectionResult =\u003e getConnectionResult.Id),\n SecretArn = exampleGetSecret.Apply(getSecretResult =\u003e getSecretResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := directconnect.LookupConnection(ctx, \u0026directconnect.LookupConnectionArgs{\n\t\t\tName: \"tf-dx-connection\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGetSecret, err := secretsmanager.LookupSecret(ctx, \u0026secretsmanager.LookupSecretArgs{\n\t\t\tName: pulumi.StringRef(\"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewMacsecKeyAssociation(ctx, \"test\", \u0026directconnect.MacsecKeyAssociationArgs{\n\t\t\tConnectionId: *pulumi.String(example.Id),\n\t\t\tSecretArn: *pulumi.String(exampleGetSecret.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.directconnect.DirectconnectFunctions;\nimport com.pulumi.aws.directconnect.inputs.GetConnectionArgs;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretArgs;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociation;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = DirectconnectFunctions.getConnection(GetConnectionArgs.builder()\n .name(\"tf-dx-connection\")\n .build());\n\n final var exampleGetSecret = SecretsmanagerFunctions.getSecret(GetSecretArgs.builder()\n .name(\"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\")\n .build());\n\n var test = new MacsecKeyAssociation(\"test\", MacsecKeyAssociationArgs.builder() \n .connectionId(example.applyValue(getConnectionResult -\u003e getConnectionResult.id()))\n .secretArn(exampleGetSecret.applyValue(getSecretResult -\u003e getSecretResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:directconnect:MacsecKeyAssociation\n properties:\n connectionId: ${example.id}\n secretArn: ${exampleGetSecret.arn}\nvariables:\n example:\n fn::invoke:\n Function: aws:directconnect:getConnection\n Arguments:\n name: tf-dx-connection\n exampleGetSecret:\n fn::invoke:\n Function: aws:secretsmanager:getSecret\n Arguments:\n name: directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides a MAC Security (MACSec) secret key resource for use with Direct Connect. See [MACsec prerequisites](https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-mac-sec-getting-started.html#mac-sec-prerequisites) for information about MAC Security (MACsec) prerequisites.\n\nCreating this resource will also create a resource of type `aws.secretsmanager.Secret` which is managed by Direct Connect. While you can import this resource into your state, because this secret is managed by Direct Connect, you will not be able to make any modifications to it. See [How AWS Direct Connect uses AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_how-services-use-secrets_directconnect.html) for details.\n\n\u003e **Note:** All arguments including `ckn` and `cak` will be stored in the raw state as plain-text.\n\u003e **Note:** The `secret_arn` argument can only be used to reference a previously created MACSec key. You cannot associate a Secrets Manager secret created outside of the `aws.directconnect.MacsecKeyAssociation` resource.\n\n## Example Usage\n\n### Create MACSec key with CKN and CAK\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.directconnect.getConnection({\n name: \"tf-dx-connection\",\n});\nconst test = new aws.directconnect.MacsecKeyAssociation(\"test\", {\n connectionId: example.then(example =\u003e example.id),\n ckn: \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n cak: \"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.get_connection(name=\"tf-dx-connection\")\ntest = aws.directconnect.MacsecKeyAssociation(\"test\",\n connection_id=example.id,\n ckn=\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n cak=\"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.DirectConnect.GetConnection.Invoke(new()\n {\n Name = \"tf-dx-connection\",\n });\n\n var test = new Aws.DirectConnect.MacsecKeyAssociation(\"test\", new()\n {\n ConnectionId = example.Apply(getConnectionResult =\u003e getConnectionResult.Id),\n Ckn = \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n Cak = \"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := directconnect.LookupConnection(ctx, \u0026directconnect.LookupConnectionArgs{\n\t\t\tName: \"tf-dx-connection\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewMacsecKeyAssociation(ctx, \"test\", \u0026directconnect.MacsecKeyAssociationArgs{\n\t\t\tConnectionId: pulumi.String(example.Id),\n\t\t\tCkn: pulumi.String(\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"),\n\t\t\tCak: pulumi.String(\"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.directconnect.DirectconnectFunctions;\nimport com.pulumi.aws.directconnect.inputs.GetConnectionArgs;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociation;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = DirectconnectFunctions.getConnection(GetConnectionArgs.builder()\n .name(\"tf-dx-connection\")\n .build());\n\n var test = new MacsecKeyAssociation(\"test\", MacsecKeyAssociationArgs.builder() \n .connectionId(example.applyValue(getConnectionResult -\u003e getConnectionResult.id()))\n .ckn(\"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\")\n .cak(\"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:directconnect:MacsecKeyAssociation\n properties:\n connectionId: ${example.id}\n ckn: 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n cak: abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789\nvariables:\n example:\n fn::invoke:\n Function: aws:directconnect:getConnection\n Arguments:\n name: tf-dx-connection\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Create MACSec key with existing Secrets Manager secret\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.directconnect.getConnection({\n name: \"tf-dx-connection\",\n});\nconst exampleGetSecret = aws.secretsmanager.getSecret({\n name: \"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n});\nconst test = new aws.directconnect.MacsecKeyAssociation(\"test\", {\n connectionId: example.then(example =\u003e example.id),\n secretArn: exampleGetSecret.then(exampleGetSecret =\u003e exampleGetSecret.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.get_connection(name=\"tf-dx-connection\")\nexample_get_secret = aws.secretsmanager.get_secret(name=\"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\")\ntest = aws.directconnect.MacsecKeyAssociation(\"test\",\n connection_id=example.id,\n secret_arn=example_get_secret.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.DirectConnect.GetConnection.Invoke(new()\n {\n Name = \"tf-dx-connection\",\n });\n\n var exampleGetSecret = Aws.SecretsManager.GetSecret.Invoke(new()\n {\n Name = \"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\",\n });\n\n var test = new Aws.DirectConnect.MacsecKeyAssociation(\"test\", new()\n {\n ConnectionId = example.Apply(getConnectionResult =\u003e getConnectionResult.Id),\n SecretArn = exampleGetSecret.Apply(getSecretResult =\u003e getSecretResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := directconnect.LookupConnection(ctx, \u0026directconnect.LookupConnectionArgs{\n\t\t\tName: \"tf-dx-connection\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGetSecret, err := secretsmanager.LookupSecret(ctx, \u0026secretsmanager.LookupSecretArgs{\n\t\t\tName: pulumi.StringRef(\"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewMacsecKeyAssociation(ctx, \"test\", \u0026directconnect.MacsecKeyAssociationArgs{\n\t\t\tConnectionId: pulumi.String(example.Id),\n\t\t\tSecretArn: pulumi.String(exampleGetSecret.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.directconnect.DirectconnectFunctions;\nimport com.pulumi.aws.directconnect.inputs.GetConnectionArgs;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretArgs;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociation;\nimport com.pulumi.aws.directconnect.MacsecKeyAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = DirectconnectFunctions.getConnection(GetConnectionArgs.builder()\n .name(\"tf-dx-connection\")\n .build());\n\n final var exampleGetSecret = SecretsmanagerFunctions.getSecret(GetSecretArgs.builder()\n .name(\"directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\")\n .build());\n\n var test = new MacsecKeyAssociation(\"test\", MacsecKeyAssociationArgs.builder() \n .connectionId(example.applyValue(getConnectionResult -\u003e getConnectionResult.id()))\n .secretArn(exampleGetSecret.applyValue(getSecretResult -\u003e getSecretResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:directconnect:MacsecKeyAssociation\n properties:\n connectionId: ${example.id}\n secretArn: ${exampleGetSecret.arn}\nvariables:\n example:\n fn::invoke:\n Function: aws:directconnect:getConnection\n Arguments:\n name: tf-dx-connection\n exampleGetSecret:\n fn::invoke:\n Function: aws:secretsmanager:getSecret\n Arguments:\n name: directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "cak": { "type": "string", @@ -201669,7 +201669,7 @@ } }, "aws:directoryservice/serviceRegion:ServiceRegion": { - "description": "Manages a replicated Region and directory for Multi-Region replication.\nMulti-Region replication is only supported for the Enterprise Edition of AWS Managed Microsoft AD.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = aws.getRegion({});\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"10.0.0.0/16\",\n tags: {\n Name: \"Primary\",\n },\n});\nconst exampleSubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n exampleSubnet.push(new aws.ec2.Subnet(`example-${range.value}`, {\n vpcId: exampleVpc.id,\n availabilityZone: available.then(available =\u003e available.names[range.value]),\n cidrBlock: exampleVpc.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Primary\",\n },\n }));\n}\nconst exampleDirectory = new aws.directoryservice.Directory(\"example\", {\n name: \"example.com\",\n password: \"SuperSecretPassw0rd\",\n type: \"MicrosoftAD\",\n vpcSettings: {\n vpcId: exampleVpc.id,\n subnetIds: exampleSubnet.map(__item =\u003e __item.id),\n },\n});\nconst available-secondary = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst example_secondary = new aws.ec2.Vpc(\"example-secondary\", {\n cidrBlock: \"10.1.0.0/16\",\n tags: {\n Name: \"Secondary\",\n },\n});\nconst example_secondarySubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n example_secondarySubnet.push(new aws.ec2.Subnet(`example-secondary-${range.value}`, {\n vpcId: example_secondary.id,\n availabilityZone: available_secondary.then(available_secondary =\u003e available_secondary.names[range.value]),\n cidrBlock: example_secondary.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Secondary\",\n },\n }));\n}\nconst exampleServiceRegion = new aws.directoryservice.ServiceRegion(\"example\", {\n directoryId: exampleDirectory.id,\n regionName: example.then(example =\u003e example.name),\n vpcSettings: {\n vpcId: example_secondary.id,\n subnetIds: example_secondarySubnet.map(__item =\u003e __item.id),\n },\n tags: {\n Name: \"Secondary\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.get_region()\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\nexample_vpc = aws.ec2.Vpc(\"example\",\n cidr_block=\"10.0.0.0/16\",\n tags={\n \"Name\": \"Primary\",\n })\nexample_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_subnet.append(aws.ec2.Subnet(f\"example-{range['value']}\",\n vpc_id=example_vpc.id,\n availability_zone=available.names[range[\"value\"]],\n cidr_block=example_vpc.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Primary\",\n }))\nexample_directory = aws.directoryservice.Directory(\"example\",\n name=\"example.com\",\n password=\"SuperSecretPassw0rd\",\n type=\"MicrosoftAD\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=example_vpc.id,\n subnet_ids=[__item.id for __item in example_subnet],\n ))\navailable_secondary = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\nexample_secondary = aws.ec2.Vpc(\"example-secondary\",\n cidr_block=\"10.1.0.0/16\",\n tags={\n \"Name\": \"Secondary\",\n })\nexample_secondary_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_secondary_subnet.append(aws.ec2.Subnet(f\"example-secondary-{range['value']}\",\n vpc_id=example_secondary.id,\n availability_zone=available_secondary.names[range[\"value\"]],\n cidr_block=example_secondary.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Secondary\",\n }))\nexample_service_region = aws.directoryservice.ServiceRegion(\"example\",\n directory_id=example_directory.id,\n region_name=example.name,\n vpc_settings=aws.directoryservice.ServiceRegionVpcSettingsArgs(\n vpc_id=example_secondary.id,\n subnet_ids=[__item.id for __item in example_secondary_subnet],\n ),\n tags={\n \"Name\": \"Secondary\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetRegion.Invoke();\n\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n });\n\n var exampleSubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleSubnet.Add(new Aws.Ec2.Subnet($\"example-{range.Value}\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value],\n CidrBlock = exampleVpc.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n }));\n }\n var exampleDirectory = new Aws.DirectoryService.Directory(\"example\", new()\n {\n Name = \"example.com\",\n Password = \"SuperSecretPassw0rd\",\n Type = \"MicrosoftAD\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = exampleVpc.Id,\n SubnetIds = exampleSubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n });\n\n var available_secondary = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var example_secondary = new Aws.Ec2.Vpc(\"example-secondary\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n var example_secondarySubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n example_secondarySubnet.Add(new Aws.Ec2.Subnet($\"example-secondary-{range.Value}\", new()\n {\n VpcId = example_secondary.Id,\n AvailabilityZone = available_secondary.Apply(available_secondary =\u003e available_secondary.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value]),\n CidrBlock = example_secondary.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n }));\n }\n var exampleServiceRegion = new Aws.DirectoryService.ServiceRegion(\"example\", new()\n {\n DirectoryId = exampleDirectory.Id,\n RegionName = example.Apply(getRegionResult =\u003e getRegionResult.Name),\n VpcSettings = new Aws.DirectoryService.Inputs.ServiceRegionVpcSettingsArgs\n {\n VpcId = example_secondary.Id,\n SubnetIds = example_secondarySubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\navailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.0.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar exampleSubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: exampleVpc.ID(),\nAvailabilityZone: available.Names[val0],\nCidrBlock: exampleVpc.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexampleSubnet = append(exampleSubnet, __res)\n}\nexampleDirectory, err := directoryservice.NewDirectory(ctx, \"example\", \u0026directoryservice.DirectoryArgs{\nName: pulumi.String(\"example.com\"),\nPassword: pulumi.String(\"SuperSecretPassw0rd\"),\nType: pulumi.String(\"MicrosoftAD\"),\nVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\nVpcId: exampleVpc.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:44,17-36),\n},\n})\nif err != nil {\nreturn err\n}\navailable_secondary, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = ec2.NewVpc(ctx, \"example-secondary\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.1.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar example_secondarySubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-secondary-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: example_secondary.ID(),\nAvailabilityZone: available_secondary.Names[val0],\nCidrBlock: example_secondary.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexample_secondarySubnet = append(example_secondarySubnet, __res)\n}\n_, err = directoryservice.NewServiceRegion(ctx, \"example\", \u0026directoryservice.ServiceRegionArgs{\nDirectoryId: exampleDirectory.ID(),\nRegionName: *pulumi.String(example.Name),\nVpcSettings: \u0026directoryservice.ServiceRegionVpcSettingsArgs{\nVpcId: example_secondary.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:87,17-46),\n},\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.directoryservice.ServiceRegion;\nimport com.pulumi.aws.directoryservice.ServiceRegionArgs;\nimport com.pulumi.aws.directoryservice.inputs.ServiceRegionVpcSettingsArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getRegion();\n\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"exampleSubnet-\" + i, SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names())[range.value()])\n .cidrBlock(exampleVpc.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n \n}\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder() \n .name(\"example.com\")\n .password(\"SuperSecretPassw0rd\")\n .type(\"MicrosoftAD\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(exampleVpc.id())\n .subnetIds(exampleSubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .build());\n\n final var available-secondary = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var example_secondary = new Vpc(\"example-secondary\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"example-secondarySubnet-\" + i, SubnetArgs.builder() \n .vpcId(example_secondary.id())\n .availabilityZone(available_secondary.names()[range.value()])\n .cidrBlock(example_secondary.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n \n}\n var exampleServiceRegion = new ServiceRegion(\"exampleServiceRegion\", ServiceRegionArgs.builder() \n .directoryId(exampleDirectory.id())\n .regionName(example.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .vpcSettings(ServiceRegionVpcSettingsArgs.builder()\n .vpcId(example_secondary.id())\n .subnetIds(example_secondarySubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Replicated Regions using directory ID,Region name. For example:\n\n```sh\n$ pulumi import aws:directoryservice/serviceRegion:ServiceRegion example d-9267651497,us-east-2\n```\n", + "description": "Manages a replicated Region and directory for Multi-Region replication.\nMulti-Region replication is only supported for the Enterprise Edition of AWS Managed Microsoft AD.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = aws.getRegion({});\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"10.0.0.0/16\",\n tags: {\n Name: \"Primary\",\n },\n});\nconst exampleSubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n exampleSubnet.push(new aws.ec2.Subnet(`example-${range.value}`, {\n vpcId: exampleVpc.id,\n availabilityZone: available.then(available =\u003e available.names[range.value]),\n cidrBlock: exampleVpc.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Primary\",\n },\n }));\n}\nconst exampleDirectory = new aws.directoryservice.Directory(\"example\", {\n name: \"example.com\",\n password: \"SuperSecretPassw0rd\",\n type: \"MicrosoftAD\",\n vpcSettings: {\n vpcId: exampleVpc.id,\n subnetIds: exampleSubnet.map(__item =\u003e __item.id),\n },\n});\nconst available-secondary = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst example_secondary = new aws.ec2.Vpc(\"example-secondary\", {\n cidrBlock: \"10.1.0.0/16\",\n tags: {\n Name: \"Secondary\",\n },\n});\nconst example_secondarySubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n example_secondarySubnet.push(new aws.ec2.Subnet(`example-secondary-${range.value}`, {\n vpcId: example_secondary.id,\n availabilityZone: available_secondary.then(available_secondary =\u003e available_secondary.names[range.value]),\n cidrBlock: example_secondary.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Secondary\",\n },\n }));\n}\nconst exampleServiceRegion = new aws.directoryservice.ServiceRegion(\"example\", {\n directoryId: exampleDirectory.id,\n regionName: example.then(example =\u003e example.name),\n vpcSettings: {\n vpcId: example_secondary.id,\n subnetIds: example_secondarySubnet.map(__item =\u003e __item.id),\n },\n tags: {\n Name: \"Secondary\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.get_region()\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\nexample_vpc = aws.ec2.Vpc(\"example\",\n cidr_block=\"10.0.0.0/16\",\n tags={\n \"Name\": \"Primary\",\n })\nexample_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_subnet.append(aws.ec2.Subnet(f\"example-{range['value']}\",\n vpc_id=example_vpc.id,\n availability_zone=available.names[range[\"value\"]],\n cidr_block=example_vpc.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Primary\",\n }))\nexample_directory = aws.directoryservice.Directory(\"example\",\n name=\"example.com\",\n password=\"SuperSecretPassw0rd\",\n type=\"MicrosoftAD\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=example_vpc.id,\n subnet_ids=[__item.id for __item in example_subnet],\n ))\navailable_secondary = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\nexample_secondary = aws.ec2.Vpc(\"example-secondary\",\n cidr_block=\"10.1.0.0/16\",\n tags={\n \"Name\": \"Secondary\",\n })\nexample_secondary_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_secondary_subnet.append(aws.ec2.Subnet(f\"example-secondary-{range['value']}\",\n vpc_id=example_secondary.id,\n availability_zone=available_secondary.names[range[\"value\"]],\n cidr_block=example_secondary.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Secondary\",\n }))\nexample_service_region = aws.directoryservice.ServiceRegion(\"example\",\n directory_id=example_directory.id,\n region_name=example.name,\n vpc_settings=aws.directoryservice.ServiceRegionVpcSettingsArgs(\n vpc_id=example_secondary.id,\n subnet_ids=[__item.id for __item in example_secondary_subnet],\n ),\n tags={\n \"Name\": \"Secondary\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetRegion.Invoke();\n\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n });\n\n var exampleSubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleSubnet.Add(new Aws.Ec2.Subnet($\"example-{range.Value}\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value],\n CidrBlock = exampleVpc.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n }));\n }\n var exampleDirectory = new Aws.DirectoryService.Directory(\"example\", new()\n {\n Name = \"example.com\",\n Password = \"SuperSecretPassw0rd\",\n Type = \"MicrosoftAD\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = exampleVpc.Id,\n SubnetIds = exampleSubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n });\n\n var available_secondary = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var example_secondary = new Aws.Ec2.Vpc(\"example-secondary\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n var example_secondarySubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n example_secondarySubnet.Add(new Aws.Ec2.Subnet($\"example-secondary-{range.Value}\", new()\n {\n VpcId = example_secondary.Id,\n AvailabilityZone = available_secondary.Apply(available_secondary =\u003e available_secondary.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value]),\n CidrBlock = example_secondary.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n }));\n }\n var exampleServiceRegion = new Aws.DirectoryService.ServiceRegion(\"example\", new()\n {\n DirectoryId = exampleDirectory.Id,\n RegionName = example.Apply(getRegionResult =\u003e getRegionResult.Name),\n VpcSettings = new Aws.DirectoryService.Inputs.ServiceRegionVpcSettingsArgs\n {\n VpcId = example_secondary.Id,\n SubnetIds = example_secondarySubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\navailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.0.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar exampleSubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: exampleVpc.ID(),\nAvailabilityZone: available.Names[val0],\nCidrBlock: exampleVpc.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexampleSubnet = append(exampleSubnet, __res)\n}\nexampleDirectory, err := directoryservice.NewDirectory(ctx, \"example\", \u0026directoryservice.DirectoryArgs{\nName: pulumi.String(\"example.com\"),\nPassword: pulumi.String(\"SuperSecretPassw0rd\"),\nType: pulumi.String(\"MicrosoftAD\"),\nVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\nVpcId: exampleVpc.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:44,17-36),\n},\n})\nif err != nil {\nreturn err\n}\navailable_secondary, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = ec2.NewVpc(ctx, \"example-secondary\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.1.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar example_secondarySubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-secondary-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: example_secondary.ID(),\nAvailabilityZone: available_secondary.Names[val0],\nCidrBlock: example_secondary.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexample_secondarySubnet = append(example_secondarySubnet, __res)\n}\n_, err = directoryservice.NewServiceRegion(ctx, \"example\", \u0026directoryservice.ServiceRegionArgs{\nDirectoryId: exampleDirectory.ID(),\nRegionName: pulumi.String(example.Name),\nVpcSettings: \u0026directoryservice.ServiceRegionVpcSettingsArgs{\nVpcId: example_secondary.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:87,17-46),\n},\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.directoryservice.ServiceRegion;\nimport com.pulumi.aws.directoryservice.ServiceRegionArgs;\nimport com.pulumi.aws.directoryservice.inputs.ServiceRegionVpcSettingsArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getRegion();\n\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"exampleSubnet-\" + i, SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names())[range.value()])\n .cidrBlock(exampleVpc.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n \n}\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder() \n .name(\"example.com\")\n .password(\"SuperSecretPassw0rd\")\n .type(\"MicrosoftAD\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(exampleVpc.id())\n .subnetIds(exampleSubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .build());\n\n final var available-secondary = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var example_secondary = new Vpc(\"example-secondary\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"example-secondarySubnet-\" + i, SubnetArgs.builder() \n .vpcId(example_secondary.id())\n .availabilityZone(available_secondary.names()[range.value()])\n .cidrBlock(example_secondary.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n \n}\n var exampleServiceRegion = new ServiceRegion(\"exampleServiceRegion\", ServiceRegionArgs.builder() \n .directoryId(exampleDirectory.id())\n .regionName(example.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .vpcSettings(ServiceRegionVpcSettingsArgs.builder()\n .vpcId(example_secondary.id())\n .subnetIds(example_secondarySubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Replicated Regions using directory ID,Region name. For example:\n\n```sh\n$ pulumi import aws:directoryservice/serviceRegion:ServiceRegion example d-9267651497,us-east-2\n```\n", "properties": { "desiredNumberOfDomainControllers": { "type": "integer", @@ -202131,7 +202131,7 @@ } }, "aws:dlm/lifecyclePolicy:LifecyclePolicy": { - "description": "Provides a [Data Lifecycle Manager (DLM) lifecycle policy](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html) for managing snapshots.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"dlm.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst dlmLifecycleRole = new aws.iam.Role(\"dlm_lifecycle_role\", {\n name: \"dlm-lifecycle-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst dlmLifecycle = aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ec2:CreateTags\"],\n resources: [\"arn:aws:ec2:*::snapshot/*\"],\n },\n ],\n});\nconst dlmLifecycleRolePolicy = new aws.iam.RolePolicy(\"dlm_lifecycle\", {\n name: \"dlm-lifecycle-policy\",\n role: dlmLifecycleRole.id,\n policy: dlmLifecycle.then(dlmLifecycle =\u003e dlmLifecycle.json),\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: dlmLifecycleRole.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: \"VOLUME\",\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: \"23:45\",\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"dlm.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ndlm_lifecycle_role = aws.iam.Role(\"dlm_lifecycle_role\",\n name=\"dlm-lifecycle-role\",\n assume_role_policy=assume_role.json)\ndlm_lifecycle = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:CreateTags\"],\n resources=[\"arn:aws:ec2:*::snapshot/*\"],\n ),\n])\ndlm_lifecycle_role_policy = aws.iam.RolePolicy(\"dlm_lifecycle\",\n name=\"dlm-lifecycle-policy\",\n role=dlm_lifecycle_role.id,\n policy=dlm_lifecycle.json)\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=dlm_lifecycle_role.arn,\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=\"VOLUME\",\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=\"23:45\",\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"dlm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var dlmLifecycleRole = new Aws.Iam.Role(\"dlm_lifecycle_role\", new()\n {\n Name = \"dlm-lifecycle-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dlmLifecycle = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateTags\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:*::snapshot/*\",\n },\n },\n },\n });\n\n var dlmLifecycleRolePolicy = new Aws.Iam.RolePolicy(\"dlm_lifecycle\", new()\n {\n Name = \"dlm-lifecycle-policy\",\n Role = dlmLifecycleRole.Id,\n Policy = dlmLifecycle.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new()\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = dlmLifecycleRole.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \"VOLUME\",\n Schedules = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \"23:45\",\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"dlm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdlmLifecycleRole, err := iam.NewRole(ctx, \"dlm_lifecycle_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"dlm-lifecycle-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdlmLifecycle, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: pulumi.Array{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\t\t\"ec2:CreateSnapshots\",\n\t\t\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:ec2:*::snapshot/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"dlm_lifecycle\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"dlm-lifecycle-policy\"),\n\t\t\tRole: dlmLifecycleRole.ID(),\n\t\t\tPolicy: *pulumi.String(dlmLifecycle.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: dlmLifecycleRole.Arn,\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray(\"VOLUME\"),\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String(\"23:45\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.dlm.LifecyclePolicy;\nimport com.pulumi.aws.dlm.LifecyclePolicyArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"dlm.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var dlmLifecycleRole = new Role(\"dlmLifecycleRole\", RoleArgs.builder() \n .name(\"dlm-lifecycle-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var dlmLifecycle = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:CreateTags\")\n .resources(\"arn:aws:ec2:*::snapshot/*\")\n .build())\n .build());\n\n var dlmLifecycleRolePolicy = new RolePolicy(\"dlmLifecycleRolePolicy\", RolePolicyArgs.builder() \n .name(\"dlm-lifecycle-policy\")\n .role(dlmLifecycleRole.id())\n .policy(dlmLifecycle.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new LifecyclePolicy(\"example\", LifecyclePolicyArgs.builder() \n .description(\"example DLM lifecycle policy\")\n .executionRoleArn(dlmLifecycleRole.arn())\n .state(\"ENABLED\")\n .policyDetails(LifecyclePolicyPolicyDetailsArgs.builder()\n .resourceTypes(\"VOLUME\")\n .schedules(LifecyclePolicyPolicyDetailsScheduleArgs.builder()\n .name(\"2 weeks of daily snapshots\")\n .createRule(LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.builder()\n .interval(24)\n .intervalUnit(\"HOURS\")\n .times(\"23:45\")\n .build())\n .retainRule(LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs.builder()\n .count(14)\n .build())\n .tagsToAdd(Map.of(\"SnapshotCreator\", \"DLM\"))\n .copyTags(false)\n .build())\n .targetTags(Map.of(\"Snapshot\", \"true\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dlmLifecycleRole:\n type: aws:iam:Role\n name: dlm_lifecycle_role\n properties:\n name: dlm-lifecycle-role\n assumeRolePolicy: ${assumeRole.json}\n dlmLifecycleRolePolicy:\n type: aws:iam:RolePolicy\n name: dlm_lifecycle\n properties:\n name: dlm-lifecycle-policy\n role: ${dlmLifecycleRole.id}\n policy: ${dlmLifecycle.json}\n example:\n type: aws:dlm:LifecyclePolicy\n properties:\n description: example DLM lifecycle policy\n executionRoleArn: ${dlmLifecycleRole.arn}\n state: ENABLED\n policyDetails:\n resourceTypes: VOLUME\n schedules:\n - name: 2 weeks of daily snapshots\n createRule:\n interval: 24\n intervalUnit: HOURS\n times: 23:45\n retainRule:\n count: 14\n tagsToAdd:\n SnapshotCreator: DLM\n copyTags: false\n targetTags:\n Snapshot: 'true'\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - dlm.amazonaws.com\n actions:\n - sts:AssumeRole\n dlmLifecycle:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:CreateSnapshot\n - ec2:CreateSnapshots\n - ec2:DeleteSnapshot\n - ec2:DescribeInstances\n - ec2:DescribeVolumes\n - ec2:DescribeSnapshots\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateTags\n resources:\n - arn:aws:ec2:*::snapshot/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Cross-Region Snapshot Copy Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...other configuration...\nconst current = aws.getCallerIdentity({});\nconst key = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"Enable IAM User Permissions\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current.accountId}:root`],\n }],\n actions: [\"kms:*\"],\n resources: [\"*\"],\n }],\n}));\nconst dlmCrossRegionCopyCmk = new aws.kms.Key(\"dlm_cross_region_copy_cmk\", {\n description: \"Example Alternate Region KMS Key\",\n policy: key.then(key =\u003e key.json),\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: dlmLifecycleRole.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: \"VOLUME\",\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: \"23:45\",\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n crossRegionCopyRules: [{\n target: \"us-west-2\",\n encrypted: true,\n cmkArn: dlmCrossRegionCopyCmk.arn,\n copyTags: true,\n retainRule: {\n interval: 30,\n intervalUnit: \"DAYS\",\n },\n }],\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...other configuration...\ncurrent = aws.get_caller_identity()\nkey = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Enable IAM User Permissions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n actions=[\"kms:*\"],\n resources=[\"*\"],\n)])\ndlm_cross_region_copy_cmk = aws.kms.Key(\"dlm_cross_region_copy_cmk\",\n description=\"Example Alternate Region KMS Key\",\n policy=key.json)\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=dlm_lifecycle_role[\"arn\"],\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=\"VOLUME\",\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=\"23:45\",\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n cross_region_copy_rules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs(\n target=\"us-west-2\",\n encrypted=True,\n cmk_arn=dlm_cross_region_copy_cmk.arn,\n copy_tags=True,\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs(\n interval=30,\n interval_unit=\"DAYS\",\n ),\n )],\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...other configuration...\n var current = Aws.GetCallerIdentity.Invoke();\n\n var key = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Enable IAM User Permissions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var dlmCrossRegionCopyCmk = new Aws.Kms.Key(\"dlm_cross_region_copy_cmk\", new()\n {\n Description = \"Example Alternate Region KMS Key\",\n Policy = key.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new()\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = dlmLifecycleRole.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \"VOLUME\",\n Schedules = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \"23:45\",\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n CrossRegionCopyRules = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs\n {\n Target = \"us-west-2\",\n Encrypted = true,\n CmkArn = dlmCrossRegionCopyCmk.Arn,\n CopyTags = true,\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs\n {\n Interval = 30,\n IntervalUnit = \"DAYS\",\n },\n },\n },\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...other configuration...\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Enable IAM User Permissions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdlmCrossRegionCopyCmk, err := kms.NewKey(ctx, \"dlm_cross_region_copy_cmk\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example Alternate Region KMS Key\"),\n\t\t\tPolicy: *pulumi.String(key.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: pulumi.Any(dlmLifecycleRole.Arn),\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray(\"VOLUME\"),\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String(\"23:45\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t\tCrossRegionCopyRules: dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArray{\n\t\t\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs{\n\t\t\t\t\t\t\t\tTarget: pulumi.String(\"us-west-2\"),\n\t\t\t\t\t\t\t\tEncrypted: pulumi.Bool(true),\n\t\t\t\t\t\t\t\tCmkArn: dlmCrossRegionCopyCmk.Arn,\n\t\t\t\t\t\t\t\tCopyTags: pulumi.Bool(true),\n\t\t\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs{\n\t\t\t\t\t\t\t\t\tInterval: pulumi.Int(30),\n\t\t\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"DAYS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.dlm.LifecyclePolicy;\nimport com.pulumi.aws.dlm.LifecyclePolicyArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var key = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"Enable IAM User Permissions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .actions(\"kms:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var dlmCrossRegionCopyCmk = new Key(\"dlmCrossRegionCopyCmk\", KeyArgs.builder() \n .description(\"Example Alternate Region KMS Key\")\n .policy(key.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new LifecyclePolicy(\"example\", LifecyclePolicyArgs.builder() \n .description(\"example DLM lifecycle policy\")\n .executionRoleArn(dlmLifecycleRole.arn())\n .state(\"ENABLED\")\n .policyDetails(LifecyclePolicyPolicyDetailsArgs.builder()\n .resourceTypes(\"VOLUME\")\n .schedules(LifecyclePolicyPolicyDetailsScheduleArgs.builder()\n .name(\"2 weeks of daily snapshots\")\n .createRule(LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.builder()\n .interval(24)\n .intervalUnit(\"HOURS\")\n .times(\"23:45\")\n .build())\n .retainRule(LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs.builder()\n .count(14)\n .build())\n .tagsToAdd(Map.of(\"SnapshotCreator\", \"DLM\"))\n .copyTags(false)\n .crossRegionCopyRules(LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs.builder()\n .target(\"us-west-2\")\n .encrypted(true)\n .cmkArn(dlmCrossRegionCopyCmk.arn())\n .copyTags(true)\n .retainRule(LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs.builder()\n .interval(30)\n .intervalUnit(\"DAYS\")\n .build())\n .build())\n .build())\n .targetTags(Map.of(\"Snapshot\", \"true\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dlmCrossRegionCopyCmk:\n type: aws:kms:Key\n name: dlm_cross_region_copy_cmk\n properties:\n description: Example Alternate Region KMS Key\n policy: ${key.json}\n example:\n type: aws:dlm:LifecyclePolicy\n properties:\n description: example DLM lifecycle policy\n executionRoleArn: ${dlmLifecycleRole.arn}\n state: ENABLED\n policyDetails:\n resourceTypes: VOLUME\n schedules:\n - name: 2 weeks of daily snapshots\n createRule:\n interval: 24\n intervalUnit: HOURS\n times: 23:45\n retainRule:\n count: 14\n tagsToAdd:\n SnapshotCreator: DLM\n copyTags: false\n crossRegionCopyRules:\n - target: us-west-2\n encrypted: true\n cmkArn: ${dlmCrossRegionCopyCmk.arn}\n copyTags: true\n retainRule:\n interval: 30\n intervalUnit: DAYS\n targetTags:\n Snapshot: 'true'\nvariables:\n # ...other configuration...\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n key:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Enable IAM User Permissions\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n actions:\n - kms:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Event Based Policy Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst exampleLifecyclePolicy = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"tf-acc-basic\",\n executionRoleArn: exampleAwsIamRole.arn,\n policyDetails: {\n policyType: \"EVENT_BASED_POLICY\",\n action: {\n name: \"tf-acc-basic\",\n crossRegionCopies: [{\n encryptionConfiguration: {},\n retainRule: {\n interval: 15,\n intervalUnit: \"MONTHS\",\n },\n target: \"us-east-1\",\n }],\n },\n eventSource: {\n type: \"MANAGED_CWE\",\n parameters: {\n descriptionRegex: \"^.*Created for policy: policy-1234567890abcdef0.*$\",\n eventType: \"shareSnapshot\",\n snapshotOwners: [current.then(current =\u003e current.accountId)],\n },\n },\n },\n});\nconst example = aws.iam.getPolicy({\n name: \"AWSDataLifecycleManagerServiceRole\",\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n role: exampleAwsIamRole.id,\n policyArn: example.then(example =\u003e example.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample_lifecycle_policy = aws.dlm.LifecyclePolicy(\"example\",\n description=\"tf-acc-basic\",\n execution_role_arn=example_aws_iam_role[\"arn\"],\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n policy_type=\"EVENT_BASED_POLICY\",\n action=aws.dlm.LifecyclePolicyPolicyDetailsActionArgs(\n name=\"tf-acc-basic\",\n cross_region_copies=[aws.dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs(\n encryption_configuration=aws.dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyEncryptionConfigurationArgs(),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs(\n interval=15,\n interval_unit=\"MONTHS\",\n ),\n target=\"us-east-1\",\n )],\n ),\n event_source=aws.dlm.LifecyclePolicyPolicyDetailsEventSourceArgs(\n type=\"MANAGED_CWE\",\n parameters=aws.dlm.LifecyclePolicyPolicyDetailsEventSourceParametersArgs(\n description_regex=\"^.*Created for policy: policy-1234567890abcdef0.*$\",\n event_type=\"shareSnapshot\",\n snapshot_owners=[current.account_id],\n ),\n ),\n ))\nexample = aws.iam.get_policy(name=\"AWSDataLifecycleManagerServiceRole\")\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n role=example_aws_iam_role[\"id\"],\n policy_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var exampleLifecyclePolicy = new Aws.Dlm.LifecyclePolicy(\"example\", new()\n {\n Description = \"tf-acc-basic\",\n ExecutionRoleArn = exampleAwsIamRole.Arn,\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n PolicyType = \"EVENT_BASED_POLICY\",\n Action = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsActionArgs\n {\n Name = \"tf-acc-basic\",\n CrossRegionCopies = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs\n {\n EncryptionConfiguration = null,\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs\n {\n Interval = 15,\n IntervalUnit = \"MONTHS\",\n },\n Target = \"us-east-1\",\n },\n },\n },\n EventSource = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsEventSourceArgs\n {\n Type = \"MANAGED_CWE\",\n Parameters = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsEventSourceParametersArgs\n {\n DescriptionRegex = \"^.*Created for policy: policy-1234567890abcdef0.*$\",\n EventType = \"shareSnapshot\",\n SnapshotOwners = new[]\n {\n current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n },\n },\n });\n\n var example = Aws.Iam.GetPolicy.Invoke(new()\n {\n Name = \"AWSDataLifecycleManagerServiceRole\",\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n Role = exampleAwsIamRole.Id,\n PolicyArn = example.Apply(getPolicyResult =\u003e getPolicyResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"tf-acc-basic\"),\n\t\t\tExecutionRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tPolicyType: pulumi.String(\"EVENT_BASED_POLICY\"),\n\t\t\t\tAction: \u0026dlm.LifecyclePolicyPolicyDetailsActionArgs{\n\t\t\t\t\tName: pulumi.String(\"tf-acc-basic\"),\n\t\t\t\t\tCrossRegionCopies: dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArray{\n\t\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs{\n\t\t\t\t\t\t\tEncryptionConfiguration: nil,\n\t\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs{\n\t\t\t\t\t\t\t\tInterval: pulumi.Int(15),\n\t\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"MONTHS\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tTarget: pulumi.String(\"us-east-1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEventSource: \u0026dlm.LifecyclePolicyPolicyDetailsEventSourceArgs{\n\t\t\t\t\tType: pulumi.String(\"MANAGED_CWE\"),\n\t\t\t\t\tParameters: \u0026dlm.LifecyclePolicyPolicyDetailsEventSourceParametersArgs{\n\t\t\t\t\t\tDescriptionRegex: pulumi.String(\"^.*Created for policy: policy-1234567890abcdef0.*$\"),\n\t\t\t\t\t\tEventType: pulumi.String(\"shareSnapshot\"),\n\t\t\t\t\t\tSnapshotOwners: pulumi.StringArray{\n\t\t\t\t\t\t\t*pulumi.String(current.AccountId),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.LookupPolicy(ctx, \u0026iam.LookupPolicyArgs{\n\t\t\tName: pulumi.StringRef(\"AWSDataLifecycleManagerServiceRole\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(exampleAwsIamRole.Id),\n\t\t\tPolicyArn: *pulumi.String(example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.dlm.LifecyclePolicy;\nimport com.pulumi.aws.dlm.LifecyclePolicyArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsActionArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsEventSourceArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsEventSourceParametersArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var exampleLifecyclePolicy = new LifecyclePolicy(\"exampleLifecyclePolicy\", LifecyclePolicyArgs.builder() \n .description(\"tf-acc-basic\")\n .executionRoleArn(exampleAwsIamRole.arn())\n .policyDetails(LifecyclePolicyPolicyDetailsArgs.builder()\n .policyType(\"EVENT_BASED_POLICY\")\n .action(LifecyclePolicyPolicyDetailsActionArgs.builder()\n .name(\"tf-acc-basic\")\n .crossRegionCopies(LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs.builder()\n .encryptionConfiguration()\n .retainRule(LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs.builder()\n .interval(15)\n .intervalUnit(\"MONTHS\")\n .build())\n .target(\"us-east-1\")\n .build())\n .build())\n .eventSource(LifecyclePolicyPolicyDetailsEventSourceArgs.builder()\n .type(\"MANAGED_CWE\")\n .parameters(LifecyclePolicyPolicyDetailsEventSourceParametersArgs.builder()\n .descriptionRegex(\"^.*Created for policy: policy-1234567890abcdef0.*$\")\n .eventType(\"shareSnapshot\")\n .snapshotOwners(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .build())\n .build())\n .build());\n\n final var example = IamFunctions.getPolicy(GetPolicyArgs.builder()\n .name(\"AWSDataLifecycleManagerServiceRole\")\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(exampleAwsIamRole.id())\n .policyArn(example.applyValue(getPolicyResult -\u003e getPolicyResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLifecyclePolicy:\n type: aws:dlm:LifecyclePolicy\n name: example\n properties:\n description: tf-acc-basic\n executionRoleArn: ${exampleAwsIamRole.arn}\n policyDetails:\n policyType: EVENT_BASED_POLICY\n action:\n name: tf-acc-basic\n crossRegionCopies:\n - encryptionConfiguration: {}\n retainRule:\n interval: 15\n intervalUnit: MONTHS\n target: us-east-1\n eventSource:\n type: MANAGED_CWE\n parameters:\n descriptionRegex: '^.*Created for policy: policy-1234567890abcdef0.*$'\n eventType: shareSnapshot\n snapshotOwners:\n - ${current.accountId}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n role: ${exampleAwsIamRole.id}\n policyArn: ${example.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicy\n Arguments:\n name: AWSDataLifecycleManagerServiceRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DLM lifecycle policies using their policy ID. For example:\n\n```sh\n$ pulumi import aws:dlm/lifecyclePolicy:LifecyclePolicy example policy-abcdef12345678901\n```\n", + "description": "Provides a [Data Lifecycle Manager (DLM) lifecycle policy](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html) for managing snapshots.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"dlm.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst dlmLifecycleRole = new aws.iam.Role(\"dlm_lifecycle_role\", {\n name: \"dlm-lifecycle-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst dlmLifecycle = aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\",\n ],\n resources: [\"*\"],\n },\n {\n effect: \"Allow\",\n actions: [\"ec2:CreateTags\"],\n resources: [\"arn:aws:ec2:*::snapshot/*\"],\n },\n ],\n});\nconst dlmLifecycleRolePolicy = new aws.iam.RolePolicy(\"dlm_lifecycle\", {\n name: \"dlm-lifecycle-policy\",\n role: dlmLifecycleRole.id,\n policy: dlmLifecycle.then(dlmLifecycle =\u003e dlmLifecycle.json),\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: dlmLifecycleRole.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: \"VOLUME\",\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: \"23:45\",\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"dlm.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ndlm_lifecycle_role = aws.iam.Role(\"dlm_lifecycle_role\",\n name=\"dlm-lifecycle-role\",\n assume_role_policy=assume_role.json)\ndlm_lifecycle = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\",\n ],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:CreateTags\"],\n resources=[\"arn:aws:ec2:*::snapshot/*\"],\n ),\n])\ndlm_lifecycle_role_policy = aws.iam.RolePolicy(\"dlm_lifecycle\",\n name=\"dlm-lifecycle-policy\",\n role=dlm_lifecycle_role.id,\n policy=dlm_lifecycle.json)\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=dlm_lifecycle_role.arn,\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=\"VOLUME\",\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=\"23:45\",\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"dlm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var dlmLifecycleRole = new Aws.Iam.Role(\"dlm_lifecycle_role\", new()\n {\n Name = \"dlm-lifecycle-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dlmLifecycle = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:CreateTags\",\n },\n Resources = new[]\n {\n \"arn:aws:ec2:*::snapshot/*\",\n },\n },\n },\n });\n\n var dlmLifecycleRolePolicy = new Aws.Iam.RolePolicy(\"dlm_lifecycle\", new()\n {\n Name = \"dlm-lifecycle-policy\",\n Role = dlmLifecycleRole.Id,\n Policy = dlmLifecycle.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new()\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = dlmLifecycleRole.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \"VOLUME\",\n Schedules = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \"23:45\",\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"dlm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdlmLifecycleRole, err := iam.NewRole(ctx, \"dlm_lifecycle_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"dlm-lifecycle-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdlmLifecycle, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: pulumi.Array{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\t\t\"ec2:CreateSnapshots\",\n\t\t\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:ec2:*::snapshot/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"dlm_lifecycle\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"dlm-lifecycle-policy\"),\n\t\t\tRole: dlmLifecycleRole.ID(),\n\t\t\tPolicy: pulumi.String(dlmLifecycle.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: dlmLifecycleRole.Arn,\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray(\"VOLUME\"),\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String(\"23:45\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.dlm.LifecyclePolicy;\nimport com.pulumi.aws.dlm.LifecyclePolicyArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"dlm.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var dlmLifecycleRole = new Role(\"dlmLifecycleRole\", RoleArgs.builder() \n .name(\"dlm-lifecycle-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var dlmLifecycle = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:CreateTags\")\n .resources(\"arn:aws:ec2:*::snapshot/*\")\n .build())\n .build());\n\n var dlmLifecycleRolePolicy = new RolePolicy(\"dlmLifecycleRolePolicy\", RolePolicyArgs.builder() \n .name(\"dlm-lifecycle-policy\")\n .role(dlmLifecycleRole.id())\n .policy(dlmLifecycle.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new LifecyclePolicy(\"example\", LifecyclePolicyArgs.builder() \n .description(\"example DLM lifecycle policy\")\n .executionRoleArn(dlmLifecycleRole.arn())\n .state(\"ENABLED\")\n .policyDetails(LifecyclePolicyPolicyDetailsArgs.builder()\n .resourceTypes(\"VOLUME\")\n .schedules(LifecyclePolicyPolicyDetailsScheduleArgs.builder()\n .name(\"2 weeks of daily snapshots\")\n .createRule(LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.builder()\n .interval(24)\n .intervalUnit(\"HOURS\")\n .times(\"23:45\")\n .build())\n .retainRule(LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs.builder()\n .count(14)\n .build())\n .tagsToAdd(Map.of(\"SnapshotCreator\", \"DLM\"))\n .copyTags(false)\n .build())\n .targetTags(Map.of(\"Snapshot\", \"true\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dlmLifecycleRole:\n type: aws:iam:Role\n name: dlm_lifecycle_role\n properties:\n name: dlm-lifecycle-role\n assumeRolePolicy: ${assumeRole.json}\n dlmLifecycleRolePolicy:\n type: aws:iam:RolePolicy\n name: dlm_lifecycle\n properties:\n name: dlm-lifecycle-policy\n role: ${dlmLifecycleRole.id}\n policy: ${dlmLifecycle.json}\n example:\n type: aws:dlm:LifecyclePolicy\n properties:\n description: example DLM lifecycle policy\n executionRoleArn: ${dlmLifecycleRole.arn}\n state: ENABLED\n policyDetails:\n resourceTypes: VOLUME\n schedules:\n - name: 2 weeks of daily snapshots\n createRule:\n interval: 24\n intervalUnit: HOURS\n times: 23:45\n retainRule:\n count: 14\n tagsToAdd:\n SnapshotCreator: DLM\n copyTags: false\n targetTags:\n Snapshot: 'true'\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - dlm.amazonaws.com\n actions:\n - sts:AssumeRole\n dlmLifecycle:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:CreateSnapshot\n - ec2:CreateSnapshots\n - ec2:DeleteSnapshot\n - ec2:DescribeInstances\n - ec2:DescribeVolumes\n - ec2:DescribeSnapshots\n resources:\n - '*'\n - effect: Allow\n actions:\n - ec2:CreateTags\n resources:\n - arn:aws:ec2:*::snapshot/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Cross-Region Snapshot Copy Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...other configuration...\nconst current = aws.getCallerIdentity({});\nconst key = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"Enable IAM User Permissions\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current.accountId}:root`],\n }],\n actions: [\"kms:*\"],\n resources: [\"*\"],\n }],\n}));\nconst dlmCrossRegionCopyCmk = new aws.kms.Key(\"dlm_cross_region_copy_cmk\", {\n description: \"Example Alternate Region KMS Key\",\n policy: key.then(key =\u003e key.json),\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: dlmLifecycleRole.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: \"VOLUME\",\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: \"23:45\",\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n crossRegionCopyRules: [{\n target: \"us-west-2\",\n encrypted: true,\n cmkArn: dlmCrossRegionCopyCmk.arn,\n copyTags: true,\n retainRule: {\n interval: 30,\n intervalUnit: \"DAYS\",\n },\n }],\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...other configuration...\ncurrent = aws.get_caller_identity()\nkey = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Enable IAM User Permissions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n actions=[\"kms:*\"],\n resources=[\"*\"],\n)])\ndlm_cross_region_copy_cmk = aws.kms.Key(\"dlm_cross_region_copy_cmk\",\n description=\"Example Alternate Region KMS Key\",\n policy=key.json)\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=dlm_lifecycle_role[\"arn\"],\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=\"VOLUME\",\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=\"23:45\",\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n cross_region_copy_rules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs(\n target=\"us-west-2\",\n encrypted=True,\n cmk_arn=dlm_cross_region_copy_cmk.arn,\n copy_tags=True,\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs(\n interval=30,\n interval_unit=\"DAYS\",\n ),\n )],\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...other configuration...\n var current = Aws.GetCallerIdentity.Invoke();\n\n var key = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Enable IAM User Permissions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var dlmCrossRegionCopyCmk = new Aws.Kms.Key(\"dlm_cross_region_copy_cmk\", new()\n {\n Description = \"Example Alternate Region KMS Key\",\n Policy = key.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new()\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = dlmLifecycleRole.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \"VOLUME\",\n Schedules = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \"23:45\",\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n CrossRegionCopyRules = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs\n {\n Target = \"us-west-2\",\n Encrypted = true,\n CmkArn = dlmCrossRegionCopyCmk.Arn,\n CopyTags = true,\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs\n {\n Interval = 30,\n IntervalUnit = \"DAYS\",\n },\n },\n },\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...other configuration...\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkey, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Enable IAM User Permissions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdlmCrossRegionCopyCmk, err := kms.NewKey(ctx, \"dlm_cross_region_copy_cmk\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example Alternate Region KMS Key\"),\n\t\t\tPolicy: pulumi.String(key.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: pulumi.Any(dlmLifecycleRole.Arn),\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray(\"VOLUME\"),\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String(\"23:45\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t\tCrossRegionCopyRules: dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArray{\n\t\t\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs{\n\t\t\t\t\t\t\t\tTarget: pulumi.String(\"us-west-2\"),\n\t\t\t\t\t\t\t\tEncrypted: pulumi.Bool(true),\n\t\t\t\t\t\t\t\tCmkArn: dlmCrossRegionCopyCmk.Arn,\n\t\t\t\t\t\t\t\tCopyTags: pulumi.Bool(true),\n\t\t\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs{\n\t\t\t\t\t\t\t\t\tInterval: pulumi.Int(30),\n\t\t\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"DAYS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.dlm.LifecyclePolicy;\nimport com.pulumi.aws.dlm.LifecyclePolicyArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var key = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"Enable IAM User Permissions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .actions(\"kms:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var dlmCrossRegionCopyCmk = new Key(\"dlmCrossRegionCopyCmk\", KeyArgs.builder() \n .description(\"Example Alternate Region KMS Key\")\n .policy(key.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new LifecyclePolicy(\"example\", LifecyclePolicyArgs.builder() \n .description(\"example DLM lifecycle policy\")\n .executionRoleArn(dlmLifecycleRole.arn())\n .state(\"ENABLED\")\n .policyDetails(LifecyclePolicyPolicyDetailsArgs.builder()\n .resourceTypes(\"VOLUME\")\n .schedules(LifecyclePolicyPolicyDetailsScheduleArgs.builder()\n .name(\"2 weeks of daily snapshots\")\n .createRule(LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.builder()\n .interval(24)\n .intervalUnit(\"HOURS\")\n .times(\"23:45\")\n .build())\n .retainRule(LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs.builder()\n .count(14)\n .build())\n .tagsToAdd(Map.of(\"SnapshotCreator\", \"DLM\"))\n .copyTags(false)\n .crossRegionCopyRules(LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs.builder()\n .target(\"us-west-2\")\n .encrypted(true)\n .cmkArn(dlmCrossRegionCopyCmk.arn())\n .copyTags(true)\n .retainRule(LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs.builder()\n .interval(30)\n .intervalUnit(\"DAYS\")\n .build())\n .build())\n .build())\n .targetTags(Map.of(\"Snapshot\", \"true\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dlmCrossRegionCopyCmk:\n type: aws:kms:Key\n name: dlm_cross_region_copy_cmk\n properties:\n description: Example Alternate Region KMS Key\n policy: ${key.json}\n example:\n type: aws:dlm:LifecyclePolicy\n properties:\n description: example DLM lifecycle policy\n executionRoleArn: ${dlmLifecycleRole.arn}\n state: ENABLED\n policyDetails:\n resourceTypes: VOLUME\n schedules:\n - name: 2 weeks of daily snapshots\n createRule:\n interval: 24\n intervalUnit: HOURS\n times: 23:45\n retainRule:\n count: 14\n tagsToAdd:\n SnapshotCreator: DLM\n copyTags: false\n crossRegionCopyRules:\n - target: us-west-2\n encrypted: true\n cmkArn: ${dlmCrossRegionCopyCmk.arn}\n copyTags: true\n retainRule:\n interval: 30\n intervalUnit: DAYS\n targetTags:\n Snapshot: 'true'\nvariables:\n # ...other configuration...\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n key:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Enable IAM User Permissions\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n actions:\n - kms:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Event Based Policy Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst exampleLifecyclePolicy = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"tf-acc-basic\",\n executionRoleArn: exampleAwsIamRole.arn,\n policyDetails: {\n policyType: \"EVENT_BASED_POLICY\",\n action: {\n name: \"tf-acc-basic\",\n crossRegionCopies: [{\n encryptionConfiguration: {},\n retainRule: {\n interval: 15,\n intervalUnit: \"MONTHS\",\n },\n target: \"us-east-1\",\n }],\n },\n eventSource: {\n type: \"MANAGED_CWE\",\n parameters: {\n descriptionRegex: \"^.*Created for policy: policy-1234567890abcdef0.*$\",\n eventType: \"shareSnapshot\",\n snapshotOwners: [current.then(current =\u003e current.accountId)],\n },\n },\n },\n});\nconst example = aws.iam.getPolicy({\n name: \"AWSDataLifecycleManagerServiceRole\",\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n role: exampleAwsIamRole.id,\n policyArn: example.then(example =\u003e example.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample_lifecycle_policy = aws.dlm.LifecyclePolicy(\"example\",\n description=\"tf-acc-basic\",\n execution_role_arn=example_aws_iam_role[\"arn\"],\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n policy_type=\"EVENT_BASED_POLICY\",\n action=aws.dlm.LifecyclePolicyPolicyDetailsActionArgs(\n name=\"tf-acc-basic\",\n cross_region_copies=[aws.dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs(\n encryption_configuration=aws.dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyEncryptionConfigurationArgs(),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs(\n interval=15,\n interval_unit=\"MONTHS\",\n ),\n target=\"us-east-1\",\n )],\n ),\n event_source=aws.dlm.LifecyclePolicyPolicyDetailsEventSourceArgs(\n type=\"MANAGED_CWE\",\n parameters=aws.dlm.LifecyclePolicyPolicyDetailsEventSourceParametersArgs(\n description_regex=\"^.*Created for policy: policy-1234567890abcdef0.*$\",\n event_type=\"shareSnapshot\",\n snapshot_owners=[current.account_id],\n ),\n ),\n ))\nexample = aws.iam.get_policy(name=\"AWSDataLifecycleManagerServiceRole\")\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n role=example_aws_iam_role[\"id\"],\n policy_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var exampleLifecyclePolicy = new Aws.Dlm.LifecyclePolicy(\"example\", new()\n {\n Description = \"tf-acc-basic\",\n ExecutionRoleArn = exampleAwsIamRole.Arn,\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n PolicyType = \"EVENT_BASED_POLICY\",\n Action = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsActionArgs\n {\n Name = \"tf-acc-basic\",\n CrossRegionCopies = new[]\n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs\n {\n EncryptionConfiguration = null,\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs\n {\n Interval = 15,\n IntervalUnit = \"MONTHS\",\n },\n Target = \"us-east-1\",\n },\n },\n },\n EventSource = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsEventSourceArgs\n {\n Type = \"MANAGED_CWE\",\n Parameters = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsEventSourceParametersArgs\n {\n DescriptionRegex = \"^.*Created for policy: policy-1234567890abcdef0.*$\",\n EventType = \"shareSnapshot\",\n SnapshotOwners = new[]\n {\n current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n },\n },\n });\n\n var example = Aws.Iam.GetPolicy.Invoke(new()\n {\n Name = \"AWSDataLifecycleManagerServiceRole\",\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n Role = exampleAwsIamRole.Id,\n PolicyArn = example.Apply(getPolicyResult =\u003e getPolicyResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"tf-acc-basic\"),\n\t\t\tExecutionRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tPolicyType: pulumi.String(\"EVENT_BASED_POLICY\"),\n\t\t\t\tAction: \u0026dlm.LifecyclePolicyPolicyDetailsActionArgs{\n\t\t\t\t\tName: pulumi.String(\"tf-acc-basic\"),\n\t\t\t\t\tCrossRegionCopies: dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArray{\n\t\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs{\n\t\t\t\t\t\t\tEncryptionConfiguration: nil,\n\t\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs{\n\t\t\t\t\t\t\t\tInterval: pulumi.Int(15),\n\t\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"MONTHS\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tTarget: pulumi.String(\"us-east-1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEventSource: \u0026dlm.LifecyclePolicyPolicyDetailsEventSourceArgs{\n\t\t\t\t\tType: pulumi.String(\"MANAGED_CWE\"),\n\t\t\t\t\tParameters: \u0026dlm.LifecyclePolicyPolicyDetailsEventSourceParametersArgs{\n\t\t\t\t\t\tDescriptionRegex: pulumi.String(\"^.*Created for policy: policy-1234567890abcdef0.*$\"),\n\t\t\t\t\t\tEventType: pulumi.String(\"shareSnapshot\"),\n\t\t\t\t\t\tSnapshotOwners: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(current.AccountId),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.LookupPolicy(ctx, \u0026iam.LookupPolicyArgs{\n\t\t\tName: pulumi.StringRef(\"AWSDataLifecycleManagerServiceRole\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(exampleAwsIamRole.Id),\n\t\t\tPolicyArn: pulumi.String(example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.dlm.LifecyclePolicy;\nimport com.pulumi.aws.dlm.LifecyclePolicyArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsActionArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsEventSourceArgs;\nimport com.pulumi.aws.dlm.inputs.LifecyclePolicyPolicyDetailsEventSourceParametersArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var exampleLifecyclePolicy = new LifecyclePolicy(\"exampleLifecyclePolicy\", LifecyclePolicyArgs.builder() \n .description(\"tf-acc-basic\")\n .executionRoleArn(exampleAwsIamRole.arn())\n .policyDetails(LifecyclePolicyPolicyDetailsArgs.builder()\n .policyType(\"EVENT_BASED_POLICY\")\n .action(LifecyclePolicyPolicyDetailsActionArgs.builder()\n .name(\"tf-acc-basic\")\n .crossRegionCopies(LifecyclePolicyPolicyDetailsActionCrossRegionCopyArgs.builder()\n .encryptionConfiguration()\n .retainRule(LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRuleArgs.builder()\n .interval(15)\n .intervalUnit(\"MONTHS\")\n .build())\n .target(\"us-east-1\")\n .build())\n .build())\n .eventSource(LifecyclePolicyPolicyDetailsEventSourceArgs.builder()\n .type(\"MANAGED_CWE\")\n .parameters(LifecyclePolicyPolicyDetailsEventSourceParametersArgs.builder()\n .descriptionRegex(\"^.*Created for policy: policy-1234567890abcdef0.*$\")\n .eventType(\"shareSnapshot\")\n .snapshotOwners(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .build())\n .build())\n .build());\n\n final var example = IamFunctions.getPolicy(GetPolicyArgs.builder()\n .name(\"AWSDataLifecycleManagerServiceRole\")\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(exampleAwsIamRole.id())\n .policyArn(example.applyValue(getPolicyResult -\u003e getPolicyResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLifecyclePolicy:\n type: aws:dlm:LifecyclePolicy\n name: example\n properties:\n description: tf-acc-basic\n executionRoleArn: ${exampleAwsIamRole.arn}\n policyDetails:\n policyType: EVENT_BASED_POLICY\n action:\n name: tf-acc-basic\n crossRegionCopies:\n - encryptionConfiguration: {}\n retainRule:\n interval: 15\n intervalUnit: MONTHS\n target: us-east-1\n eventSource:\n type: MANAGED_CWE\n parameters:\n descriptionRegex: '^.*Created for policy: policy-1234567890abcdef0.*$'\n eventType: shareSnapshot\n snapshotOwners:\n - ${current.accountId}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n role: ${exampleAwsIamRole.id}\n policyArn: ${example.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicy\n Arguments:\n name: AWSDataLifecycleManagerServiceRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DLM lifecycle policies using their policy ID. For example:\n\n```sh\n$ pulumi import aws:dlm/lifecyclePolicy:LifecyclePolicy example policy-abcdef12345678901\n```\n", "properties": { "arn": { "type": "string", @@ -203096,7 +203096,7 @@ } }, "aws:dms/replicationInstance:ReplicationInstance": { - "description": "Provides a DMS (Data Migration Service) replication instance resource. DMS replication instances can be created, updated, deleted, and imported.\n\n## Example Usage\n\nCreate required roles and then create a DMS instance, setting the depends_on to the required role policy attachments.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Database Migration Service requires the below IAM Roles to be created before\n// replication instances can be created. See the DMS Documentation for\n// additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n// * dms-vpc-role\n// * dms-cloudwatch-logs-role\n// * dms-access-for-endpoint\nconst dmsAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n identifiers: [\"dms.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst dms_access_for_endpoint = new aws.iam.Role(\"dms-access-for-endpoint\", {\n assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json),\n name: \"dms-access-for-endpoint\",\n});\nconst dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role: dms_access_for_endpoint.name,\n});\nconst dms_cloudwatch_logs_role = new aws.iam.Role(\"dms-cloudwatch-logs-role\", {\n assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json),\n name: \"dms-cloudwatch-logs-role\",\n});\nconst dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role: dms_cloudwatch_logs_role.name,\n});\nconst dms_vpc_role = new aws.iam.Role(\"dms-vpc-role\", {\n assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json),\n name: \"dms-vpc-role\",\n});\nconst dms_vpc_role_AmazonDMSVPCManagementRole = new aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role: dms_vpc_role.name,\n});\n// Create a new replication instance\nconst test = new aws.dms.ReplicationInstance(\"test\", {\n allocatedStorage: 20,\n applyImmediately: true,\n autoMinorVersionUpgrade: true,\n availabilityZone: \"us-west-2c\",\n engineVersion: \"3.1.4\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multiAz: false,\n preferredMaintenanceWindow: \"sun:10:30-sun:14:30\",\n publiclyAccessible: true,\n replicationInstanceClass: \"dms.t2.micro\",\n replicationInstanceId: \"test-dms-replication-instance-tf\",\n replicationSubnetGroupId: test_dms_replication_subnet_group_tf.id,\n tags: {\n Name: \"test\",\n },\n vpcSecurityGroupIds: [\"sg-12345678\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Database Migration Service requires the below IAM Roles to be created before\n# replication instances can be created. See the DMS Documentation for\n# additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n# * dms-vpc-role\n# * dms-cloudwatch-logs-role\n# * dms-access-for-endpoint\ndms_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"dms.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\ndms_access_for_endpoint = aws.iam.Role(\"dms-access-for-endpoint\",\n assume_role_policy=dms_assume_role.json,\n name=\"dms-access-for-endpoint\")\ndms_access_for_endpoint__amazon_dms_redshift_s3_role = aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role=dms_access_for_endpoint.name)\ndms_cloudwatch_logs_role = aws.iam.Role(\"dms-cloudwatch-logs-role\",\n assume_role_policy=dms_assume_role.json,\n name=\"dms-cloudwatch-logs-role\")\ndms_cloudwatch_logs_role__amazon_dms_cloud_watch_logs_role = aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role=dms_cloudwatch_logs_role.name)\ndms_vpc_role = aws.iam.Role(\"dms-vpc-role\",\n assume_role_policy=dms_assume_role.json,\n name=\"dms-vpc-role\")\ndms_vpc_role__amazon_dmsvpc_management_role = aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role=dms_vpc_role.name)\n# Create a new replication instance\ntest = aws.dms.ReplicationInstance(\"test\",\n allocated_storage=20,\n apply_immediately=True,\n auto_minor_version_upgrade=True,\n availability_zone=\"us-west-2c\",\n engine_version=\"3.1.4\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multi_az=False,\n preferred_maintenance_window=\"sun:10:30-sun:14:30\",\n publicly_accessible=True,\n replication_instance_class=\"dms.t2.micro\",\n replication_instance_id=\"test-dms-replication-instance-tf\",\n replication_subnet_group_id=test_dms_replication_subnet_group_tf[\"id\"],\n tags={\n \"Name\": \"test\",\n },\n vpc_security_group_ids=[\"sg-12345678\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Database Migration Service requires the below IAM Roles to be created before\n // replication instances can be created. See the DMS Documentation for\n // additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n // * dms-vpc-role\n // * dms-cloudwatch-logs-role\n // * dms-access-for-endpoint\n var dmsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"dms.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var dms_access_for_endpoint = new Aws.Iam.Role(\"dms-access-for-endpoint\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"dms-access-for-endpoint\",\n });\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new Aws.Iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n Role = dms_access_for_endpoint.Name,\n });\n\n var dms_cloudwatch_logs_role = new Aws.Iam.Role(\"dms-cloudwatch-logs-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"dms-cloudwatch-logs-role\",\n });\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new Aws.Iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n Role = dms_cloudwatch_logs_role.Name,\n });\n\n var dms_vpc_role = new Aws.Iam.Role(\"dms-vpc-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"dms-vpc-role\",\n });\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new Aws.Iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n Role = dms_vpc_role.Name,\n });\n\n // Create a new replication instance\n var test = new Aws.Dms.ReplicationInstance(\"test\", new()\n {\n AllocatedStorage = 20,\n ApplyImmediately = true,\n AutoMinorVersionUpgrade = true,\n AvailabilityZone = \"us-west-2c\",\n EngineVersion = \"3.1.4\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n MultiAz = false,\n PreferredMaintenanceWindow = \"sun:10:30-sun:14:30\",\n PubliclyAccessible = true,\n ReplicationInstanceClass = \"dms.t2.micro\",\n ReplicationInstanceId = \"test-dms-replication-instance-tf\",\n ReplicationSubnetGroupId = test_dms_replication_subnet_group_tf.Id,\n Tags = \n {\n { \"Name\", \"test\" },\n },\n VpcSecurityGroupIds = new[]\n {\n \"sg-12345678\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Database Migration Service requires the below IAM Roles to be created before\n\t\t// replication instances can be created. See the DMS Documentation for\n\t\t// additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n\t\t// - dms-vpc-role\n\t\t// - dms-cloudwatch-logs-role\n\t\t// - dms-access-for-endpoint\n\t\tdmsAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"dms.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-access-for-endpoint\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t\tName: pulumi.String(\"dms-access-for-endpoint\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\"),\n\t\t\tRole: dms_access_for_endpoint.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-cloudwatch-logs-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t\tName: pulumi.String(\"dms-cloudwatch-logs-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\"),\n\t\t\tRole: dms_cloudwatch_logs_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-vpc-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t\tName: pulumi.String(\"dms-vpc-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-vpc-role-AmazonDMSVPCManagementRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\"),\n\t\t\tRole: dms_vpc_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new replication instance\n\t\t_, err = dms.NewReplicationInstance(ctx, \"test\", \u0026dms.ReplicationInstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(20),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(true),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2c\"),\n\t\t\tEngineVersion: pulumi.String(\"3.1.4\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPreferredMaintenanceWindow: pulumi.String(\"sun:10:30-sun:14:30\"),\n\t\t\tPubliclyAccessible: pulumi.Bool(true),\n\t\t\tReplicationInstanceClass: pulumi.String(\"dms.t2.micro\"),\n\t\t\tReplicationInstanceId: pulumi.String(\"test-dms-replication-instance-tf\"),\n\t\t\tReplicationSubnetGroupId: pulumi.Any(test_dms_replication_subnet_group_tf.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"sg-12345678\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.dms.ReplicationInstance;\nimport com.pulumi.aws.dms.ReplicationInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var dmsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"dms.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var dms_access_for_endpoint = new Role(\"dms-access-for-endpoint\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"dms-access-for-endpoint\")\n .build());\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\")\n .role(dms_access_for_endpoint.name())\n .build());\n\n var dms_cloudwatch_logs_role = new Role(\"dms-cloudwatch-logs-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"dms-cloudwatch-logs-role\")\n .build());\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\")\n .role(dms_cloudwatch_logs_role.name())\n .build());\n\n var dms_vpc_role = new Role(\"dms-vpc-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"dms-vpc-role\")\n .build());\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\n .role(dms_vpc_role.name())\n .build());\n\n var test = new ReplicationInstance(\"test\", ReplicationInstanceArgs.builder() \n .allocatedStorage(20)\n .applyImmediately(true)\n .autoMinorVersionUpgrade(true)\n .availabilityZone(\"us-west-2c\")\n .engineVersion(\"3.1.4\")\n .kmsKeyArn(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .multiAz(false)\n .preferredMaintenanceWindow(\"sun:10:30-sun:14:30\")\n .publiclyAccessible(true)\n .replicationInstanceClass(\"dms.t2.micro\")\n .replicationInstanceId(\"test-dms-replication-instance-tf\")\n .replicationSubnetGroupId(test_dms_replication_subnet_group_tf.id())\n .tags(Map.of(\"Name\", \"test\"))\n .vpcSecurityGroupIds(\"sg-12345678\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dms-access-for-endpoint:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n name: dms-access-for-endpoint\n dms-access-for-endpoint-AmazonDMSRedshiftS3Role:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\n role: ${[\"dms-access-for-endpoint\"].name}\n dms-cloudwatch-logs-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n name: dms-cloudwatch-logs-role\n dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\n role: ${[\"dms-cloudwatch-logs-role\"].name}\n dms-vpc-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n name: dms-vpc-role\n dms-vpc-role-AmazonDMSVPCManagementRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\n role: ${[\"dms-vpc-role\"].name}\n # Create a new replication instance\n test:\n type: aws:dms:ReplicationInstance\n properties:\n allocatedStorage: 20\n applyImmediately: true\n autoMinorVersionUpgrade: true\n availabilityZone: us-west-2c\n engineVersion: 3.1.4\n kmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n multiAz: false\n preferredMaintenanceWindow: sun:10:30-sun:14:30\n publiclyAccessible: true\n replicationInstanceClass: dms.t2.micro\n replicationInstanceId: test-dms-replication-instance-tf\n replicationSubnetGroupId: ${[\"test-dms-replication-subnet-group-tf\"].id}\n tags:\n Name: test\n vpcSecurityGroupIds:\n - sg-12345678\nvariables:\n # Database Migration Service requires the below IAM Roles to be created before\n # replication instances can be created. See the DMS Documentation for\n # additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n # * dms-vpc-role\n # * dms-cloudwatch-logs-role\n # * dms-access-for-endpoint\n dmsAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - identifiers:\n - dms.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import replication instances using the `replication_instance_id`. For example:\n\n```sh\n$ pulumi import aws:dms/replicationInstance:ReplicationInstance test test-dms-replication-instance-tf\n```\n", + "description": "Provides a DMS (Data Migration Service) replication instance resource. DMS replication instances can be created, updated, deleted, and imported.\n\n## Example Usage\n\nCreate required roles and then create a DMS instance, setting the depends_on to the required role policy attachments.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Database Migration Service requires the below IAM Roles to be created before\n// replication instances can be created. See the DMS Documentation for\n// additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n// * dms-vpc-role\n// * dms-cloudwatch-logs-role\n// * dms-access-for-endpoint\nconst dmsAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n identifiers: [\"dms.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst dms_access_for_endpoint = new aws.iam.Role(\"dms-access-for-endpoint\", {\n assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json),\n name: \"dms-access-for-endpoint\",\n});\nconst dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role: dms_access_for_endpoint.name,\n});\nconst dms_cloudwatch_logs_role = new aws.iam.Role(\"dms-cloudwatch-logs-role\", {\n assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json),\n name: \"dms-cloudwatch-logs-role\",\n});\nconst dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role: dms_cloudwatch_logs_role.name,\n});\nconst dms_vpc_role = new aws.iam.Role(\"dms-vpc-role\", {\n assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json),\n name: \"dms-vpc-role\",\n});\nconst dms_vpc_role_AmazonDMSVPCManagementRole = new aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role: dms_vpc_role.name,\n});\n// Create a new replication instance\nconst test = new aws.dms.ReplicationInstance(\"test\", {\n allocatedStorage: 20,\n applyImmediately: true,\n autoMinorVersionUpgrade: true,\n availabilityZone: \"us-west-2c\",\n engineVersion: \"3.1.4\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multiAz: false,\n preferredMaintenanceWindow: \"sun:10:30-sun:14:30\",\n publiclyAccessible: true,\n replicationInstanceClass: \"dms.t2.micro\",\n replicationInstanceId: \"test-dms-replication-instance-tf\",\n replicationSubnetGroupId: test_dms_replication_subnet_group_tf.id,\n tags: {\n Name: \"test\",\n },\n vpcSecurityGroupIds: [\"sg-12345678\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Database Migration Service requires the below IAM Roles to be created before\n# replication instances can be created. See the DMS Documentation for\n# additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n# * dms-vpc-role\n# * dms-cloudwatch-logs-role\n# * dms-access-for-endpoint\ndms_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"dms.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\ndms_access_for_endpoint = aws.iam.Role(\"dms-access-for-endpoint\",\n assume_role_policy=dms_assume_role.json,\n name=\"dms-access-for-endpoint\")\ndms_access_for_endpoint__amazon_dms_redshift_s3_role = aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role=dms_access_for_endpoint.name)\ndms_cloudwatch_logs_role = aws.iam.Role(\"dms-cloudwatch-logs-role\",\n assume_role_policy=dms_assume_role.json,\n name=\"dms-cloudwatch-logs-role\")\ndms_cloudwatch_logs_role__amazon_dms_cloud_watch_logs_role = aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role=dms_cloudwatch_logs_role.name)\ndms_vpc_role = aws.iam.Role(\"dms-vpc-role\",\n assume_role_policy=dms_assume_role.json,\n name=\"dms-vpc-role\")\ndms_vpc_role__amazon_dmsvpc_management_role = aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role=dms_vpc_role.name)\n# Create a new replication instance\ntest = aws.dms.ReplicationInstance(\"test\",\n allocated_storage=20,\n apply_immediately=True,\n auto_minor_version_upgrade=True,\n availability_zone=\"us-west-2c\",\n engine_version=\"3.1.4\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multi_az=False,\n preferred_maintenance_window=\"sun:10:30-sun:14:30\",\n publicly_accessible=True,\n replication_instance_class=\"dms.t2.micro\",\n replication_instance_id=\"test-dms-replication-instance-tf\",\n replication_subnet_group_id=test_dms_replication_subnet_group_tf[\"id\"],\n tags={\n \"Name\": \"test\",\n },\n vpc_security_group_ids=[\"sg-12345678\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Database Migration Service requires the below IAM Roles to be created before\n // replication instances can be created. See the DMS Documentation for\n // additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n // * dms-vpc-role\n // * dms-cloudwatch-logs-role\n // * dms-access-for-endpoint\n var dmsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"dms.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var dms_access_for_endpoint = new Aws.Iam.Role(\"dms-access-for-endpoint\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"dms-access-for-endpoint\",\n });\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new Aws.Iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n Role = dms_access_for_endpoint.Name,\n });\n\n var dms_cloudwatch_logs_role = new Aws.Iam.Role(\"dms-cloudwatch-logs-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"dms-cloudwatch-logs-role\",\n });\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new Aws.Iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n Role = dms_cloudwatch_logs_role.Name,\n });\n\n var dms_vpc_role = new Aws.Iam.Role(\"dms-vpc-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"dms-vpc-role\",\n });\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new Aws.Iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n Role = dms_vpc_role.Name,\n });\n\n // Create a new replication instance\n var test = new Aws.Dms.ReplicationInstance(\"test\", new()\n {\n AllocatedStorage = 20,\n ApplyImmediately = true,\n AutoMinorVersionUpgrade = true,\n AvailabilityZone = \"us-west-2c\",\n EngineVersion = \"3.1.4\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n MultiAz = false,\n PreferredMaintenanceWindow = \"sun:10:30-sun:14:30\",\n PubliclyAccessible = true,\n ReplicationInstanceClass = \"dms.t2.micro\",\n ReplicationInstanceId = \"test-dms-replication-instance-tf\",\n ReplicationSubnetGroupId = test_dms_replication_subnet_group_tf.Id,\n Tags = \n {\n { \"Name\", \"test\" },\n },\n VpcSecurityGroupIds = new[]\n {\n \"sg-12345678\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Database Migration Service requires the below IAM Roles to be created before\n\t\t// replication instances can be created. See the DMS Documentation for\n\t\t// additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n\t\t// - dms-vpc-role\n\t\t// - dms-cloudwatch-logs-role\n\t\t// - dms-access-for-endpoint\n\t\tdmsAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"dms.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-access-for-endpoint\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(dmsAssumeRole.Json),\n\t\t\tName: pulumi.String(\"dms-access-for-endpoint\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\"),\n\t\t\tRole: dms_access_for_endpoint.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-cloudwatch-logs-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(dmsAssumeRole.Json),\n\t\t\tName: pulumi.String(\"dms-cloudwatch-logs-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\"),\n\t\t\tRole: dms_cloudwatch_logs_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-vpc-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(dmsAssumeRole.Json),\n\t\t\tName: pulumi.String(\"dms-vpc-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-vpc-role-AmazonDMSVPCManagementRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\"),\n\t\t\tRole: dms_vpc_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new replication instance\n\t\t_, err = dms.NewReplicationInstance(ctx, \"test\", \u0026dms.ReplicationInstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(20),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(true),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2c\"),\n\t\t\tEngineVersion: pulumi.String(\"3.1.4\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPreferredMaintenanceWindow: pulumi.String(\"sun:10:30-sun:14:30\"),\n\t\t\tPubliclyAccessible: pulumi.Bool(true),\n\t\t\tReplicationInstanceClass: pulumi.String(\"dms.t2.micro\"),\n\t\t\tReplicationInstanceId: pulumi.String(\"test-dms-replication-instance-tf\"),\n\t\t\tReplicationSubnetGroupId: pulumi.Any(test_dms_replication_subnet_group_tf.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"sg-12345678\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.dms.ReplicationInstance;\nimport com.pulumi.aws.dms.ReplicationInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var dmsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"dms.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var dms_access_for_endpoint = new Role(\"dms-access-for-endpoint\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"dms-access-for-endpoint\")\n .build());\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\")\n .role(dms_access_for_endpoint.name())\n .build());\n\n var dms_cloudwatch_logs_role = new Role(\"dms-cloudwatch-logs-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"dms-cloudwatch-logs-role\")\n .build());\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\")\n .role(dms_cloudwatch_logs_role.name())\n .build());\n\n var dms_vpc_role = new Role(\"dms-vpc-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"dms-vpc-role\")\n .build());\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\n .role(dms_vpc_role.name())\n .build());\n\n var test = new ReplicationInstance(\"test\", ReplicationInstanceArgs.builder() \n .allocatedStorage(20)\n .applyImmediately(true)\n .autoMinorVersionUpgrade(true)\n .availabilityZone(\"us-west-2c\")\n .engineVersion(\"3.1.4\")\n .kmsKeyArn(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .multiAz(false)\n .preferredMaintenanceWindow(\"sun:10:30-sun:14:30\")\n .publiclyAccessible(true)\n .replicationInstanceClass(\"dms.t2.micro\")\n .replicationInstanceId(\"test-dms-replication-instance-tf\")\n .replicationSubnetGroupId(test_dms_replication_subnet_group_tf.id())\n .tags(Map.of(\"Name\", \"test\"))\n .vpcSecurityGroupIds(\"sg-12345678\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dms-access-for-endpoint:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n name: dms-access-for-endpoint\n dms-access-for-endpoint-AmazonDMSRedshiftS3Role:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\n role: ${[\"dms-access-for-endpoint\"].name}\n dms-cloudwatch-logs-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n name: dms-cloudwatch-logs-role\n dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\n role: ${[\"dms-cloudwatch-logs-role\"].name}\n dms-vpc-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n name: dms-vpc-role\n dms-vpc-role-AmazonDMSVPCManagementRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\n role: ${[\"dms-vpc-role\"].name}\n # Create a new replication instance\n test:\n type: aws:dms:ReplicationInstance\n properties:\n allocatedStorage: 20\n applyImmediately: true\n autoMinorVersionUpgrade: true\n availabilityZone: us-west-2c\n engineVersion: 3.1.4\n kmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n multiAz: false\n preferredMaintenanceWindow: sun:10:30-sun:14:30\n publiclyAccessible: true\n replicationInstanceClass: dms.t2.micro\n replicationInstanceId: test-dms-replication-instance-tf\n replicationSubnetGroupId: ${[\"test-dms-replication-subnet-group-tf\"].id}\n tags:\n Name: test\n vpcSecurityGroupIds:\n - sg-12345678\nvariables:\n # Database Migration Service requires the below IAM Roles to be created before\n # replication instances can be created. See the DMS Documentation for\n # additional information: https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole\n # * dms-vpc-role\n # * dms-cloudwatch-logs-role\n # * dms-access-for-endpoint\n dmsAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - identifiers:\n - dms.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import replication instances using the `replication_instance_id`. For example:\n\n```sh\n$ pulumi import aws:dms/replicationInstance:ReplicationInstance test test-dms-replication-instance-tf\n```\n", "properties": { "allocatedStorage": { "type": "integer", @@ -206394,7 +206394,7 @@ } }, "aws:dynamodb/table:Table": { - "description": "Provides a DynamoDB table resource.\n\n\u003e **Note:** It is recommended to use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) for `read_capacity` and/or `write_capacity` if there's `autoscaling policy` attached to the table.\n\n\u003e **Note:** When using aws.dynamodb.TableReplica with this resource, use `lifecycle` `ignore_changes` for `replica`, _e.g._, `lifecycle { ignore_changes = [replica] }`.\n\n## DynamoDB Table attributes\n\nOnly define attributes on the table object that are going to be used as:\n\n* Table hash key or range key\n* LSI or GSI hash key or range key\n\nThe DynamoDB API expects attribute structure (name and type) to be passed along when creating or updating GSI/LSIs or creating the initial table. In these cases it expects the Hash / Range keys to be provided. Because these get re-used in numerous places (i.e the table's range key could be a part of one or more GSIs), they are stored on the table object to prevent duplication and increase consistency. If you add attributes here that are not used in these scenarios it can cause an infinite loop in planning.\n\n## Example Usage\n\n### Basic Example\n\nThe following dynamodb table description models the table and GSI shown in the [AWS SDK example documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst basic_dynamodb_table = new aws.dynamodb.Table(\"basic-dynamodb-table\", {\n name: \"GameScores\",\n billingMode: \"PROVISIONED\",\n readCapacity: 20,\n writeCapacity: 20,\n hashKey: \"UserId\",\n rangeKey: \"GameTitle\",\n attributes: [\n {\n name: \"UserId\",\n type: \"S\",\n },\n {\n name: \"GameTitle\",\n type: \"S\",\n },\n {\n name: \"TopScore\",\n type: \"N\",\n },\n ],\n ttl: {\n attributeName: \"TimeToExist\",\n enabled: false,\n },\n globalSecondaryIndexes: [{\n name: \"GameTitleIndex\",\n hashKey: \"GameTitle\",\n rangeKey: \"TopScore\",\n writeCapacity: 10,\n readCapacity: 10,\n projectionType: \"INCLUDE\",\n nonKeyAttributes: [\"UserId\"],\n }],\n tags: {\n Name: \"dynamodb-table-1\",\n Environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbasic_dynamodb_table = aws.dynamodb.Table(\"basic-dynamodb-table\",\n name=\"GameScores\",\n billing_mode=\"PROVISIONED\",\n read_capacity=20,\n write_capacity=20,\n hash_key=\"UserId\",\n range_key=\"GameTitle\",\n attributes=[\n aws.dynamodb.TableAttributeArgs(\n name=\"UserId\",\n type=\"S\",\n ),\n aws.dynamodb.TableAttributeArgs(\n name=\"GameTitle\",\n type=\"S\",\n ),\n aws.dynamodb.TableAttributeArgs(\n name=\"TopScore\",\n type=\"N\",\n ),\n ],\n ttl=aws.dynamodb.TableTtlArgs(\n attribute_name=\"TimeToExist\",\n enabled=False,\n ),\n global_secondary_indexes=[aws.dynamodb.TableGlobalSecondaryIndexArgs(\n name=\"GameTitleIndex\",\n hash_key=\"GameTitle\",\n range_key=\"TopScore\",\n write_capacity=10,\n read_capacity=10,\n projection_type=\"INCLUDE\",\n non_key_attributes=[\"UserId\"],\n )],\n tags={\n \"Name\": \"dynamodb-table-1\",\n \"Environment\": \"production\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic_dynamodb_table = new Aws.DynamoDB.Table(\"basic-dynamodb-table\", new()\n {\n Name = \"GameScores\",\n BillingMode = \"PROVISIONED\",\n ReadCapacity = 20,\n WriteCapacity = 20,\n HashKey = \"UserId\",\n RangeKey = \"GameTitle\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"UserId\",\n Type = \"S\",\n },\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"GameTitle\",\n Type = \"S\",\n },\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TopScore\",\n Type = \"N\",\n },\n },\n Ttl = new Aws.DynamoDB.Inputs.TableTtlArgs\n {\n AttributeName = \"TimeToExist\",\n Enabled = false,\n },\n GlobalSecondaryIndexes = new[]\n {\n new Aws.DynamoDB.Inputs.TableGlobalSecondaryIndexArgs\n {\n Name = \"GameTitleIndex\",\n HashKey = \"GameTitle\",\n RangeKey = \"TopScore\",\n WriteCapacity = 10,\n ReadCapacity = 10,\n ProjectionType = \"INCLUDE\",\n NonKeyAttributes = new[]\n {\n \"UserId\",\n },\n },\n },\n Tags = \n {\n { \"Name\", \"dynamodb-table-1\" },\n { \"Environment\", \"production\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dynamodb.NewTable(ctx, \"basic-dynamodb-table\", \u0026dynamodb.TableArgs{\n\t\t\tName: pulumi.String(\"GameScores\"),\n\t\t\tBillingMode: pulumi.String(\"PROVISIONED\"),\n\t\t\tReadCapacity: pulumi.Int(20),\n\t\t\tWriteCapacity: pulumi.Int(20),\n\t\t\tHashKey: pulumi.String(\"UserId\"),\n\t\t\tRangeKey: pulumi.String(\"GameTitle\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"UserId\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"GameTitle\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TopScore\"),\n\t\t\t\t\tType: pulumi.String(\"N\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTtl: \u0026dynamodb.TableTtlArgs{\n\t\t\t\tAttributeName: pulumi.String(\"TimeToExist\"),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tGlobalSecondaryIndexes: dynamodb.TableGlobalSecondaryIndexArray{\n\t\t\t\t\u0026dynamodb.TableGlobalSecondaryIndexArgs{\n\t\t\t\t\tName: pulumi.String(\"GameTitleIndex\"),\n\t\t\t\t\tHashKey: pulumi.String(\"GameTitle\"),\n\t\t\t\t\tRangeKey: pulumi.String(\"TopScore\"),\n\t\t\t\t\tWriteCapacity: pulumi.Int(10),\n\t\t\t\t\tReadCapacity: pulumi.Int(10),\n\t\t\t\t\tProjectionType: pulumi.String(\"INCLUDE\"),\n\t\t\t\t\tNonKeyAttributes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"UserId\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"dynamodb-table-1\"),\n\t\t\t\t\"Environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableTtlArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableGlobalSecondaryIndexArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic_dynamodb_table = new Table(\"basic-dynamodb-table\", TableArgs.builder() \n .name(\"GameScores\")\n .billingMode(\"PROVISIONED\")\n .readCapacity(20)\n .writeCapacity(20)\n .hashKey(\"UserId\")\n .rangeKey(\"GameTitle\")\n .attributes( \n TableAttributeArgs.builder()\n .name(\"UserId\")\n .type(\"S\")\n .build(),\n TableAttributeArgs.builder()\n .name(\"GameTitle\")\n .type(\"S\")\n .build(),\n TableAttributeArgs.builder()\n .name(\"TopScore\")\n .type(\"N\")\n .build())\n .ttl(TableTtlArgs.builder()\n .attributeName(\"TimeToExist\")\n .enabled(false)\n .build())\n .globalSecondaryIndexes(TableGlobalSecondaryIndexArgs.builder()\n .name(\"GameTitleIndex\")\n .hashKey(\"GameTitle\")\n .rangeKey(\"TopScore\")\n .writeCapacity(10)\n .readCapacity(10)\n .projectionType(\"INCLUDE\")\n .nonKeyAttributes(\"UserId\")\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"dynamodb-table-1\"),\n Map.entry(\"Environment\", \"production\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic-dynamodb-table:\n type: aws:dynamodb:Table\n properties:\n name: GameScores\n billingMode: PROVISIONED\n readCapacity: 20\n writeCapacity: 20\n hashKey: UserId\n rangeKey: GameTitle\n attributes:\n - name: UserId\n type: S\n - name: GameTitle\n type: S\n - name: TopScore\n type: N\n ttl:\n attributeName: TimeToExist\n enabled: false\n globalSecondaryIndexes:\n - name: GameTitleIndex\n hashKey: GameTitle\n rangeKey: TopScore\n writeCapacity: 10\n readCapacity: 10\n projectionType: INCLUDE\n nonKeyAttributes:\n - UserId\n tags:\n Name: dynamodb-table-1\n Environment: production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Global Tables\n\nThis resource implements support for [DynamoDB Global Tables V2 (version 2019.11.21)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) via `replica` configuration blocks. For working with [DynamoDB Global Tables V1 (version 2017.11.29)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html), see the `aws.dynamodb.GlobalTable` resource.\n\n\u003e **Note:** aws.dynamodb.TableReplica is an alternate way of configuring Global Tables. Do not use `replica` configuration blocks of `aws.dynamodb.Table` together with aws_dynamodb_table_replica.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.dynamodb.Table(\"example\", {\n name: \"example\",\n hashKey: \"TestTableHashKey\",\n billingMode: \"PAY_PER_REQUEST\",\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n attributes: [{\n name: \"TestTableHashKey\",\n type: \"S\",\n }],\n replicas: [\n {\n regionName: \"us-east-2\",\n },\n {\n regionName: \"us-west-2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.dynamodb.Table(\"example\",\n name=\"example\",\n hash_key=\"TestTableHashKey\",\n billing_mode=\"PAY_PER_REQUEST\",\n stream_enabled=True,\n stream_view_type=\"NEW_AND_OLD_IMAGES\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"TestTableHashKey\",\n type=\"S\",\n )],\n replicas=[\n aws.dynamodb.TableReplicaArgs(\n region_name=\"us-east-2\",\n ),\n aws.dynamodb.TableReplicaArgs(\n region_name=\"us-west-2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.DynamoDB.Table(\"example\", new()\n {\n Name = \"example\",\n HashKey = \"TestTableHashKey\",\n BillingMode = \"PAY_PER_REQUEST\",\n StreamEnabled = true,\n StreamViewType = \"NEW_AND_OLD_IMAGES\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TestTableHashKey\",\n Type = \"S\",\n },\n },\n Replicas = new[]\n {\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = \"us-east-2\",\n },\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = \"us-west-2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tHashKey: pulumi.String(\"TestTableHashKey\"),\n\t\t\tBillingMode: pulumi.String(\"PAY_PER_REQUEST\"),\n\t\t\tStreamEnabled: pulumi.Bool(true),\n\t\t\tStreamViewType: pulumi.String(\"NEW_AND_OLD_IMAGES\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TestTableHashKey\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReplicas: dynamodb.TableReplicaTypeArray{\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-east-2\"),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-west-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableReplicaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Table(\"example\", TableArgs.builder() \n .name(\"example\")\n .hashKey(\"TestTableHashKey\")\n .billingMode(\"PAY_PER_REQUEST\")\n .streamEnabled(true)\n .streamViewType(\"NEW_AND_OLD_IMAGES\")\n .attributes(TableAttributeArgs.builder()\n .name(\"TestTableHashKey\")\n .type(\"S\")\n .build())\n .replicas( \n TableReplicaArgs.builder()\n .regionName(\"us-east-2\")\n .build(),\n TableReplicaArgs.builder()\n .regionName(\"us-west-2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:dynamodb:Table\n properties:\n name: example\n hashKey: TestTableHashKey\n billingMode: PAY_PER_REQUEST\n streamEnabled: true\n streamViewType: NEW_AND_OLD_IMAGES\n attributes:\n - name: TestTableHashKey\n type: S\n replicas:\n - regionName: us-east-2\n - regionName: us-west-2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Replica Tagging\n\nYou can manage global table replicas' tags in various ways. This example shows using `replica.*.propagate_tags` for the first replica and the `aws.dynamodb.Tag` resource for the other.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst current = aws.getRegion({});\nconst alternate = aws.getRegion({});\nconst third = aws.getRegion({});\nconst example = new aws.dynamodb.Table(\"example\", {\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"TestTableHashKey\",\n name: \"example-13281\",\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n attributes: [{\n name: \"TestTableHashKey\",\n type: \"S\",\n }],\n replicas: [\n {\n regionName: alternate.then(alternate =\u003e alternate.name),\n },\n {\n regionName: third.then(third =\u003e third.name),\n propagateTags: true,\n },\n ],\n tags: {\n Architect: \"Eleanor\",\n Zone: \"SW\",\n },\n});\nconst exampleTag = new aws.dynamodb.Tag(\"example\", {\n resourceArn: pulumi.all([example.arn, current, alternate]).apply(([arn, current, alternate]) =\u003e std.replaceOutput({\n text: arn,\n search: current.name,\n replace: alternate.name,\n })).apply(invoke =\u003e invoke.result),\n key: \"Architect\",\n value: \"Gigi\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\ncurrent = aws.get_region()\nalternate = aws.get_region()\nthird = aws.get_region()\nexample = aws.dynamodb.Table(\"example\",\n billing_mode=\"PAY_PER_REQUEST\",\n hash_key=\"TestTableHashKey\",\n name=\"example-13281\",\n stream_enabled=True,\n stream_view_type=\"NEW_AND_OLD_IMAGES\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"TestTableHashKey\",\n type=\"S\",\n )],\n replicas=[\n aws.dynamodb.TableReplicaArgs(\n region_name=alternate.name,\n ),\n aws.dynamodb.TableReplicaArgs(\n region_name=third.name,\n propagate_tags=True,\n ),\n ],\n tags={\n \"Architect\": \"Eleanor\",\n \"Zone\": \"SW\",\n })\nexample_tag = aws.dynamodb.Tag(\"example\",\n resource_arn=example.arn.apply(lambda arn: std.replace_output(text=arn,\n search=current.name,\n replace=alternate.name)).apply(lambda invoke: invoke.result),\n key=\"Architect\",\n value=\"Gigi\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var alternate = Aws.GetRegion.Invoke();\n\n var third = Aws.GetRegion.Invoke();\n\n var example = new Aws.DynamoDB.Table(\"example\", new()\n {\n BillingMode = \"PAY_PER_REQUEST\",\n HashKey = \"TestTableHashKey\",\n Name = \"example-13281\",\n StreamEnabled = true,\n StreamViewType = \"NEW_AND_OLD_IMAGES\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TestTableHashKey\",\n Type = \"S\",\n },\n },\n Replicas = new[]\n {\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = alternate.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = third.Apply(getRegionResult =\u003e getRegionResult.Name),\n PropagateTags = true,\n },\n },\n Tags = \n {\n { \"Architect\", \"Eleanor\" },\n { \"Zone\", \"SW\" },\n },\n });\n\n var exampleTag = new Aws.DynamoDB.Tag(\"example\", new()\n {\n ResourceArn = Output.Tuple(example.Arn, current, alternate).Apply(values =\u003e\n {\n var arn = values.Item1;\n var current = values.Item2;\n var alternate = values.Item3;\n return Std.Replace.Invoke(new()\n {\n Text = arn,\n Search = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Replace = alternate.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n }).Apply(invoke =\u003e invoke.Result),\n Key = \"Architect\",\n Value = \"Gigi\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\talternate, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthird, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tBillingMode: pulumi.String(\"PAY_PER_REQUEST\"),\n\t\t\tHashKey: pulumi.String(\"TestTableHashKey\"),\n\t\t\tName: pulumi.String(\"example-13281\"),\n\t\t\tStreamEnabled: pulumi.Bool(true),\n\t\t\tStreamViewType: pulumi.String(\"NEW_AND_OLD_IMAGES\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TestTableHashKey\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReplicas: dynamodb.TableReplicaTypeArray{\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: *pulumi.String(alternate.Name),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: *pulumi.String(third.Name),\n\t\t\t\t\tPropagateTags: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Architect\": pulumi.String(\"Eleanor\"),\n\t\t\t\t\"Zone\": pulumi.String(\"SW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewTag(ctx, \"example\", \u0026dynamodb.TagArgs{\n\t\t\tResourceArn: example.Arn.ApplyT(func(arn string) (std.ReplaceResult, error) {\n\t\t\t\treturn std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\tText: arn,\n\t\t\t\t\tSearch: current.Name,\n\t\t\t\t\tReplace: alternate.Name,\n\t\t\t\t}, nil), nil\n\t\t\t}).(std.ReplaceResultOutput).ApplyT(func(invoke std.ReplaceResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tKey: pulumi.String(\"Architect\"),\n\t\t\tValue: pulumi.String(\"Gigi\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableReplicaArgs;\nimport com.pulumi.aws.dynamodb.Tag;\nimport com.pulumi.aws.dynamodb.TagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var alternate = AwsFunctions.getRegion();\n\n final var third = AwsFunctions.getRegion();\n\n var example = new Table(\"example\", TableArgs.builder() \n .billingMode(\"PAY_PER_REQUEST\")\n .hashKey(\"TestTableHashKey\")\n .name(\"example-13281\")\n .streamEnabled(true)\n .streamViewType(\"NEW_AND_OLD_IMAGES\")\n .attributes(TableAttributeArgs.builder()\n .name(\"TestTableHashKey\")\n .type(\"S\")\n .build())\n .replicas( \n TableReplicaArgs.builder()\n .regionName(alternate.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build(),\n TableReplicaArgs.builder()\n .regionName(third.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .propagateTags(true)\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"Architect\", \"Eleanor\"),\n Map.entry(\"Zone\", \"SW\")\n ))\n .build());\n\n var exampleTag = new Tag(\"exampleTag\", TagArgs.builder() \n .resourceArn(example.arn().applyValue(arn -\u003e StdFunctions.replace()).applyValue(invoke -\u003e invoke.result()))\n .key(\"Architect\")\n .value(\"Gigi\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:dynamodb:Table\n properties:\n billingMode: PAY_PER_REQUEST\n hashKey: TestTableHashKey\n name: example-13281\n streamEnabled: true\n streamViewType: NEW_AND_OLD_IMAGES\n attributes:\n - name: TestTableHashKey\n type: S\n replicas:\n - regionName: ${alternate.name}\n - regionName: ${third.name}\n propagateTags: true\n tags:\n Architect: Eleanor\n Zone: SW\n exampleTag:\n type: aws:dynamodb:Tag\n name: example\n properties:\n resourceArn:\n fn::invoke:\n Function: std:replace\n Arguments:\n text: ${example.arn}\n search: ${current.name}\n replace: ${alternate.name}\n Return: result\n key: Architect\n value: Gigi\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n alternate:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n third:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DynamoDB tables using the `name`. For example:\n\n```sh\n$ pulumi import aws:dynamodb/table:Table basic-dynamodb-table GameScores\n```\n", + "description": "Provides a DynamoDB table resource.\n\n\u003e **Note:** It is recommended to use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) for `read_capacity` and/or `write_capacity` if there's `autoscaling policy` attached to the table.\n\n\u003e **Note:** When using aws.dynamodb.TableReplica with this resource, use `lifecycle` `ignore_changes` for `replica`, _e.g._, `lifecycle { ignore_changes = [replica] }`.\n\n## DynamoDB Table attributes\n\nOnly define attributes on the table object that are going to be used as:\n\n* Table hash key or range key\n* LSI or GSI hash key or range key\n\nThe DynamoDB API expects attribute structure (name and type) to be passed along when creating or updating GSI/LSIs or creating the initial table. In these cases it expects the Hash / Range keys to be provided. Because these get re-used in numerous places (i.e the table's range key could be a part of one or more GSIs), they are stored on the table object to prevent duplication and increase consistency. If you add attributes here that are not used in these scenarios it can cause an infinite loop in planning.\n\n## Example Usage\n\n### Basic Example\n\nThe following dynamodb table description models the table and GSI shown in the [AWS SDK example documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst basic_dynamodb_table = new aws.dynamodb.Table(\"basic-dynamodb-table\", {\n name: \"GameScores\",\n billingMode: \"PROVISIONED\",\n readCapacity: 20,\n writeCapacity: 20,\n hashKey: \"UserId\",\n rangeKey: \"GameTitle\",\n attributes: [\n {\n name: \"UserId\",\n type: \"S\",\n },\n {\n name: \"GameTitle\",\n type: \"S\",\n },\n {\n name: \"TopScore\",\n type: \"N\",\n },\n ],\n ttl: {\n attributeName: \"TimeToExist\",\n enabled: false,\n },\n globalSecondaryIndexes: [{\n name: \"GameTitleIndex\",\n hashKey: \"GameTitle\",\n rangeKey: \"TopScore\",\n writeCapacity: 10,\n readCapacity: 10,\n projectionType: \"INCLUDE\",\n nonKeyAttributes: [\"UserId\"],\n }],\n tags: {\n Name: \"dynamodb-table-1\",\n Environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbasic_dynamodb_table = aws.dynamodb.Table(\"basic-dynamodb-table\",\n name=\"GameScores\",\n billing_mode=\"PROVISIONED\",\n read_capacity=20,\n write_capacity=20,\n hash_key=\"UserId\",\n range_key=\"GameTitle\",\n attributes=[\n aws.dynamodb.TableAttributeArgs(\n name=\"UserId\",\n type=\"S\",\n ),\n aws.dynamodb.TableAttributeArgs(\n name=\"GameTitle\",\n type=\"S\",\n ),\n aws.dynamodb.TableAttributeArgs(\n name=\"TopScore\",\n type=\"N\",\n ),\n ],\n ttl=aws.dynamodb.TableTtlArgs(\n attribute_name=\"TimeToExist\",\n enabled=False,\n ),\n global_secondary_indexes=[aws.dynamodb.TableGlobalSecondaryIndexArgs(\n name=\"GameTitleIndex\",\n hash_key=\"GameTitle\",\n range_key=\"TopScore\",\n write_capacity=10,\n read_capacity=10,\n projection_type=\"INCLUDE\",\n non_key_attributes=[\"UserId\"],\n )],\n tags={\n \"Name\": \"dynamodb-table-1\",\n \"Environment\": \"production\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic_dynamodb_table = new Aws.DynamoDB.Table(\"basic-dynamodb-table\", new()\n {\n Name = \"GameScores\",\n BillingMode = \"PROVISIONED\",\n ReadCapacity = 20,\n WriteCapacity = 20,\n HashKey = \"UserId\",\n RangeKey = \"GameTitle\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"UserId\",\n Type = \"S\",\n },\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"GameTitle\",\n Type = \"S\",\n },\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TopScore\",\n Type = \"N\",\n },\n },\n Ttl = new Aws.DynamoDB.Inputs.TableTtlArgs\n {\n AttributeName = \"TimeToExist\",\n Enabled = false,\n },\n GlobalSecondaryIndexes = new[]\n {\n new Aws.DynamoDB.Inputs.TableGlobalSecondaryIndexArgs\n {\n Name = \"GameTitleIndex\",\n HashKey = \"GameTitle\",\n RangeKey = \"TopScore\",\n WriteCapacity = 10,\n ReadCapacity = 10,\n ProjectionType = \"INCLUDE\",\n NonKeyAttributes = new[]\n {\n \"UserId\",\n },\n },\n },\n Tags = \n {\n { \"Name\", \"dynamodb-table-1\" },\n { \"Environment\", \"production\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dynamodb.NewTable(ctx, \"basic-dynamodb-table\", \u0026dynamodb.TableArgs{\n\t\t\tName: pulumi.String(\"GameScores\"),\n\t\t\tBillingMode: pulumi.String(\"PROVISIONED\"),\n\t\t\tReadCapacity: pulumi.Int(20),\n\t\t\tWriteCapacity: pulumi.Int(20),\n\t\t\tHashKey: pulumi.String(\"UserId\"),\n\t\t\tRangeKey: pulumi.String(\"GameTitle\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"UserId\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"GameTitle\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TopScore\"),\n\t\t\t\t\tType: pulumi.String(\"N\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTtl: \u0026dynamodb.TableTtlArgs{\n\t\t\t\tAttributeName: pulumi.String(\"TimeToExist\"),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tGlobalSecondaryIndexes: dynamodb.TableGlobalSecondaryIndexArray{\n\t\t\t\t\u0026dynamodb.TableGlobalSecondaryIndexArgs{\n\t\t\t\t\tName: pulumi.String(\"GameTitleIndex\"),\n\t\t\t\t\tHashKey: pulumi.String(\"GameTitle\"),\n\t\t\t\t\tRangeKey: pulumi.String(\"TopScore\"),\n\t\t\t\t\tWriteCapacity: pulumi.Int(10),\n\t\t\t\t\tReadCapacity: pulumi.Int(10),\n\t\t\t\t\tProjectionType: pulumi.String(\"INCLUDE\"),\n\t\t\t\t\tNonKeyAttributes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"UserId\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"dynamodb-table-1\"),\n\t\t\t\t\"Environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableTtlArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableGlobalSecondaryIndexArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic_dynamodb_table = new Table(\"basic-dynamodb-table\", TableArgs.builder() \n .name(\"GameScores\")\n .billingMode(\"PROVISIONED\")\n .readCapacity(20)\n .writeCapacity(20)\n .hashKey(\"UserId\")\n .rangeKey(\"GameTitle\")\n .attributes( \n TableAttributeArgs.builder()\n .name(\"UserId\")\n .type(\"S\")\n .build(),\n TableAttributeArgs.builder()\n .name(\"GameTitle\")\n .type(\"S\")\n .build(),\n TableAttributeArgs.builder()\n .name(\"TopScore\")\n .type(\"N\")\n .build())\n .ttl(TableTtlArgs.builder()\n .attributeName(\"TimeToExist\")\n .enabled(false)\n .build())\n .globalSecondaryIndexes(TableGlobalSecondaryIndexArgs.builder()\n .name(\"GameTitleIndex\")\n .hashKey(\"GameTitle\")\n .rangeKey(\"TopScore\")\n .writeCapacity(10)\n .readCapacity(10)\n .projectionType(\"INCLUDE\")\n .nonKeyAttributes(\"UserId\")\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"dynamodb-table-1\"),\n Map.entry(\"Environment\", \"production\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic-dynamodb-table:\n type: aws:dynamodb:Table\n properties:\n name: GameScores\n billingMode: PROVISIONED\n readCapacity: 20\n writeCapacity: 20\n hashKey: UserId\n rangeKey: GameTitle\n attributes:\n - name: UserId\n type: S\n - name: GameTitle\n type: S\n - name: TopScore\n type: N\n ttl:\n attributeName: TimeToExist\n enabled: false\n globalSecondaryIndexes:\n - name: GameTitleIndex\n hashKey: GameTitle\n rangeKey: TopScore\n writeCapacity: 10\n readCapacity: 10\n projectionType: INCLUDE\n nonKeyAttributes:\n - UserId\n tags:\n Name: dynamodb-table-1\n Environment: production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Global Tables\n\nThis resource implements support for [DynamoDB Global Tables V2 (version 2019.11.21)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) via `replica` configuration blocks. For working with [DynamoDB Global Tables V1 (version 2017.11.29)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html), see the `aws.dynamodb.GlobalTable` resource.\n\n\u003e **Note:** aws.dynamodb.TableReplica is an alternate way of configuring Global Tables. Do not use `replica` configuration blocks of `aws.dynamodb.Table` together with aws_dynamodb_table_replica.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.dynamodb.Table(\"example\", {\n name: \"example\",\n hashKey: \"TestTableHashKey\",\n billingMode: \"PAY_PER_REQUEST\",\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n attributes: [{\n name: \"TestTableHashKey\",\n type: \"S\",\n }],\n replicas: [\n {\n regionName: \"us-east-2\",\n },\n {\n regionName: \"us-west-2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.dynamodb.Table(\"example\",\n name=\"example\",\n hash_key=\"TestTableHashKey\",\n billing_mode=\"PAY_PER_REQUEST\",\n stream_enabled=True,\n stream_view_type=\"NEW_AND_OLD_IMAGES\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"TestTableHashKey\",\n type=\"S\",\n )],\n replicas=[\n aws.dynamodb.TableReplicaArgs(\n region_name=\"us-east-2\",\n ),\n aws.dynamodb.TableReplicaArgs(\n region_name=\"us-west-2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.DynamoDB.Table(\"example\", new()\n {\n Name = \"example\",\n HashKey = \"TestTableHashKey\",\n BillingMode = \"PAY_PER_REQUEST\",\n StreamEnabled = true,\n StreamViewType = \"NEW_AND_OLD_IMAGES\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TestTableHashKey\",\n Type = \"S\",\n },\n },\n Replicas = new[]\n {\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = \"us-east-2\",\n },\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = \"us-west-2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tHashKey: pulumi.String(\"TestTableHashKey\"),\n\t\t\tBillingMode: pulumi.String(\"PAY_PER_REQUEST\"),\n\t\t\tStreamEnabled: pulumi.Bool(true),\n\t\t\tStreamViewType: pulumi.String(\"NEW_AND_OLD_IMAGES\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TestTableHashKey\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReplicas: dynamodb.TableReplicaTypeArray{\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-east-2\"),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-west-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableReplicaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Table(\"example\", TableArgs.builder() \n .name(\"example\")\n .hashKey(\"TestTableHashKey\")\n .billingMode(\"PAY_PER_REQUEST\")\n .streamEnabled(true)\n .streamViewType(\"NEW_AND_OLD_IMAGES\")\n .attributes(TableAttributeArgs.builder()\n .name(\"TestTableHashKey\")\n .type(\"S\")\n .build())\n .replicas( \n TableReplicaArgs.builder()\n .regionName(\"us-east-2\")\n .build(),\n TableReplicaArgs.builder()\n .regionName(\"us-west-2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:dynamodb:Table\n properties:\n name: example\n hashKey: TestTableHashKey\n billingMode: PAY_PER_REQUEST\n streamEnabled: true\n streamViewType: NEW_AND_OLD_IMAGES\n attributes:\n - name: TestTableHashKey\n type: S\n replicas:\n - regionName: us-east-2\n - regionName: us-west-2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Replica Tagging\n\nYou can manage global table replicas' tags in various ways. This example shows using `replica.*.propagate_tags` for the first replica and the `aws.dynamodb.Tag` resource for the other.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst current = aws.getRegion({});\nconst alternate = aws.getRegion({});\nconst third = aws.getRegion({});\nconst example = new aws.dynamodb.Table(\"example\", {\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"TestTableHashKey\",\n name: \"example-13281\",\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n attributes: [{\n name: \"TestTableHashKey\",\n type: \"S\",\n }],\n replicas: [\n {\n regionName: alternate.then(alternate =\u003e alternate.name),\n },\n {\n regionName: third.then(third =\u003e third.name),\n propagateTags: true,\n },\n ],\n tags: {\n Architect: \"Eleanor\",\n Zone: \"SW\",\n },\n});\nconst exampleTag = new aws.dynamodb.Tag(\"example\", {\n resourceArn: pulumi.all([example.arn, current, alternate]).apply(([arn, current, alternate]) =\u003e std.replaceOutput({\n text: arn,\n search: current.name,\n replace: alternate.name,\n })).apply(invoke =\u003e invoke.result),\n key: \"Architect\",\n value: \"Gigi\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\ncurrent = aws.get_region()\nalternate = aws.get_region()\nthird = aws.get_region()\nexample = aws.dynamodb.Table(\"example\",\n billing_mode=\"PAY_PER_REQUEST\",\n hash_key=\"TestTableHashKey\",\n name=\"example-13281\",\n stream_enabled=True,\n stream_view_type=\"NEW_AND_OLD_IMAGES\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"TestTableHashKey\",\n type=\"S\",\n )],\n replicas=[\n aws.dynamodb.TableReplicaArgs(\n region_name=alternate.name,\n ),\n aws.dynamodb.TableReplicaArgs(\n region_name=third.name,\n propagate_tags=True,\n ),\n ],\n tags={\n \"Architect\": \"Eleanor\",\n \"Zone\": \"SW\",\n })\nexample_tag = aws.dynamodb.Tag(\"example\",\n resource_arn=example.arn.apply(lambda arn: std.replace_output(text=arn,\n search=current.name,\n replace=alternate.name)).apply(lambda invoke: invoke.result),\n key=\"Architect\",\n value=\"Gigi\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var alternate = Aws.GetRegion.Invoke();\n\n var third = Aws.GetRegion.Invoke();\n\n var example = new Aws.DynamoDB.Table(\"example\", new()\n {\n BillingMode = \"PAY_PER_REQUEST\",\n HashKey = \"TestTableHashKey\",\n Name = \"example-13281\",\n StreamEnabled = true,\n StreamViewType = \"NEW_AND_OLD_IMAGES\",\n Attributes = new[]\n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TestTableHashKey\",\n Type = \"S\",\n },\n },\n Replicas = new[]\n {\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = alternate.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = third.Apply(getRegionResult =\u003e getRegionResult.Name),\n PropagateTags = true,\n },\n },\n Tags = \n {\n { \"Architect\", \"Eleanor\" },\n { \"Zone\", \"SW\" },\n },\n });\n\n var exampleTag = new Aws.DynamoDB.Tag(\"example\", new()\n {\n ResourceArn = Output.Tuple(example.Arn, current, alternate).Apply(values =\u003e\n {\n var arn = values.Item1;\n var current = values.Item2;\n var alternate = values.Item3;\n return Std.Replace.Invoke(new()\n {\n Text = arn,\n Search = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Replace = alternate.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n }).Apply(invoke =\u003e invoke.Result),\n Key = \"Architect\",\n Value = \"Gigi\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\talternate, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthird, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tBillingMode: pulumi.String(\"PAY_PER_REQUEST\"),\n\t\t\tHashKey: pulumi.String(\"TestTableHashKey\"),\n\t\t\tName: pulumi.String(\"example-13281\"),\n\t\t\tStreamEnabled: pulumi.Bool(true),\n\t\t\tStreamViewType: pulumi.String(\"NEW_AND_OLD_IMAGES\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t\u0026dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TestTableHashKey\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tReplicas: dynamodb.TableReplicaTypeArray{\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: pulumi.String(alternate.Name),\n\t\t\t\t},\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: pulumi.String(third.Name),\n\t\t\t\t\tPropagateTags: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Architect\": pulumi.String(\"Eleanor\"),\n\t\t\t\t\"Zone\": pulumi.String(\"SW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewTag(ctx, \"example\", \u0026dynamodb.TagArgs{\n\t\t\tResourceArn: example.Arn.ApplyT(func(arn string) (std.ReplaceResult, error) {\n\t\t\t\treturn std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\tText: arn,\n\t\t\t\t\tSearch: current.Name,\n\t\t\t\t\tReplace: alternate.Name,\n\t\t\t\t}, nil), nil\n\t\t\t}).(std.ReplaceResultOutput).ApplyT(func(invoke std.ReplaceResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tKey: pulumi.String(\"Architect\"),\n\t\t\tValue: pulumi.String(\"Gigi\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableAttributeArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableReplicaArgs;\nimport com.pulumi.aws.dynamodb.Tag;\nimport com.pulumi.aws.dynamodb.TagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var alternate = AwsFunctions.getRegion();\n\n final var third = AwsFunctions.getRegion();\n\n var example = new Table(\"example\", TableArgs.builder() \n .billingMode(\"PAY_PER_REQUEST\")\n .hashKey(\"TestTableHashKey\")\n .name(\"example-13281\")\n .streamEnabled(true)\n .streamViewType(\"NEW_AND_OLD_IMAGES\")\n .attributes(TableAttributeArgs.builder()\n .name(\"TestTableHashKey\")\n .type(\"S\")\n .build())\n .replicas( \n TableReplicaArgs.builder()\n .regionName(alternate.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build(),\n TableReplicaArgs.builder()\n .regionName(third.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .propagateTags(true)\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"Architect\", \"Eleanor\"),\n Map.entry(\"Zone\", \"SW\")\n ))\n .build());\n\n var exampleTag = new Tag(\"exampleTag\", TagArgs.builder() \n .resourceArn(example.arn().applyValue(arn -\u003e StdFunctions.replace()).applyValue(invoke -\u003e invoke.result()))\n .key(\"Architect\")\n .value(\"Gigi\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:dynamodb:Table\n properties:\n billingMode: PAY_PER_REQUEST\n hashKey: TestTableHashKey\n name: example-13281\n streamEnabled: true\n streamViewType: NEW_AND_OLD_IMAGES\n attributes:\n - name: TestTableHashKey\n type: S\n replicas:\n - regionName: ${alternate.name}\n - regionName: ${third.name}\n propagateTags: true\n tags:\n Architect: Eleanor\n Zone: SW\n exampleTag:\n type: aws:dynamodb:Tag\n name: example\n properties:\n resourceArn:\n fn::invoke:\n Function: std:replace\n Arguments:\n text: ${example.arn}\n search: ${current.name}\n replace: ${alternate.name}\n Return: result\n key: Architect\n value: Gigi\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n alternate:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n third:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DynamoDB tables using the `name`. For example:\n\n```sh\n$ pulumi import aws:dynamodb/table:Table basic-dynamodb-table GameScores\n```\n", "properties": { "arn": { "type": "string", @@ -206981,7 +206981,7 @@ } }, "aws:dynamodb/tag:Tag": { - "description": "Manages an individual DynamoDB resource tag. This resource should only be used in cases where DynamoDB resources are created outside the provider (e.g., Table replicas in other regions).\n\n\u003e **NOTE:** This tagging resource should not be combined with the resource for managing the parent resource. For example, using `aws.dynamodb.Table` and `aws.dynamodb.Tag` to manage tags of the same DynamoDB Table in the same region will cause a perpetual difference where the `aws_dynamodb_cluster` resource will try to remove the tag being added by the `aws.dynamodb.Tag` resource.\n\n\u003e **NOTE:** This tagging resource does not use the provider `ignore_tags` configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst replica = aws.getRegion({});\nconst current = aws.getRegion({});\nconst example = new aws.dynamodb.Table(\"example\", {replicas: [{\n regionName: replica.then(replica =\u003e replica.name),\n}]});\nconst test = new aws.dynamodb.Tag(\"test\", {\n resourceArn: pulumi.all([example.arn, current, replica]).apply(([arn, current, replica]) =\u003e std.replaceOutput({\n text: arn,\n search: current.name,\n replace: replica.name,\n })).apply(invoke =\u003e invoke.result),\n key: \"testkey\",\n value: \"testvalue\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nreplica = aws.get_region()\ncurrent = aws.get_region()\nexample = aws.dynamodb.Table(\"example\", replicas=[aws.dynamodb.TableReplicaArgs(\n region_name=replica.name,\n)])\ntest = aws.dynamodb.Tag(\"test\",\n resource_arn=example.arn.apply(lambda arn: std.replace_output(text=arn,\n search=current.name,\n replace=replica.name)).apply(lambda invoke: invoke.result),\n key=\"testkey\",\n value=\"testvalue\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var replica = Aws.GetRegion.Invoke();\n\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.DynamoDB.Table(\"example\", new()\n {\n Replicas = new[]\n {\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = replica.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var test = new Aws.DynamoDB.Tag(\"test\", new()\n {\n ResourceArn = Output.Tuple(example.Arn, current, replica).Apply(values =\u003e\n {\n var arn = values.Item1;\n var current = values.Item2;\n var replica = values.Item3;\n return Std.Replace.Invoke(new()\n {\n Text = arn,\n Search = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Replace = replica.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n }).Apply(invoke =\u003e invoke.Result),\n Key = \"testkey\",\n Value = \"testvalue\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treplica, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tReplicas: dynamodb.TableReplicaTypeArray{\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: *pulumi.String(replica.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewTag(ctx, \"test\", \u0026dynamodb.TagArgs{\n\t\t\tResourceArn: example.Arn.ApplyT(func(arn string) (std.ReplaceResult, error) {\n\t\t\t\treturn std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\tText: arn,\n\t\t\t\t\tSearch: current.Name,\n\t\t\t\t\tReplace: replica.Name,\n\t\t\t\t}, nil), nil\n\t\t\t}).(std.ReplaceResultOutput).ApplyT(func(invoke std.ReplaceResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tKey: pulumi.String(\"testkey\"),\n\t\t\tValue: pulumi.String(\"testvalue\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableReplicaArgs;\nimport com.pulumi.aws.dynamodb.Tag;\nimport com.pulumi.aws.dynamodb.TagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var replica = AwsFunctions.getRegion();\n\n final var current = AwsFunctions.getRegion();\n\n var example = new Table(\"example\", TableArgs.builder() \n .replicas(TableReplicaArgs.builder()\n .regionName(replica.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var test = new Tag(\"test\", TagArgs.builder() \n .resourceArn(example.arn().applyValue(arn -\u003e StdFunctions.replace()).applyValue(invoke -\u003e invoke.result()))\n .key(\"testkey\")\n .value(\"testvalue\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:dynamodb:Table\n properties:\n replicas:\n - regionName: ${replica.name}\n test:\n type: aws:dynamodb:Tag\n properties:\n resourceArn:\n fn::invoke:\n Function: std:replace\n Arguments:\n text: ${example.arn}\n search: ${current.name}\n replace: ${replica.name}\n Return: result\n key: testkey\n value: testvalue\nvariables:\n replica:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_dynamodb_tag` using the DynamoDB resource identifier and key, separated by a comma (`,`). For example:\n\n```sh\n$ pulumi import aws:dynamodb/tag:Tag example arn:aws:dynamodb:us-east-1:123456789012:table/example,Name\n```\n", + "description": "Manages an individual DynamoDB resource tag. This resource should only be used in cases where DynamoDB resources are created outside the provider (e.g., Table replicas in other regions).\n\n\u003e **NOTE:** This tagging resource should not be combined with the resource for managing the parent resource. For example, using `aws.dynamodb.Table` and `aws.dynamodb.Tag` to manage tags of the same DynamoDB Table in the same region will cause a perpetual difference where the `aws_dynamodb_cluster` resource will try to remove the tag being added by the `aws.dynamodb.Tag` resource.\n\n\u003e **NOTE:** This tagging resource does not use the provider `ignore_tags` configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst replica = aws.getRegion({});\nconst current = aws.getRegion({});\nconst example = new aws.dynamodb.Table(\"example\", {replicas: [{\n regionName: replica.then(replica =\u003e replica.name),\n}]});\nconst test = new aws.dynamodb.Tag(\"test\", {\n resourceArn: pulumi.all([example.arn, current, replica]).apply(([arn, current, replica]) =\u003e std.replaceOutput({\n text: arn,\n search: current.name,\n replace: replica.name,\n })).apply(invoke =\u003e invoke.result),\n key: \"testkey\",\n value: \"testvalue\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nreplica = aws.get_region()\ncurrent = aws.get_region()\nexample = aws.dynamodb.Table(\"example\", replicas=[aws.dynamodb.TableReplicaArgs(\n region_name=replica.name,\n)])\ntest = aws.dynamodb.Tag(\"test\",\n resource_arn=example.arn.apply(lambda arn: std.replace_output(text=arn,\n search=current.name,\n replace=replica.name)).apply(lambda invoke: invoke.result),\n key=\"testkey\",\n value=\"testvalue\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var replica = Aws.GetRegion.Invoke();\n\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.DynamoDB.Table(\"example\", new()\n {\n Replicas = new[]\n {\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = replica.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var test = new Aws.DynamoDB.Tag(\"test\", new()\n {\n ResourceArn = Output.Tuple(example.Arn, current, replica).Apply(values =\u003e\n {\n var arn = values.Item1;\n var current = values.Item2;\n var replica = values.Item3;\n return Std.Replace.Invoke(new()\n {\n Text = arn,\n Search = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Replace = replica.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n }).Apply(invoke =\u003e invoke.Result),\n Key = \"testkey\",\n Value = \"testvalue\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treplica, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := dynamodb.NewTable(ctx, \"example\", \u0026dynamodb.TableArgs{\n\t\t\tReplicas: dynamodb.TableReplicaTypeArray{\n\t\t\t\t\u0026dynamodb.TableReplicaTypeArgs{\n\t\t\t\t\tRegionName: pulumi.String(replica.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewTag(ctx, \"test\", \u0026dynamodb.TagArgs{\n\t\t\tResourceArn: example.Arn.ApplyT(func(arn string) (std.ReplaceResult, error) {\n\t\t\t\treturn std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\tText: arn,\n\t\t\t\t\tSearch: current.Name,\n\t\t\t\t\tReplace: replica.Name,\n\t\t\t\t}, nil), nil\n\t\t\t}).(std.ReplaceResultOutput).ApplyT(func(invoke std.ReplaceResult) (*string, error) {\n\t\t\t\treturn invoke.Result, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tKey: pulumi.String(\"testkey\"),\n\t\t\tValue: pulumi.String(\"testvalue\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.dynamodb.Table;\nimport com.pulumi.aws.dynamodb.TableArgs;\nimport com.pulumi.aws.dynamodb.inputs.TableReplicaArgs;\nimport com.pulumi.aws.dynamodb.Tag;\nimport com.pulumi.aws.dynamodb.TagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var replica = AwsFunctions.getRegion();\n\n final var current = AwsFunctions.getRegion();\n\n var example = new Table(\"example\", TableArgs.builder() \n .replicas(TableReplicaArgs.builder()\n .regionName(replica.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var test = new Tag(\"test\", TagArgs.builder() \n .resourceArn(example.arn().applyValue(arn -\u003e StdFunctions.replace()).applyValue(invoke -\u003e invoke.result()))\n .key(\"testkey\")\n .value(\"testvalue\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:dynamodb:Table\n properties:\n replicas:\n - regionName: ${replica.name}\n test:\n type: aws:dynamodb:Tag\n properties:\n resourceArn:\n fn::invoke:\n Function: std:replace\n Arguments:\n text: ${example.arn}\n search: ${current.name}\n replace: ${replica.name}\n Return: result\n key: testkey\n value: testvalue\nvariables:\n replica:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_dynamodb_tag` using the DynamoDB resource identifier and key, separated by a comma (`,`). For example:\n\n```sh\n$ pulumi import aws:dynamodb/tag:Tag example arn:aws:dynamodb:us-east-1:123456789012:table/example,Name\n```\n", "properties": { "key": { "type": "string", @@ -209169,7 +209169,7 @@ } }, "aws:ec2/amiLaunchPermission:AmiLaunchPermission": { - "description": "Adds a launch permission to an Amazon Machine Image (AMI).\n\n## Example Usage\n\n### AWS Account ID\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiLaunchPermission(\"example\", {\n imageId: \"ami-12345678\",\n accountId: \"123456789012\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiLaunchPermission(\"example\",\n image_id=\"ami-12345678\",\n account_id=\"123456789012\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.AmiLaunchPermission(\"example\", new()\n {\n ImageId = \"ami-12345678\",\n AccountId = \"123456789012\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmiLaunchPermission(ctx, \"example\", \u0026ec2.AmiLaunchPermissionArgs{\n\t\t\tImageId: pulumi.String(\"ami-12345678\"),\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.AmiLaunchPermission;\nimport com.pulumi.aws.ec2.AmiLaunchPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AmiLaunchPermission(\"example\", AmiLaunchPermissionArgs.builder() \n .imageId(\"ami-12345678\")\n .accountId(\"123456789012\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiLaunchPermission\n properties:\n imageId: ami-12345678\n accountId: '123456789012'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Public Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiLaunchPermission(\"example\", {\n imageId: \"ami-12345678\",\n group: \"all\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiLaunchPermission(\"example\",\n image_id=\"ami-12345678\",\n group=\"all\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.AmiLaunchPermission(\"example\", new()\n {\n ImageId = \"ami-12345678\",\n Group = \"all\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmiLaunchPermission(ctx, \"example\", \u0026ec2.AmiLaunchPermissionArgs{\n\t\t\tImageId: pulumi.String(\"ami-12345678\"),\n\t\t\tGroup: pulumi.String(\"all\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.AmiLaunchPermission;\nimport com.pulumi.aws.ec2.AmiLaunchPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AmiLaunchPermission(\"example\", AmiLaunchPermissionArgs.builder() \n .imageId(\"ami-12345678\")\n .group(\"all\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiLaunchPermission\n properties:\n imageId: ami-12345678\n group: all\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Organization Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.organizations.getOrganization({});\nconst example = new aws.ec2.AmiLaunchPermission(\"example\", {\n imageId: \"ami-12345678\",\n organizationArn: current.then(current =\u003e current.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.organizations.get_organization()\nexample = aws.ec2.AmiLaunchPermission(\"example\",\n image_id=\"ami-12345678\",\n organization_arn=current.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.Organizations.GetOrganization.Invoke();\n\n var example = new Aws.Ec2.AmiLaunchPermission(\"example\", new()\n {\n ImageId = \"ami-12345678\",\n OrganizationArn = current.Apply(getOrganizationResult =\u003e getOrganizationResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.LookupOrganization(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewAmiLaunchPermission(ctx, \"example\", \u0026ec2.AmiLaunchPermissionArgs{\n\t\t\tImageId: pulumi.String(\"ami-12345678\"),\n\t\t\tOrganizationArn: *pulumi.String(current.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.OrganizationsFunctions;\nimport com.pulumi.aws.ec2.AmiLaunchPermission;\nimport com.pulumi.aws.ec2.AmiLaunchPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getOrganization();\n\n var example = new AmiLaunchPermission(\"example\", AmiLaunchPermissionArgs.builder() \n .imageId(\"ami-12345678\")\n .organizationArn(current.applyValue(getOrganizationResult -\u003e getOrganizationResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiLaunchPermission\n properties:\n imageId: ami-12345678\n organizationArn: ${current.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:organizations:getOrganization\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AMI Launch Permissions using `[ACCOUNT-ID|GROUP-NAME|ORGANIZATION-ARN|ORGANIZATIONAL-UNIT-ARN]/IMAGE-ID`. For example:\n\n```sh\n$ pulumi import aws:ec2/amiLaunchPermission:AmiLaunchPermission example 123456789012/ami-12345678\n```\n", + "description": "Adds a launch permission to an Amazon Machine Image (AMI).\n\n## Example Usage\n\n### AWS Account ID\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiLaunchPermission(\"example\", {\n imageId: \"ami-12345678\",\n accountId: \"123456789012\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiLaunchPermission(\"example\",\n image_id=\"ami-12345678\",\n account_id=\"123456789012\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.AmiLaunchPermission(\"example\", new()\n {\n ImageId = \"ami-12345678\",\n AccountId = \"123456789012\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmiLaunchPermission(ctx, \"example\", \u0026ec2.AmiLaunchPermissionArgs{\n\t\t\tImageId: pulumi.String(\"ami-12345678\"),\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.AmiLaunchPermission;\nimport com.pulumi.aws.ec2.AmiLaunchPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AmiLaunchPermission(\"example\", AmiLaunchPermissionArgs.builder() \n .imageId(\"ami-12345678\")\n .accountId(\"123456789012\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiLaunchPermission\n properties:\n imageId: ami-12345678\n accountId: '123456789012'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Public Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiLaunchPermission(\"example\", {\n imageId: \"ami-12345678\",\n group: \"all\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiLaunchPermission(\"example\",\n image_id=\"ami-12345678\",\n group=\"all\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.AmiLaunchPermission(\"example\", new()\n {\n ImageId = \"ami-12345678\",\n Group = \"all\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmiLaunchPermission(ctx, \"example\", \u0026ec2.AmiLaunchPermissionArgs{\n\t\t\tImageId: pulumi.String(\"ami-12345678\"),\n\t\t\tGroup: pulumi.String(\"all\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.AmiLaunchPermission;\nimport com.pulumi.aws.ec2.AmiLaunchPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AmiLaunchPermission(\"example\", AmiLaunchPermissionArgs.builder() \n .imageId(\"ami-12345678\")\n .group(\"all\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiLaunchPermission\n properties:\n imageId: ami-12345678\n group: all\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Organization Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.organizations.getOrganization({});\nconst example = new aws.ec2.AmiLaunchPermission(\"example\", {\n imageId: \"ami-12345678\",\n organizationArn: current.then(current =\u003e current.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.organizations.get_organization()\nexample = aws.ec2.AmiLaunchPermission(\"example\",\n image_id=\"ami-12345678\",\n organization_arn=current.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.Organizations.GetOrganization.Invoke();\n\n var example = new Aws.Ec2.AmiLaunchPermission(\"example\", new()\n {\n ImageId = \"ami-12345678\",\n OrganizationArn = current.Apply(getOrganizationResult =\u003e getOrganizationResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := organizations.LookupOrganization(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewAmiLaunchPermission(ctx, \"example\", \u0026ec2.AmiLaunchPermissionArgs{\n\t\t\tImageId: pulumi.String(\"ami-12345678\"),\n\t\t\tOrganizationArn: pulumi.String(current.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.OrganizationsFunctions;\nimport com.pulumi.aws.ec2.AmiLaunchPermission;\nimport com.pulumi.aws.ec2.AmiLaunchPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = OrganizationsFunctions.getOrganization();\n\n var example = new AmiLaunchPermission(\"example\", AmiLaunchPermissionArgs.builder() \n .imageId(\"ami-12345678\")\n .organizationArn(current.applyValue(getOrganizationResult -\u003e getOrganizationResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiLaunchPermission\n properties:\n imageId: ami-12345678\n organizationArn: ${current.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:organizations:getOrganization\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AMI Launch Permissions using `[ACCOUNT-ID|GROUP-NAME|ORGANIZATION-ARN|ORGANIZATIONAL-UNIT-ARN]/IMAGE-ID`. For example:\n\n```sh\n$ pulumi import aws:ec2/amiLaunchPermission:AmiLaunchPermission example 123456789012/ami-12345678\n```\n", "properties": { "accountId": { "type": "string", @@ -209305,7 +209305,7 @@ } }, "aws:ec2/capacityReservation:CapacityReservation": { - "description": "Provides an EC2 Capacity Reservation. This allows you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.ec2.CapacityReservation(\"default\", {\n instanceType: \"t2.micro\",\n instancePlatform: \"Linux/UNIX\",\n availabilityZone: \"eu-west-1a\",\n instanceCount: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.CapacityReservation(\"default\",\n instance_type=\"t2.micro\",\n instance_platform=\"Linux/UNIX\",\n availability_zone=\"eu-west-1a\",\n instance_count=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Ec2.CapacityReservation(\"default\", new()\n {\n InstanceType = \"t2.micro\",\n InstancePlatform = \"Linux/UNIX\",\n AvailabilityZone = \"eu-west-1a\",\n InstanceCount = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewCapacityReservation(ctx, \"default\", \u0026ec2.CapacityReservationArgs{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tInstancePlatform: pulumi.String(\"Linux/UNIX\"),\n\t\t\tAvailabilityZone: pulumi.String(\"eu-west-1a\"),\n\t\t\tInstanceCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.CapacityReservation;\nimport com.pulumi.aws.ec2.CapacityReservationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CapacityReservation(\"default\", CapacityReservationArgs.builder() \n .instanceType(\"t2.micro\")\n .instancePlatform(\"Linux/UNIX\")\n .availabilityZone(\"eu-west-1a\")\n .instanceCount(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:ec2:CapacityReservation\n properties:\n instanceType: t2.micro\n instancePlatform: Linux/UNIX\n availabilityZone: eu-west-1a\n instanceCount: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Capacity Reservations using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/capacityReservation:CapacityReservation web cr-0123456789abcdef0\n```\n", + "description": "Provides an EC2 Capacity Reservation. This allows you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.ec2.CapacityReservation(\"default\", {\n instanceType: aws.ec2.InstanceType.T2_Micro,\n instancePlatform: aws.ec2.InstancePlatform.LinuxUnix,\n availabilityZone: \"eu-west-1a\",\n instanceCount: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.CapacityReservation(\"default\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n instance_platform=aws.ec2.InstancePlatform.LINUX_UNIX,\n availability_zone=\"eu-west-1a\",\n instance_count=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Ec2.CapacityReservation(\"default\", new()\n {\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n InstancePlatform = Aws.Ec2.InstancePlatform.LinuxUnix,\n AvailabilityZone = \"eu-west-1a\",\n InstanceCount = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewCapacityReservation(ctx, \"default\", \u0026ec2.CapacityReservationArgs{\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tInstancePlatform: pulumi.String(ec2.InstancePlatformLinuxUnix),\n\t\t\tAvailabilityZone: pulumi.String(\"eu-west-1a\"),\n\t\t\tInstanceCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.CapacityReservation;\nimport com.pulumi.aws.ec2.CapacityReservationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new CapacityReservation(\"default\", CapacityReservationArgs.builder() \n .instanceType(\"t2.micro\")\n .instancePlatform(\"Linux/UNIX\")\n .availabilityZone(\"eu-west-1a\")\n .instanceCount(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:ec2:CapacityReservation\n properties:\n instanceType: t2.micro\n instancePlatform: Linux/UNIX\n availabilityZone: eu-west-1a\n instanceCount: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Capacity Reservations using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/capacityReservation:CapacityReservation web cr-0123456789abcdef0\n```\n", "properties": { "arn": { "type": "string", @@ -211097,7 +211097,7 @@ } }, "aws:ec2/eip:Eip": { - "description": "Provides an Elastic IP resource.\n\n\u003e **Note:** EIP may require IGW to exist prior to association. Use `depends_on` to set an explicit dependency on the IGW.\n\n\u003e **Note:** Do not use `network_interface` to associate the EIP to `aws.lb.LoadBalancer` or `aws.ec2.NatGateway` resources. Instead use the `allocation_id` available in those resources to allow AWS to manage the association, otherwise you will see `AuthFailure` errors.\n\n## Example Usage\n\n### Single EIP associated with an instance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.ec2.Eip(\"lb\", {\n instance: web.id,\n domain: \"vpc\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.ec2.Eip(\"lb\",\n instance=web[\"id\"],\n domain=\"vpc\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lb = new Aws.Ec2.Eip(\"lb\", new()\n {\n Instance = web.Id,\n Domain = \"vpc\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewEip(ctx, \"lb\", \u0026ec2.EipArgs{\n\t\t\tInstance: pulumi.Any(web.Id),\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lb = new Eip(\"lb\", EipArgs.builder() \n .instance(web.id())\n .domain(\"vpc\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lb:\n type: aws:ec2:Eip\n properties:\n instance: ${web.id}\n domain: vpc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Multiple EIPs associated with a single network interface\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst multi_ip = new aws.ec2.NetworkInterface(\"multi-ip\", {\n subnetId: main.id,\n privateIps: [\n \"10.0.0.10\",\n \"10.0.0.11\",\n ],\n});\nconst one = new aws.ec2.Eip(\"one\", {\n domain: \"vpc\",\n networkInterface: multi_ip.id,\n associateWithPrivateIp: \"10.0.0.10\",\n});\nconst two = new aws.ec2.Eip(\"two\", {\n domain: \"vpc\",\n networkInterface: multi_ip.id,\n associateWithPrivateIp: \"10.0.0.11\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmulti_ip = aws.ec2.NetworkInterface(\"multi-ip\",\n subnet_id=main[\"id\"],\n private_ips=[\n \"10.0.0.10\",\n \"10.0.0.11\",\n ])\none = aws.ec2.Eip(\"one\",\n domain=\"vpc\",\n network_interface=multi_ip.id,\n associate_with_private_ip=\"10.0.0.10\")\ntwo = aws.ec2.Eip(\"two\",\n domain=\"vpc\",\n network_interface=multi_ip.id,\n associate_with_private_ip=\"10.0.0.11\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var multi_ip = new Aws.Ec2.NetworkInterface(\"multi-ip\", new()\n {\n SubnetId = main.Id,\n PrivateIps = new[]\n {\n \"10.0.0.10\",\n \"10.0.0.11\",\n },\n });\n\n var one = new Aws.Ec2.Eip(\"one\", new()\n {\n Domain = \"vpc\",\n NetworkInterface = multi_ip.Id,\n AssociateWithPrivateIp = \"10.0.0.10\",\n });\n\n var two = new Aws.Ec2.Eip(\"two\", new()\n {\n Domain = \"vpc\",\n NetworkInterface = multi_ip.Id,\n AssociateWithPrivateIp = \"10.0.0.11\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNetworkInterface(ctx, \"multi-ip\", \u0026ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: pulumi.Any(main.Id),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.0.0.10\"),\n\t\t\t\tpulumi.String(\"10.0.0.11\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"one\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tNetworkInterface: multi_ip.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.10\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"two\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tNetworkInterface: multi_ip.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.11\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.NetworkInterface;\nimport com.pulumi.aws.ec2.NetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var multi_ip = new NetworkInterface(\"multi-ip\", NetworkInterfaceArgs.builder() \n .subnetId(main.id())\n .privateIps( \n \"10.0.0.10\",\n \"10.0.0.11\")\n .build());\n\n var one = new Eip(\"one\", EipArgs.builder() \n .domain(\"vpc\")\n .networkInterface(multi_ip.id())\n .associateWithPrivateIp(\"10.0.0.10\")\n .build());\n\n var two = new Eip(\"two\", EipArgs.builder() \n .domain(\"vpc\")\n .networkInterface(multi_ip.id())\n .associateWithPrivateIp(\"10.0.0.11\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n multi-ip:\n type: aws:ec2:NetworkInterface\n properties:\n subnetId: ${main.id}\n privateIps:\n - 10.0.0.10\n - 10.0.0.11\n one:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n networkInterface: ${[\"multi-ip\"].id}\n associateWithPrivateIp: 10.0.0.10\n two:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n networkInterface: ${[\"multi-ip\"].id}\n associateWithPrivateIp: 10.0.0.11\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Attaching an EIP to an Instance with a pre-assigned private ip (VPC Only)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.ec2.Vpc(\"default\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsHostnames: true,\n});\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: _default.id});\nconst myTestSubnet = new aws.ec2.Subnet(\"my_test_subnet\", {\n vpcId: _default.id,\n cidrBlock: \"10.0.0.0/24\",\n mapPublicIpOnLaunch: true,\n});\nconst foo = new aws.ec2.Instance(\"foo\", {\n ami: \"ami-5189a661\",\n instanceType: \"t2.micro\",\n privateIp: \"10.0.0.12\",\n subnetId: myTestSubnet.id,\n});\nconst bar = new aws.ec2.Eip(\"bar\", {\n domain: \"vpc\",\n instance: foo.id,\n associateWithPrivateIp: \"10.0.0.12\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.Vpc(\"default\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_hostnames=True)\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=default.id)\nmy_test_subnet = aws.ec2.Subnet(\"my_test_subnet\",\n vpc_id=default.id,\n cidr_block=\"10.0.0.0/24\",\n map_public_ip_on_launch=True)\nfoo = aws.ec2.Instance(\"foo\",\n ami=\"ami-5189a661\",\n instance_type=\"t2.micro\",\n private_ip=\"10.0.0.12\",\n subnet_id=my_test_subnet.id)\nbar = aws.ec2.Eip(\"bar\",\n domain=\"vpc\",\n instance=foo.id,\n associate_with_private_ip=\"10.0.0.12\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Ec2.Vpc(\"default\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsHostnames = true,\n });\n\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = @default.Id,\n });\n\n var myTestSubnet = new Aws.Ec2.Subnet(\"my_test_subnet\", new()\n {\n VpcId = @default.Id,\n CidrBlock = \"10.0.0.0/24\",\n MapPublicIpOnLaunch = true,\n });\n\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n Ami = \"ami-5189a661\",\n InstanceType = \"t2.micro\",\n PrivateIp = \"10.0.0.12\",\n SubnetId = myTestSubnet.Id,\n });\n\n var bar = new Aws.Ec2.Eip(\"bar\", new()\n {\n Domain = \"vpc\",\n Instance = foo.Id,\n AssociateWithPrivateIp = \"10.0.0.12\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"default\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyTestSubnet, err := ec2.NewSubnet(ctx, \"my_test_subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: _default.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tMapPublicIpOnLaunch: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewInstance(ctx, \"foo\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-5189a661\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tPrivateIp: pulumi.String(\"10.0.0.12\"),\n\t\t\tSubnetId: myTestSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"bar\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tInstance: foo.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.12\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Vpc(\"default\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsHostnames(true)\n .build());\n\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(default_.id())\n .build());\n\n var myTestSubnet = new Subnet(\"myTestSubnet\", SubnetArgs.builder() \n .vpcId(default_.id())\n .cidrBlock(\"10.0.0.0/24\")\n .mapPublicIpOnLaunch(true)\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.builder() \n .ami(\"ami-5189a661\")\n .instanceType(\"t2.micro\")\n .privateIp(\"10.0.0.12\")\n .subnetId(myTestSubnet.id())\n .build());\n\n var bar = new Eip(\"bar\", EipArgs.builder() \n .domain(\"vpc\")\n .instance(foo.id())\n .associateWithPrivateIp(\"10.0.0.12\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsHostnames: true\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${default.id}\n myTestSubnet:\n type: aws:ec2:Subnet\n name: my_test_subnet\n properties:\n vpcId: ${default.id}\n cidrBlock: 10.0.0.0/24\n mapPublicIpOnLaunch: true\n foo:\n type: aws:ec2:Instance\n properties:\n ami: ami-5189a661\n instanceType: t2.micro\n privateIp: 10.0.0.12\n subnetId: ${myTestSubnet.id}\n bar:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n instance: ${foo.id}\n associateWithPrivateIp: 10.0.0.12\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Allocating EIP from the BYOIP pool\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byoip_ip = new aws.ec2.Eip(\"byoip-ip\", {\n domain: \"vpc\",\n publicIpv4Pool: \"ipv4pool-ec2-012345\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbyoip_ip = aws.ec2.Eip(\"byoip-ip\",\n domain=\"vpc\",\n public_ipv4_pool=\"ipv4pool-ec2-012345\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byoip_ip = new Aws.Ec2.Eip(\"byoip-ip\", new()\n {\n Domain = \"vpc\",\n PublicIpv4Pool = \"ipv4pool-ec2-012345\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewEip(ctx, \"byoip-ip\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tPublicIpv4Pool: pulumi.String(\"ipv4pool-ec2-012345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var byoip_ip = new Eip(\"byoip-ip\", EipArgs.builder() \n .domain(\"vpc\")\n .publicIpv4Pool(\"ipv4pool-ec2-012345\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n byoip-ip:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n publicIpv4Pool: ipv4pool-ec2-012345\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EIPs in a VPC using their Allocation ID. For example:\n\n```sh\n$ pulumi import aws:ec2/eip:Eip bar eipalloc-00a10e96\n```\n", + "description": "Provides an Elastic IP resource.\n\n\u003e **Note:** EIP may require IGW to exist prior to association. Use `depends_on` to set an explicit dependency on the IGW.\n\n\u003e **Note:** Do not use `network_interface` to associate the EIP to `aws.lb.LoadBalancer` or `aws.ec2.NatGateway` resources. Instead use the `allocation_id` available in those resources to allow AWS to manage the association, otherwise you will see `AuthFailure` errors.\n\n## Example Usage\n\n### Single EIP associated with an instance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.ec2.Eip(\"lb\", {\n instance: web.id,\n domain: \"vpc\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.ec2.Eip(\"lb\",\n instance=web[\"id\"],\n domain=\"vpc\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lb = new Aws.Ec2.Eip(\"lb\", new()\n {\n Instance = web.Id,\n Domain = \"vpc\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewEip(ctx, \"lb\", \u0026ec2.EipArgs{\n\t\t\tInstance: pulumi.Any(web.Id),\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lb = new Eip(\"lb\", EipArgs.builder() \n .instance(web.id())\n .domain(\"vpc\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lb:\n type: aws:ec2:Eip\n properties:\n instance: ${web.id}\n domain: vpc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Multiple EIPs associated with a single network interface\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst multi_ip = new aws.ec2.NetworkInterface(\"multi-ip\", {\n subnetId: main.id,\n privateIps: [\n \"10.0.0.10\",\n \"10.0.0.11\",\n ],\n});\nconst one = new aws.ec2.Eip(\"one\", {\n domain: \"vpc\",\n networkInterface: multi_ip.id,\n associateWithPrivateIp: \"10.0.0.10\",\n});\nconst two = new aws.ec2.Eip(\"two\", {\n domain: \"vpc\",\n networkInterface: multi_ip.id,\n associateWithPrivateIp: \"10.0.0.11\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmulti_ip = aws.ec2.NetworkInterface(\"multi-ip\",\n subnet_id=main[\"id\"],\n private_ips=[\n \"10.0.0.10\",\n \"10.0.0.11\",\n ])\none = aws.ec2.Eip(\"one\",\n domain=\"vpc\",\n network_interface=multi_ip.id,\n associate_with_private_ip=\"10.0.0.10\")\ntwo = aws.ec2.Eip(\"two\",\n domain=\"vpc\",\n network_interface=multi_ip.id,\n associate_with_private_ip=\"10.0.0.11\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var multi_ip = new Aws.Ec2.NetworkInterface(\"multi-ip\", new()\n {\n SubnetId = main.Id,\n PrivateIps = new[]\n {\n \"10.0.0.10\",\n \"10.0.0.11\",\n },\n });\n\n var one = new Aws.Ec2.Eip(\"one\", new()\n {\n Domain = \"vpc\",\n NetworkInterface = multi_ip.Id,\n AssociateWithPrivateIp = \"10.0.0.10\",\n });\n\n var two = new Aws.Ec2.Eip(\"two\", new()\n {\n Domain = \"vpc\",\n NetworkInterface = multi_ip.Id,\n AssociateWithPrivateIp = \"10.0.0.11\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNetworkInterface(ctx, \"multi-ip\", \u0026ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: pulumi.Any(main.Id),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.0.0.10\"),\n\t\t\t\tpulumi.String(\"10.0.0.11\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"one\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tNetworkInterface: multi_ip.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.10\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"two\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tNetworkInterface: multi_ip.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.11\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.NetworkInterface;\nimport com.pulumi.aws.ec2.NetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var multi_ip = new NetworkInterface(\"multi-ip\", NetworkInterfaceArgs.builder() \n .subnetId(main.id())\n .privateIps( \n \"10.0.0.10\",\n \"10.0.0.11\")\n .build());\n\n var one = new Eip(\"one\", EipArgs.builder() \n .domain(\"vpc\")\n .networkInterface(multi_ip.id())\n .associateWithPrivateIp(\"10.0.0.10\")\n .build());\n\n var two = new Eip(\"two\", EipArgs.builder() \n .domain(\"vpc\")\n .networkInterface(multi_ip.id())\n .associateWithPrivateIp(\"10.0.0.11\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n multi-ip:\n type: aws:ec2:NetworkInterface\n properties:\n subnetId: ${main.id}\n privateIps:\n - 10.0.0.10\n - 10.0.0.11\n one:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n networkInterface: ${[\"multi-ip\"].id}\n associateWithPrivateIp: 10.0.0.10\n two:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n networkInterface: ${[\"multi-ip\"].id}\n associateWithPrivateIp: 10.0.0.11\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Attaching an EIP to an Instance with a pre-assigned private ip (VPC Only)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.ec2.Vpc(\"default\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsHostnames: true,\n});\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: _default.id});\nconst myTestSubnet = new aws.ec2.Subnet(\"my_test_subnet\", {\n vpcId: _default.id,\n cidrBlock: \"10.0.0.0/24\",\n mapPublicIpOnLaunch: true,\n});\nconst foo = new aws.ec2.Instance(\"foo\", {\n ami: \"ami-5189a661\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n privateIp: \"10.0.0.12\",\n subnetId: myTestSubnet.id,\n});\nconst bar = new aws.ec2.Eip(\"bar\", {\n domain: \"vpc\",\n instance: foo.id,\n associateWithPrivateIp: \"10.0.0.12\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.Vpc(\"default\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_hostnames=True)\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=default.id)\nmy_test_subnet = aws.ec2.Subnet(\"my_test_subnet\",\n vpc_id=default.id,\n cidr_block=\"10.0.0.0/24\",\n map_public_ip_on_launch=True)\nfoo = aws.ec2.Instance(\"foo\",\n ami=\"ami-5189a661\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n private_ip=\"10.0.0.12\",\n subnet_id=my_test_subnet.id)\nbar = aws.ec2.Eip(\"bar\",\n domain=\"vpc\",\n instance=foo.id,\n associate_with_private_ip=\"10.0.0.12\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Ec2.Vpc(\"default\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsHostnames = true,\n });\n\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = @default.Id,\n });\n\n var myTestSubnet = new Aws.Ec2.Subnet(\"my_test_subnet\", new()\n {\n VpcId = @default.Id,\n CidrBlock = \"10.0.0.0/24\",\n MapPublicIpOnLaunch = true,\n });\n\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n Ami = \"ami-5189a661\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n PrivateIp = \"10.0.0.12\",\n SubnetId = myTestSubnet.Id,\n });\n\n var bar = new Aws.Ec2.Eip(\"bar\", new()\n {\n Domain = \"vpc\",\n Instance = foo.Id,\n AssociateWithPrivateIp = \"10.0.0.12\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"default\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyTestSubnet, err := ec2.NewSubnet(ctx, \"my_test_subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: _default.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tMapPublicIpOnLaunch: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewInstance(ctx, \"foo\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-5189a661\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tPrivateIp: pulumi.String(\"10.0.0.12\"),\n\t\t\tSubnetId: myTestSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"bar\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tInstance: foo.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.12\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Vpc(\"default\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsHostnames(true)\n .build());\n\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(default_.id())\n .build());\n\n var myTestSubnet = new Subnet(\"myTestSubnet\", SubnetArgs.builder() \n .vpcId(default_.id())\n .cidrBlock(\"10.0.0.0/24\")\n .mapPublicIpOnLaunch(true)\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.builder() \n .ami(\"ami-5189a661\")\n .instanceType(\"t2.micro\")\n .privateIp(\"10.0.0.12\")\n .subnetId(myTestSubnet.id())\n .build());\n\n var bar = new Eip(\"bar\", EipArgs.builder() \n .domain(\"vpc\")\n .instance(foo.id())\n .associateWithPrivateIp(\"10.0.0.12\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsHostnames: true\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${default.id}\n myTestSubnet:\n type: aws:ec2:Subnet\n name: my_test_subnet\n properties:\n vpcId: ${default.id}\n cidrBlock: 10.0.0.0/24\n mapPublicIpOnLaunch: true\n foo:\n type: aws:ec2:Instance\n properties:\n ami: ami-5189a661\n instanceType: t2.micro\n privateIp: 10.0.0.12\n subnetId: ${myTestSubnet.id}\n bar:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n instance: ${foo.id}\n associateWithPrivateIp: 10.0.0.12\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Allocating EIP from the BYOIP pool\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byoip_ip = new aws.ec2.Eip(\"byoip-ip\", {\n domain: \"vpc\",\n publicIpv4Pool: \"ipv4pool-ec2-012345\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbyoip_ip = aws.ec2.Eip(\"byoip-ip\",\n domain=\"vpc\",\n public_ipv4_pool=\"ipv4pool-ec2-012345\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byoip_ip = new Aws.Ec2.Eip(\"byoip-ip\", new()\n {\n Domain = \"vpc\",\n PublicIpv4Pool = \"ipv4pool-ec2-012345\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewEip(ctx, \"byoip-ip\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t\tPublicIpv4Pool: pulumi.String(\"ipv4pool-ec2-012345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var byoip_ip = new Eip(\"byoip-ip\", EipArgs.builder() \n .domain(\"vpc\")\n .publicIpv4Pool(\"ipv4pool-ec2-012345\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n byoip-ip:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n publicIpv4Pool: ipv4pool-ec2-012345\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EIPs in a VPC using their Allocation ID. For example:\n\n```sh\n$ pulumi import aws:ec2/eip:Eip bar eipalloc-00a10e96\n```\n", "properties": { "address": { "type": "string", @@ -211349,7 +211349,7 @@ } }, "aws:ec2/eipAssociation:EipAssociation": { - "description": "Provides an AWS EIP Association as a top level resource, to associate and\ndisassociate Elastic IPs from AWS Instances and Network Interfaces.\n\n\u003e **NOTE:** Do not use this resource to associate an EIP to `aws.lb.LoadBalancer` or `aws.ec2.NatGateway` resources. Instead use the `allocation_id` available in those resources to allow AWS to manage the association, otherwise you will see `AuthFailure` errors.\n\n\u003e **NOTE:** `aws.ec2.EipAssociation` is useful in scenarios where EIPs are either\npre-existing or distributed to customers or users and therefore cannot be changed.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-21f78e11\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"t2.micro\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst example = new aws.ec2.Eip(\"example\", {domain: \"vpc\"});\nconst eipAssoc = new aws.ec2.EipAssociation(\"eip_assoc\", {\n instanceId: web.id,\n allocationId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-21f78e11\",\n availability_zone=\"us-west-2a\",\n instance_type=\"t2.micro\",\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample = aws.ec2.Eip(\"example\", domain=\"vpc\")\neip_assoc = aws.ec2.EipAssociation(\"eip_assoc\",\n instance_id=web.id,\n allocation_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-21f78e11\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"t2.micro\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n var example = new Aws.Ec2.Eip(\"example\", new()\n {\n Domain = \"vpc\",\n });\n\n var eipAssoc = new Aws.Ec2.EipAssociation(\"eip_assoc\", new()\n {\n InstanceId = web.Id,\n AllocationId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tweb, err := ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-21f78e11\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewEip(ctx, \"example\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEipAssociation(ctx, \"eip_assoc\", \u0026ec2.EipAssociationArgs{\n\t\t\tInstanceId: web.ID(),\n\t\t\tAllocationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport com.pulumi.aws.ec2.EipAssociation;\nimport com.pulumi.aws.ec2.EipAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-21f78e11\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"t2.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n var example = new Eip(\"example\", EipArgs.builder() \n .domain(\"vpc\")\n .build());\n\n var eipAssoc = new EipAssociation(\"eipAssoc\", EipAssociationArgs.builder() \n .instanceId(web.id())\n .allocationId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n eipAssoc:\n type: aws:ec2:EipAssociation\n name: eip_assoc\n properties:\n instanceId: ${web.id}\n allocationId: ${example.id}\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-21f78e11\n availabilityZone: us-west-2a\n instanceType: t2.micro\n tags:\n Name: HelloWorld\n example:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EIP Assocations using their association IDs. For example:\n\n```sh\n$ pulumi import aws:ec2/eipAssociation:EipAssociation test eipassoc-ab12c345\n```\n", + "description": "Provides an AWS EIP Association as a top level resource, to associate and\ndisassociate Elastic IPs from AWS Instances and Network Interfaces.\n\n\u003e **NOTE:** Do not use this resource to associate an EIP to `aws.lb.LoadBalancer` or `aws.ec2.NatGateway` resources. Instead use the `allocation_id` available in those resources to allow AWS to manage the association, otherwise you will see `AuthFailure` errors.\n\n\u003e **NOTE:** `aws.ec2.EipAssociation` is useful in scenarios where EIPs are either\npre-existing or distributed to customers or users and therefore cannot be changed.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-21f78e11\",\n availabilityZone: \"us-west-2a\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst example = new aws.ec2.Eip(\"example\", {domain: \"vpc\"});\nconst eipAssoc = new aws.ec2.EipAssociation(\"eip_assoc\", {\n instanceId: web.id,\n allocationId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-21f78e11\",\n availability_zone=\"us-west-2a\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample = aws.ec2.Eip(\"example\", domain=\"vpc\")\neip_assoc = aws.ec2.EipAssociation(\"eip_assoc\",\n instance_id=web.id,\n allocation_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-21f78e11\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n var example = new Aws.Ec2.Eip(\"example\", new()\n {\n Domain = \"vpc\",\n });\n\n var eipAssoc = new Aws.Ec2.EipAssociation(\"eip_assoc\", new()\n {\n InstanceId = web.Id,\n AllocationId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tweb, err := ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-21f78e11\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewEip(ctx, \"example\", \u0026ec2.EipArgs{\n\t\t\tDomain: pulumi.String(\"vpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEipAssociation(ctx, \"eip_assoc\", \u0026ec2.EipAssociationArgs{\n\t\t\tInstanceId: web.ID(),\n\t\t\tAllocationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.Eip;\nimport com.pulumi.aws.ec2.EipArgs;\nimport com.pulumi.aws.ec2.EipAssociation;\nimport com.pulumi.aws.ec2.EipAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-21f78e11\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"t2.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n var example = new Eip(\"example\", EipArgs.builder() \n .domain(\"vpc\")\n .build());\n\n var eipAssoc = new EipAssociation(\"eipAssoc\", EipAssociationArgs.builder() \n .instanceId(web.id())\n .allocationId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n eipAssoc:\n type: aws:ec2:EipAssociation\n name: eip_assoc\n properties:\n instanceId: ${web.id}\n allocationId: ${example.id}\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-21f78e11\n availabilityZone: us-west-2a\n instanceType: t2.micro\n tags:\n Name: HelloWorld\n example:\n type: aws:ec2:Eip\n properties:\n domain: vpc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EIP Assocations using their association IDs. For example:\n\n```sh\n$ pulumi import aws:ec2/eipAssociation:EipAssociation test eipassoc-ab12c345\n```\n", "properties": { "allocationId": { "type": "string", @@ -211764,7 +211764,7 @@ } }, "aws:ec2/flowLog:FlowLog": { - "description": "Provides a VPC/Subnet/ENI/Transit Gateway/Transit Gateway Attachment Flow Log to capture IP traffic for a specific network\ninterface, subnet, or VPC. Logs are sent to a CloudWatch Log Group, a S3 Bucket, or Amazon Kinesis Data Firehose\n\n## Example Usage\n\n### CloudWatch Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {name: \"example\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"vpc-flow-logs.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleFlowLog = new aws.ec2.FlowLog(\"example\", {\n iamRoleArn: exampleRole.arn,\n logDestination: exampleLogGroup.arn,\n trafficType: \"ALL\",\n vpcId: exampleAwsVpc.id,\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n ],\n resources: [\"*\"],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"example\",\n role: exampleRole.id,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"example\", name=\"example\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"vpc-flow-logs.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample_flow_log = aws.ec2.FlowLog(\"example\",\n iam_role_arn=example_role.arn,\n log_destination=example_log_group.arn,\n traffic_type=\"ALL\",\n vpc_id=example_aws_vpc[\"id\"])\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n ],\n resources=[\"*\"],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"example\",\n role=example_role.id,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"vpc-flow-logs.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleFlowLog = new Aws.Ec2.FlowLog(\"example\", new()\n {\n IamRoleArn = exampleRole.Arn,\n LogDestination = exampleLogGroup.Arn,\n TrafficType = \"ALL\",\n VpcId = exampleAwsVpc.Id,\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"example\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"vpc-flow-logs.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"example\", \u0026ec2.FlowLogArgs{\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t\tLogDestination: exampleLogGroup.Arn,\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:DescribeLogGroups\",\n\t\t\t\t\t\t\"logs:DescribeLogStreams\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(\"example\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"vpc-flow-logs.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleFlowLog = new FlowLog(\"exampleFlowLog\", FlowLogArgs.builder() \n .iamRoleArn(exampleRole.arn())\n .logDestination(exampleLogGroup.arn())\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"example\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleFlowLog:\n type: aws:ec2:FlowLog\n name: example\n properties:\n iamRoleArn: ${exampleRole.arn}\n logDestination: ${exampleLogGroup.arn}\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: example\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: example\n role: ${exampleRole.id}\n policy: ${example.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - vpc-flow-logs.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n - logs:DescribeLogGroups\n - logs:DescribeLogStreams\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Amazon Kinesis Data Firehose logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"firehose_test_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleFirehoseDeliveryStream = new FirehoseDeliveryStream(\"exampleFirehoseDeliveryStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis_firehose_test\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(exampleRole.arn())\n .bucketArn(exampleBucketV2.arn())\n .build())\n .tags(Map.of(\"LogDeliveryEnabled\", \"true\"))\n .build());\n\n var exampleFlowLog = new FlowLog(\"exampleFlowLog\", FlowLogArgs.builder() \n .logDestination(exampleFirehoseDeliveryStream.arn())\n .logDestinationType(\"kinesis-data-firehose\")\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogDelivery\",\n \"logs:DeleteLogDelivery\",\n \"logs:ListLogDeliveries\",\n \"logs:GetLogDelivery\",\n \"firehose:TagDeliveryStream\")\n .resources(\"*\")\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"test\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleFlowLog:\n type: aws:ec2:FlowLog\n name: example\n properties:\n logDestination: ${exampleFirehoseDeliveryStream.arn}\n logDestinationType: kinesis-data-firehose\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n exampleFirehoseDeliveryStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: example\n properties:\n name: kinesis_firehose_test\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${exampleRole.arn}\n bucketArn: ${exampleBucketV2.arn}\n tags:\n LogDeliveryEnabled: 'true'\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: test\n role: ${exampleRole.id}\n policy: ${example.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n effect: Allow\n actions:\n - logs:CreateLogDelivery\n - logs:DeleteLogDelivery\n - logs:ListLogDeliveries\n - logs:GetLogDelivery\n - firehose:TagDeliveryStream\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst example = new aws.ec2.FlowLog(\"example\", {\n logDestination: exampleBucketV2.arn,\n logDestinationType: \"s3\",\n trafficType: \"ALL\",\n vpcId: exampleAwsVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample = aws.ec2.FlowLog(\"example\",\n log_destination=example_bucket_v2.arn,\n log_destination_type=\"s3\",\n traffic_type=\"ALL\",\n vpc_id=example_aws_vpc[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var example = new Aws.Ec2.FlowLog(\"example\", new()\n {\n LogDestination = exampleBucketV2.Arn,\n LogDestinationType = \"s3\",\n TrafficType = \"ALL\",\n VpcId = exampleAwsVpc.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"example\", \u0026ec2.FlowLogArgs{\n\t\t\tLogDestination: exampleBucketV2.Arn,\n\t\t\tLogDestinationType: pulumi.String(\"s3\"),\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var example = new FlowLog(\"example\", FlowLogArgs.builder() \n .logDestination(exampleBucketV2.arn())\n .logDestinationType(\"s3\")\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:FlowLog\n properties:\n logDestination: ${exampleBucketV2.arn}\n logDestinationType: s3\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 Logging in Apache Parquet format with per-hour partitions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst example = new aws.ec2.FlowLog(\"example\", {\n logDestination: exampleBucketV2.arn,\n logDestinationType: \"s3\",\n trafficType: \"ALL\",\n vpcId: exampleAwsVpc.id,\n destinationOptions: {\n fileFormat: \"parquet\",\n perHourPartition: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample = aws.ec2.FlowLog(\"example\",\n log_destination=example_bucket_v2.arn,\n log_destination_type=\"s3\",\n traffic_type=\"ALL\",\n vpc_id=example_aws_vpc[\"id\"],\n destination_options=aws.ec2.FlowLogDestinationOptionsArgs(\n file_format=\"parquet\",\n per_hour_partition=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var example = new Aws.Ec2.FlowLog(\"example\", new()\n {\n LogDestination = exampleBucketV2.Arn,\n LogDestinationType = \"s3\",\n TrafficType = \"ALL\",\n VpcId = exampleAwsVpc.Id,\n DestinationOptions = new Aws.Ec2.Inputs.FlowLogDestinationOptionsArgs\n {\n FileFormat = \"parquet\",\n PerHourPartition = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"example\", \u0026ec2.FlowLogArgs{\n\t\t\tLogDestination: exampleBucketV2.Arn,\n\t\t\tLogDestinationType: pulumi.String(\"s3\"),\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tDestinationOptions: \u0026ec2.FlowLogDestinationOptionsArgs{\n\t\t\t\tFileFormat: pulumi.String(\"parquet\"),\n\t\t\t\tPerHourPartition: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport com.pulumi.aws.ec2.inputs.FlowLogDestinationOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var example = new FlowLog(\"example\", FlowLogArgs.builder() \n .logDestination(exampleBucketV2.arn())\n .logDestinationType(\"s3\")\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .destinationOptions(FlowLogDestinationOptionsArgs.builder()\n .fileFormat(\"parquet\")\n .perHourPartition(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:FlowLog\n properties:\n logDestination: ${exampleBucketV2.arn}\n logDestinationType: s3\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n destinationOptions:\n fileFormat: parquet\n perHourPartition: true\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Flow Logs using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/flowLog:FlowLog test_flow_log fl-1a2b3c4d\n```\n", + "description": "Provides a VPC/Subnet/ENI/Transit Gateway/Transit Gateway Attachment Flow Log to capture IP traffic for a specific network\ninterface, subnet, or VPC. Logs are sent to a CloudWatch Log Group, a S3 Bucket, or Amazon Kinesis Data Firehose\n\n## Example Usage\n\n### CloudWatch Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {name: \"example\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"vpc-flow-logs.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleFlowLog = new aws.ec2.FlowLog(\"example\", {\n iamRoleArn: exampleRole.arn,\n logDestination: exampleLogGroup.arn,\n trafficType: \"ALL\",\n vpcId: exampleAwsVpc.id,\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n ],\n resources: [\"*\"],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"example\",\n role: exampleRole.id,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"example\", name=\"example\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"vpc-flow-logs.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=assume_role.json)\nexample_flow_log = aws.ec2.FlowLog(\"example\",\n iam_role_arn=example_role.arn,\n log_destination=example_log_group.arn,\n traffic_type=\"ALL\",\n vpc_id=example_aws_vpc[\"id\"])\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n ],\n resources=[\"*\"],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"example\",\n role=example_role.id,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"vpc-flow-logs.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleFlowLog = new Aws.Ec2.FlowLog(\"example\", new()\n {\n IamRoleArn = exampleRole.Arn,\n LogDestination = exampleLogGroup.Arn,\n TrafficType = \"ALL\",\n VpcId = exampleAwsVpc.Id,\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"example\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"vpc-flow-logs.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"example\", \u0026ec2.FlowLogArgs{\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t\tLogDestination: exampleLogGroup.Arn,\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:DescribeLogGroups\",\n\t\t\t\t\t\t\"logs:DescribeLogStreams\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(\"example\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"vpc-flow-logs.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleFlowLog = new FlowLog(\"exampleFlowLog\", FlowLogArgs.builder() \n .iamRoleArn(exampleRole.arn())\n .logDestination(exampleLogGroup.arn())\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"example\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleFlowLog:\n type: aws:ec2:FlowLog\n name: example\n properties:\n iamRoleArn: ${exampleRole.arn}\n logDestination: ${exampleLogGroup.arn}\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: example\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: example\n role: ${exampleRole.id}\n policy: ${example.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - vpc-flow-logs.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n - logs:DescribeLogGroups\n - logs:DescribeLogStreams\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Amazon Kinesis Data Firehose logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"firehose_test_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleFirehoseDeliveryStream = new FirehoseDeliveryStream(\"exampleFirehoseDeliveryStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis_firehose_test\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(exampleRole.arn())\n .bucketArn(exampleBucketV2.arn())\n .build())\n .tags(Map.of(\"LogDeliveryEnabled\", \"true\"))\n .build());\n\n var exampleFlowLog = new FlowLog(\"exampleFlowLog\", FlowLogArgs.builder() \n .logDestination(exampleFirehoseDeliveryStream.arn())\n .logDestinationType(\"kinesis-data-firehose\")\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogDelivery\",\n \"logs:DeleteLogDelivery\",\n \"logs:ListLogDeliveries\",\n \"logs:GetLogDelivery\",\n \"firehose:TagDeliveryStream\")\n .resources(\"*\")\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"test\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleFlowLog:\n type: aws:ec2:FlowLog\n name: example\n properties:\n logDestination: ${exampleFirehoseDeliveryStream.arn}\n logDestinationType: kinesis-data-firehose\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n exampleFirehoseDeliveryStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: example\n properties:\n name: kinesis_firehose_test\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${exampleRole.arn}\n bucketArn: ${exampleBucketV2.arn}\n tags:\n LogDeliveryEnabled: 'true'\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: test\n role: ${exampleRole.id}\n policy: ${example.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n effect: Allow\n actions:\n - logs:CreateLogDelivery\n - logs:DeleteLogDelivery\n - logs:ListLogDeliveries\n - logs:GetLogDelivery\n - firehose:TagDeliveryStream\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst example = new aws.ec2.FlowLog(\"example\", {\n logDestination: exampleBucketV2.arn,\n logDestinationType: \"s3\",\n trafficType: \"ALL\",\n vpcId: exampleAwsVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample = aws.ec2.FlowLog(\"example\",\n log_destination=example_bucket_v2.arn,\n log_destination_type=\"s3\",\n traffic_type=\"ALL\",\n vpc_id=example_aws_vpc[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var example = new Aws.Ec2.FlowLog(\"example\", new()\n {\n LogDestination = exampleBucketV2.Arn,\n LogDestinationType = \"s3\",\n TrafficType = \"ALL\",\n VpcId = exampleAwsVpc.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"example\", \u0026ec2.FlowLogArgs{\n\t\t\tLogDestination: exampleBucketV2.Arn,\n\t\t\tLogDestinationType: pulumi.String(\"s3\"),\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var example = new FlowLog(\"example\", FlowLogArgs.builder() \n .logDestination(exampleBucketV2.arn())\n .logDestinationType(\"s3\")\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:FlowLog\n properties:\n logDestination: ${exampleBucketV2.arn}\n logDestinationType: s3\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 Logging in Apache Parquet format with per-hour partitions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst example = new aws.ec2.FlowLog(\"example\", {\n logDestination: exampleBucketV2.arn,\n logDestinationType: \"s3\",\n trafficType: \"ALL\",\n vpcId: exampleAwsVpc.id,\n destinationOptions: {\n fileFormat: \"parquet\",\n perHourPartition: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample = aws.ec2.FlowLog(\"example\",\n log_destination=example_bucket_v2.arn,\n log_destination_type=\"s3\",\n traffic_type=\"ALL\",\n vpc_id=example_aws_vpc[\"id\"],\n destination_options=aws.ec2.FlowLogDestinationOptionsArgs(\n file_format=\"parquet\",\n per_hour_partition=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var example = new Aws.Ec2.FlowLog(\"example\", new()\n {\n LogDestination = exampleBucketV2.Arn,\n LogDestinationType = \"s3\",\n TrafficType = \"ALL\",\n VpcId = exampleAwsVpc.Id,\n DestinationOptions = new Aws.Ec2.Inputs.FlowLogDestinationOptionsArgs\n {\n FileFormat = \"parquet\",\n PerHourPartition = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"example\", \u0026ec2.FlowLogArgs{\n\t\t\tLogDestination: exampleBucketV2.Arn,\n\t\t\tLogDestinationType: pulumi.String(\"s3\"),\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tDestinationOptions: \u0026ec2.FlowLogDestinationOptionsArgs{\n\t\t\t\tFileFormat: pulumi.String(\"parquet\"),\n\t\t\t\tPerHourPartition: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.ec2.FlowLog;\nimport com.pulumi.aws.ec2.FlowLogArgs;\nimport com.pulumi.aws.ec2.inputs.FlowLogDestinationOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var example = new FlowLog(\"example\", FlowLogArgs.builder() \n .logDestination(exampleBucketV2.arn())\n .logDestinationType(\"s3\")\n .trafficType(\"ALL\")\n .vpcId(exampleAwsVpc.id())\n .destinationOptions(FlowLogDestinationOptionsArgs.builder()\n .fileFormat(\"parquet\")\n .perHourPartition(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:FlowLog\n properties:\n logDestination: ${exampleBucketV2.arn}\n logDestinationType: s3\n trafficType: ALL\n vpcId: ${exampleAwsVpc.id}\n destinationOptions:\n fileFormat: parquet\n perHourPartition: true\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Flow Logs using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/flowLog:FlowLog test_flow_log fl-1a2b3c4d\n```\n", "properties": { "arn": { "type": "string", @@ -212059,7 +212059,7 @@ } }, "aws:ec2/instance:Instance": { - "description": "Provides an EC2 instance resource. This allows instances to be created, updated, and deleted.\n\n## Example Usage\n\n### Basic example using AMI lookup\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"t3.micro\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nweb = aws.ec2.Instance(\"web\",\n ami=ubuntu.id,\n instance_type=\"t3.micro\",\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t3.micro\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t3.micro\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ${ubuntu.id}\n instanceType: t3.micro\n tags:\n Name: HelloWorld\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Spot instance example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst this = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [\n {\n name: \"architecture\",\n values: [\"arm64\"],\n },\n {\n name: \"name\",\n values: [\"al2023-ami-2023*\"],\n },\n ],\n});\nconst thisInstance = new aws.ec2.Instance(\"this\", {\n ami: _this.then(_this =\u003e _this.id),\n instanceMarketOptions: {\n spotOptions: {\n maxPrice: \"0.0031\",\n },\n },\n instanceType: \"t4g.nano\",\n tags: {\n Name: \"test-spot\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"architecture\",\n values=[\"arm64\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"al2023-ami-2023*\"],\n ),\n ])\nthis_instance = aws.ec2.Instance(\"this\",\n ami=this.id,\n instance_market_options=aws.ec2.InstanceInstanceMarketOptionsArgs(\n spot_options=aws.ec2.InstanceInstanceMarketOptionsSpotOptionsArgs(\n max_price=\"0.0031\",\n ),\n ),\n instance_type=\"t4g.nano\",\n tags={\n \"Name\": \"test-spot\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"architecture\",\n Values = new[]\n {\n \"arm64\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023*\",\n },\n },\n },\n });\n\n var thisInstance = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = @this.Apply(@this =\u003e @this.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceMarketOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsArgs\n {\n SpotOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsSpotOptionsArgs\n {\n MaxPrice = \"0.0031\",\n },\n },\n InstanceType = \"t4g.nano\",\n Tags = \n {\n { \"Name\", \"test-spot\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"architecture\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"arm64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(this.Id),\n\t\t\tInstanceMarketOptions: \u0026ec2.InstanceInstanceMarketOptionsArgs{\n\t\t\t\tSpotOptions: \u0026ec2.InstanceInstanceMarketOptionsSpotOptionsArgs{\n\t\t\t\t\tMaxPrice: pulumi.String(\"0.0031\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceType: pulumi.String(\"t4g.nano\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test-spot\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsSpotOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var this = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"architecture\")\n .values(\"arm64\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023*\")\n .build())\n .build());\n\n var thisInstance = new Instance(\"thisInstance\", InstanceArgs.builder() \n .ami(this_.id())\n .instanceMarketOptions(InstanceInstanceMarketOptionsArgs.builder()\n .spotOptions(InstanceInstanceMarketOptionsSpotOptionsArgs.builder()\n .maxPrice(0.0031)\n .build())\n .build())\n .instanceType(\"t4g.nano\")\n .tags(Map.of(\"Name\", \"test-spot\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n thisInstance:\n type: aws:ec2:Instance\n name: this\n properties:\n ami: ${this.id}\n instanceMarketOptions:\n spotOptions:\n maxPrice: 0.0031\n instanceType: t4g.nano\n tags:\n Name: test-spot\nvariables:\n this:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: architecture\n values:\n - arm64\n - name: name\n values:\n - al2023-ami-2023*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Network and credit specification example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myVpc = new aws.ec2.Vpc(\"my_vpc\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst mySubnet = new aws.ec2.Subnet(\"my_subnet\", {\n vpcId: myVpc.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-west-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst foo = new aws.ec2.NetworkInterface(\"foo\", {\n subnetId: mySubnet.id,\n privateIps: [\"172.16.10.100\"],\n tags: {\n Name: \"primary_network_interface\",\n },\n});\nconst fooInstance = new aws.ec2.Instance(\"foo\", {\n ami: \"ami-005e54dee72cc1d00\",\n instanceType: \"t2.micro\",\n networkInterfaces: [{\n networkInterfaceId: foo.id,\n deviceIndex: 0,\n }],\n creditSpecification: {\n cpuCredits: \"unlimited\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_vpc = aws.ec2.Vpc(\"my_vpc\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nmy_subnet = aws.ec2.Subnet(\"my_subnet\",\n vpc_id=my_vpc.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-west-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\nfoo = aws.ec2.NetworkInterface(\"foo\",\n subnet_id=my_subnet.id,\n private_ips=[\"172.16.10.100\"],\n tags={\n \"Name\": \"primary_network_interface\",\n })\nfoo_instance = aws.ec2.Instance(\"foo\",\n ami=\"ami-005e54dee72cc1d00\",\n instance_type=\"t2.micro\",\n network_interfaces=[aws.ec2.InstanceNetworkInterfaceArgs(\n network_interface_id=foo.id,\n device_index=0,\n )],\n credit_specification=aws.ec2.InstanceCreditSpecificationArgs(\n cpu_credits=\"unlimited\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myVpc = new Aws.Ec2.Vpc(\"my_vpc\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var mySubnet = new Aws.Ec2.Subnet(\"my_subnet\", new()\n {\n VpcId = myVpc.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-west-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var foo = new Aws.Ec2.NetworkInterface(\"foo\", new()\n {\n SubnetId = mySubnet.Id,\n PrivateIps = new[]\n {\n \"172.16.10.100\",\n },\n Tags = \n {\n { \"Name\", \"primary_network_interface\" },\n },\n });\n\n var fooInstance = new Aws.Ec2.Instance(\"foo\", new()\n {\n Ami = \"ami-005e54dee72cc1d00\",\n InstanceType = \"t2.micro\",\n NetworkInterfaces = new[]\n {\n new Aws.Ec2.Inputs.InstanceNetworkInterfaceArgs\n {\n NetworkInterfaceId = foo.Id,\n DeviceIndex = 0,\n },\n },\n CreditSpecification = new Aws.Ec2.Inputs.InstanceCreditSpecificationArgs\n {\n CpuCredits = \"unlimited\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyVpc, err := ec2.NewVpc(ctx, \"my_vpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnet, err := ec2.NewSubnet(ctx, \"my_subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: myVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewNetworkInterface(ctx, \"foo\", \u0026ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: mySubnet.ID(),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.16.10.100\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"primary_network_interface\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-005e54dee72cc1d00\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tNetworkInterfaces: ec2.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026ec2.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetworkInterfaceId: foo.ID(),\n\t\t\t\t\tDeviceIndex: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreditSpecification: \u0026ec2.InstanceCreditSpecificationArgs{\n\t\t\t\tCpuCredits: pulumi.String(\"unlimited\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.NetworkInterface;\nimport com.pulumi.aws.ec2.NetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCreditSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myVpc = new Vpc(\"myVpc\", VpcArgs.builder() \n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var mySubnet = new Subnet(\"mySubnet\", SubnetArgs.builder() \n .vpcId(myVpc.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-west-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var foo = new NetworkInterface(\"foo\", NetworkInterfaceArgs.builder() \n .subnetId(mySubnet.id())\n .privateIps(\"172.16.10.100\")\n .tags(Map.of(\"Name\", \"primary_network_interface\"))\n .build());\n\n var fooInstance = new Instance(\"fooInstance\", InstanceArgs.builder() \n .ami(\"ami-005e54dee72cc1d00\")\n .instanceType(\"t2.micro\")\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .networkInterfaceId(foo.id())\n .deviceIndex(0)\n .build())\n .creditSpecification(InstanceCreditSpecificationArgs.builder()\n .cpuCredits(\"unlimited\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVpc:\n type: aws:ec2:Vpc\n name: my_vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n mySubnet:\n type: aws:ec2:Subnet\n name: my_subnet\n properties:\n vpcId: ${myVpc.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-west-2a\n tags:\n Name: tf-example\n foo:\n type: aws:ec2:NetworkInterface\n properties:\n subnetId: ${mySubnet.id}\n privateIps:\n - 172.16.10.100\n tags:\n Name: primary_network_interface\n fooInstance:\n type: aws:ec2:Instance\n name: foo\n properties:\n ami: ami-005e54dee72cc1d00\n instanceType: t2.micro\n networkInterfaces:\n - networkInterfaceId: ${foo.id}\n deviceIndex: 0\n creditSpecification:\n cpuCredits: unlimited\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### CPU options example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst exampleSubnet = new aws.ec2.Subnet(\"example\", {\n vpcId: example.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-east-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst amzn-linux-2023-ami = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"al2023-ami-2023.*-x86_64\"],\n }],\n});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n ami: amzn_linux_2023_ami.then(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.id),\n instanceType: \"c6a.2xlarge\",\n subnetId: exampleSubnet.id,\n cpuOptions: {\n coreCount: 2,\n threadsPerCore: 2,\n },\n tags: {\n Name: \"tf-example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.Vpc(\"example\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nexample_subnet = aws.ec2.Subnet(\"example\",\n vpc_id=example.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-east-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\namzn_linux_2023_ami = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"al2023-ami-2023.*-x86_64\"],\n )])\nexample_instance = aws.ec2.Instance(\"example\",\n ami=amzn_linux_2023_ami.id,\n instance_type=\"c6a.2xlarge\",\n subnet_id=example_subnet.id,\n cpu_options=aws.ec2.InstanceCpuOptionsArgs(\n core_count=2,\n threads_per_core=2,\n ),\n tags={\n \"Name\": \"tf-example\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var exampleSubnet = new Aws.Ec2.Subnet(\"example\", new()\n {\n VpcId = example.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-east-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var amzn_linux_2023_ami = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023.*-x86_64\",\n },\n },\n },\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n Ami = amzn_linux_2023_ami.Apply(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceType = \"c6a.2xlarge\",\n SubnetId = exampleSubnet.Id,\n CpuOptions = new Aws.Ec2.Inputs.InstanceCpuOptionsArgs\n {\n CoreCount = 2,\n ThreadsPerCore = 2,\n },\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: example.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tamzn_linux_2023_ami, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023.*-x86_64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(amzn_linux_2023_ami.Id),\n\t\t\tInstanceType: pulumi.String(\"c6a.2xlarge\"),\n\t\t\tSubnetId: exampleSubnet.ID(),\n\t\t\tCpuOptions: \u0026ec2.InstanceCpuOptionsArgs{\n\t\t\t\tCoreCount: pulumi.Int(2),\n\t\t\t\tThreadsPerCore: pulumi.Int(2),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCpuOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Vpc(\"example\", VpcArgs.builder() \n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder() \n .vpcId(example.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-east-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n final var amzn-linux-2023-ami = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023.*-x86_64\")\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .ami(amzn_linux_2023_ami.id())\n .instanceType(\"c6a.2xlarge\")\n .subnetId(exampleSubnet.id())\n .cpuOptions(InstanceCpuOptionsArgs.builder()\n .coreCount(2)\n .threadsPerCore(2)\n .build())\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n exampleSubnet:\n type: aws:ec2:Subnet\n name: example\n properties:\n vpcId: ${example.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-east-2a\n tags:\n Name: tf-example\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n ami: ${[\"amzn-linux-2023-ami\"].id}\n instanceType: c6a.2xlarge\n subnetId: ${exampleSubnet.id}\n cpuOptions:\n coreCount: 2\n threadsPerCore: 2\n tags:\n Name: tf-example\nvariables:\n amzn-linux-2023-ami:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - al2023-ami-2023.*-x86_64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Host resource group or Licence Manager registered AMI example\n\nA host resource group is a collection of Dedicated Hosts that you can manage as a single entity. As you launch instances, License Manager allocates the hosts and launches instances on them based on the settings that you configured. You can add existing Dedicated Hosts to a host resource group and take advantage of automated host management through License Manager.\n\n\u003e **NOTE:** A dedicated host is automatically associated with a License Manager host resource group if **Allocate hosts automatically** is enabled. Otherwise, use the `host_resource_group_arn` argument to explicitly associate the instance with the host resource group.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _this = new aws.ec2.Instance(\"this\", {\n ami: \"ami-0dcc1e21636832c5d\",\n instanceType: \"m5.large\",\n hostResourceGroupArn: \"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\",\n tenancy: \"host\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.Instance(\"this\",\n ami=\"ami-0dcc1e21636832c5d\",\n instance_type=\"m5.large\",\n host_resource_group_arn=\"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\",\n tenancy=\"host\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = \"ami-0dcc1e21636832c5d\",\n InstanceType = \"m5.large\",\n HostResourceGroupArn = \"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\",\n Tenancy = \"host\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-0dcc1e21636832c5d\"),\n\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\tHostResourceGroupArn: pulumi.String(\"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\"),\n\t\t\tTenancy: pulumi.String(\"host\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var this_ = new Instance(\"this\", InstanceArgs.builder() \n .ami(\"ami-0dcc1e21636832c5d\")\n .instanceType(\"m5.large\")\n .hostResourceGroupArn(\"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\")\n .tenancy(\"host\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n this:\n type: aws:ec2:Instance\n properties:\n ami: ami-0dcc1e21636832c5d\n instanceType: m5.large\n hostResourceGroupArn: arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\n tenancy: host\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Tag Guide\n\nThese are the five types of tags you might encounter relative to an `aws.ec2.Instance`:\n\n1. **Instance tags**: Applied to instances but not to `ebs_block_device` and `root_block_device` volumes.\n2. **Default tags**: Applied to the instance and to `ebs_block_device` and `root_block_device` volumes.\n3. **Volume tags**: Applied during creation to `ebs_block_device` and `root_block_device` volumes.\n4. **Root block device tags**: Applied only to the `root_block_device` volume. These conflict with `volume_tags`.\n5. **EBS block device tags**: Applied only to the specific `ebs_block_device` volume you configure them for and cannot be updated. These conflict with `volume_tags`.\n\nDo not use `volume_tags` if you plan to manage block device tags outside the `aws.ec2.Instance` configuration, such as using `tags` in an `aws.ebs.Volume` resource attached via `aws.ec2.VolumeAttachment`. Doing so will result in resource cycling and inconsistent behavior.\n\n## Import\n\nUsing `pulumi import`, import instances using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/instance:Instance web i-12345678\n```\n", + "description": "Provides an EC2 instance resource. This allows instances to be created, updated, and deleted.\n\n## Example Usage\n\n### Basic example using AMI lookup\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: aws.ec2.InstanceType.T3_Micro,\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nweb = aws.ec2.Instance(\"web\",\n ami=ubuntu.id,\n instance_type=aws.ec2.InstanceType.T3_MICRO,\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T3_Micro,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T3_Micro),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ${ubuntu.id}\n instanceType: t3.micro\n tags:\n Name: HelloWorld\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Spot instance example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst this = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [\n {\n name: \"architecture\",\n values: [\"arm64\"],\n },\n {\n name: \"name\",\n values: [\"al2023-ami-2023*\"],\n },\n ],\n});\nconst thisInstance = new aws.ec2.Instance(\"this\", {\n ami: _this.then(_this =\u003e _this.id),\n instanceMarketOptions: {\n spotOptions: {\n maxPrice: \"0.0031\",\n },\n },\n instanceType: aws.ec2.InstanceType.T4g_Nano,\n tags: {\n Name: \"test-spot\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"architecture\",\n values=[\"arm64\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"al2023-ami-2023*\"],\n ),\n ])\nthis_instance = aws.ec2.Instance(\"this\",\n ami=this.id,\n instance_market_options=aws.ec2.InstanceInstanceMarketOptionsArgs(\n spot_options=aws.ec2.InstanceInstanceMarketOptionsSpotOptionsArgs(\n max_price=\"0.0031\",\n ),\n ),\n instance_type=aws.ec2.InstanceType.T4G_NANO,\n tags={\n \"Name\": \"test-spot\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"architecture\",\n Values = new[]\n {\n \"arm64\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023*\",\n },\n },\n },\n });\n\n var thisInstance = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = @this.Apply(@this =\u003e @this.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceMarketOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsArgs\n {\n SpotOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsSpotOptionsArgs\n {\n MaxPrice = \"0.0031\",\n },\n },\n InstanceType = Aws.Ec2.InstanceType.T4g_Nano,\n Tags = \n {\n { \"Name\", \"test-spot\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"architecture\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"arm64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(this.Id),\n\t\t\tInstanceMarketOptions: \u0026ec2.InstanceInstanceMarketOptionsArgs{\n\t\t\t\tSpotOptions: \u0026ec2.InstanceInstanceMarketOptionsSpotOptionsArgs{\n\t\t\t\t\tMaxPrice: pulumi.String(\"0.0031\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T4g_Nano),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test-spot\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsSpotOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var this = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"architecture\")\n .values(\"arm64\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023*\")\n .build())\n .build());\n\n var thisInstance = new Instance(\"thisInstance\", InstanceArgs.builder() \n .ami(this_.id())\n .instanceMarketOptions(InstanceInstanceMarketOptionsArgs.builder()\n .spotOptions(InstanceInstanceMarketOptionsSpotOptionsArgs.builder()\n .maxPrice(0.0031)\n .build())\n .build())\n .instanceType(\"t4g.nano\")\n .tags(Map.of(\"Name\", \"test-spot\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n thisInstance:\n type: aws:ec2:Instance\n name: this\n properties:\n ami: ${this.id}\n instanceMarketOptions:\n spotOptions:\n maxPrice: 0.0031\n instanceType: t4g.nano\n tags:\n Name: test-spot\nvariables:\n this:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: architecture\n values:\n - arm64\n - name: name\n values:\n - al2023-ami-2023*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Network and credit specification example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myVpc = new aws.ec2.Vpc(\"my_vpc\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst mySubnet = new aws.ec2.Subnet(\"my_subnet\", {\n vpcId: myVpc.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-west-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst foo = new aws.ec2.NetworkInterface(\"foo\", {\n subnetId: mySubnet.id,\n privateIps: [\"172.16.10.100\"],\n tags: {\n Name: \"primary_network_interface\",\n },\n});\nconst fooInstance = new aws.ec2.Instance(\"foo\", {\n ami: \"ami-005e54dee72cc1d00\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n networkInterfaces: [{\n networkInterfaceId: foo.id,\n deviceIndex: 0,\n }],\n creditSpecification: {\n cpuCredits: \"unlimited\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_vpc = aws.ec2.Vpc(\"my_vpc\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nmy_subnet = aws.ec2.Subnet(\"my_subnet\",\n vpc_id=my_vpc.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-west-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\nfoo = aws.ec2.NetworkInterface(\"foo\",\n subnet_id=my_subnet.id,\n private_ips=[\"172.16.10.100\"],\n tags={\n \"Name\": \"primary_network_interface\",\n })\nfoo_instance = aws.ec2.Instance(\"foo\",\n ami=\"ami-005e54dee72cc1d00\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n network_interfaces=[aws.ec2.InstanceNetworkInterfaceArgs(\n network_interface_id=foo.id,\n device_index=0,\n )],\n credit_specification=aws.ec2.InstanceCreditSpecificationArgs(\n cpu_credits=\"unlimited\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myVpc = new Aws.Ec2.Vpc(\"my_vpc\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var mySubnet = new Aws.Ec2.Subnet(\"my_subnet\", new()\n {\n VpcId = myVpc.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-west-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var foo = new Aws.Ec2.NetworkInterface(\"foo\", new()\n {\n SubnetId = mySubnet.Id,\n PrivateIps = new[]\n {\n \"172.16.10.100\",\n },\n Tags = \n {\n { \"Name\", \"primary_network_interface\" },\n },\n });\n\n var fooInstance = new Aws.Ec2.Instance(\"foo\", new()\n {\n Ami = \"ami-005e54dee72cc1d00\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n NetworkInterfaces = new[]\n {\n new Aws.Ec2.Inputs.InstanceNetworkInterfaceArgs\n {\n NetworkInterfaceId = foo.Id,\n DeviceIndex = 0,\n },\n },\n CreditSpecification = new Aws.Ec2.Inputs.InstanceCreditSpecificationArgs\n {\n CpuCredits = \"unlimited\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyVpc, err := ec2.NewVpc(ctx, \"my_vpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnet, err := ec2.NewSubnet(ctx, \"my_subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: myVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewNetworkInterface(ctx, \"foo\", \u0026ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: mySubnet.ID(),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.16.10.100\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"primary_network_interface\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-005e54dee72cc1d00\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tNetworkInterfaces: ec2.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026ec2.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetworkInterfaceId: foo.ID(),\n\t\t\t\t\tDeviceIndex: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreditSpecification: \u0026ec2.InstanceCreditSpecificationArgs{\n\t\t\t\tCpuCredits: pulumi.String(\"unlimited\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.NetworkInterface;\nimport com.pulumi.aws.ec2.NetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCreditSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myVpc = new Vpc(\"myVpc\", VpcArgs.builder() \n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var mySubnet = new Subnet(\"mySubnet\", SubnetArgs.builder() \n .vpcId(myVpc.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-west-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var foo = new NetworkInterface(\"foo\", NetworkInterfaceArgs.builder() \n .subnetId(mySubnet.id())\n .privateIps(\"172.16.10.100\")\n .tags(Map.of(\"Name\", \"primary_network_interface\"))\n .build());\n\n var fooInstance = new Instance(\"fooInstance\", InstanceArgs.builder() \n .ami(\"ami-005e54dee72cc1d00\")\n .instanceType(\"t2.micro\")\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .networkInterfaceId(foo.id())\n .deviceIndex(0)\n .build())\n .creditSpecification(InstanceCreditSpecificationArgs.builder()\n .cpuCredits(\"unlimited\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVpc:\n type: aws:ec2:Vpc\n name: my_vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n mySubnet:\n type: aws:ec2:Subnet\n name: my_subnet\n properties:\n vpcId: ${myVpc.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-west-2a\n tags:\n Name: tf-example\n foo:\n type: aws:ec2:NetworkInterface\n properties:\n subnetId: ${mySubnet.id}\n privateIps:\n - 172.16.10.100\n tags:\n Name: primary_network_interface\n fooInstance:\n type: aws:ec2:Instance\n name: foo\n properties:\n ami: ami-005e54dee72cc1d00\n instanceType: t2.micro\n networkInterfaces:\n - networkInterfaceId: ${foo.id}\n deviceIndex: 0\n creditSpecification:\n cpuCredits: unlimited\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### CPU options example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst exampleSubnet = new aws.ec2.Subnet(\"example\", {\n vpcId: example.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-east-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst amzn-linux-2023-ami = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"al2023-ami-2023.*-x86_64\"],\n }],\n});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n ami: amzn_linux_2023_ami.then(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.id),\n instanceType: aws.ec2.InstanceType.C6a_2XLarge,\n subnetId: exampleSubnet.id,\n cpuOptions: {\n coreCount: 2,\n threadsPerCore: 2,\n },\n tags: {\n Name: \"tf-example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.Vpc(\"example\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nexample_subnet = aws.ec2.Subnet(\"example\",\n vpc_id=example.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-east-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\namzn_linux_2023_ami = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"al2023-ami-2023.*-x86_64\"],\n )])\nexample_instance = aws.ec2.Instance(\"example\",\n ami=amzn_linux_2023_ami.id,\n instance_type=aws.ec2.InstanceType.C6A_2_X_LARGE,\n subnet_id=example_subnet.id,\n cpu_options=aws.ec2.InstanceCpuOptionsArgs(\n core_count=2,\n threads_per_core=2,\n ),\n tags={\n \"Name\": \"tf-example\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var exampleSubnet = new Aws.Ec2.Subnet(\"example\", new()\n {\n VpcId = example.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-east-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var amzn_linux_2023_ami = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023.*-x86_64\",\n },\n },\n },\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n Ami = amzn_linux_2023_ami.Apply(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceType = Aws.Ec2.InstanceType.C6a_2XLarge,\n SubnetId = exampleSubnet.Id,\n CpuOptions = new Aws.Ec2.Inputs.InstanceCpuOptionsArgs\n {\n CoreCount = 2,\n ThreadsPerCore = 2,\n },\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: example.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tamzn_linux_2023_ami, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023.*-x86_64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(amzn_linux_2023_ami.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_C6a_2XLarge),\n\t\t\tSubnetId: exampleSubnet.ID(),\n\t\t\tCpuOptions: \u0026ec2.InstanceCpuOptionsArgs{\n\t\t\t\tCoreCount: pulumi.Int(2),\n\t\t\t\tThreadsPerCore: pulumi.Int(2),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCpuOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Vpc(\"example\", VpcArgs.builder() \n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder() \n .vpcId(example.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-east-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n final var amzn-linux-2023-ami = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023.*-x86_64\")\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .ami(amzn_linux_2023_ami.id())\n .instanceType(\"c6a.2xlarge\")\n .subnetId(exampleSubnet.id())\n .cpuOptions(InstanceCpuOptionsArgs.builder()\n .coreCount(2)\n .threadsPerCore(2)\n .build())\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n exampleSubnet:\n type: aws:ec2:Subnet\n name: example\n properties:\n vpcId: ${example.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-east-2a\n tags:\n Name: tf-example\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n ami: ${[\"amzn-linux-2023-ami\"].id}\n instanceType: c6a.2xlarge\n subnetId: ${exampleSubnet.id}\n cpuOptions:\n coreCount: 2\n threadsPerCore: 2\n tags:\n Name: tf-example\nvariables:\n amzn-linux-2023-ami:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - al2023-ami-2023.*-x86_64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Host resource group or Licence Manager registered AMI example\n\nA host resource group is a collection of Dedicated Hosts that you can manage as a single entity. As you launch instances, License Manager allocates the hosts and launches instances on them based on the settings that you configured. You can add existing Dedicated Hosts to a host resource group and take advantage of automated host management through License Manager.\n\n\u003e **NOTE:** A dedicated host is automatically associated with a License Manager host resource group if **Allocate hosts automatically** is enabled. Otherwise, use the `host_resource_group_arn` argument to explicitly associate the instance with the host resource group.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _this = new aws.ec2.Instance(\"this\", {\n ami: \"ami-0dcc1e21636832c5d\",\n instanceType: aws.ec2.InstanceType.M5_Large,\n hostResourceGroupArn: \"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\",\n tenancy: \"host\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.Instance(\"this\",\n ami=\"ami-0dcc1e21636832c5d\",\n instance_type=aws.ec2.InstanceType.M5_LARGE,\n host_resource_group_arn=\"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\",\n tenancy=\"host\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = \"ami-0dcc1e21636832c5d\",\n InstanceType = Aws.Ec2.InstanceType.M5_Large,\n HostResourceGroupArn = \"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\",\n Tenancy = \"host\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-0dcc1e21636832c5d\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_M5_Large),\n\t\t\tHostResourceGroupArn: pulumi.String(\"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\"),\n\t\t\tTenancy: pulumi.String(\"host\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var this_ = new Instance(\"this\", InstanceArgs.builder() \n .ami(\"ami-0dcc1e21636832c5d\")\n .instanceType(\"m5.large\")\n .hostResourceGroupArn(\"arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\")\n .tenancy(\"host\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n this:\n type: aws:ec2:Instance\n properties:\n ami: ami-0dcc1e21636832c5d\n instanceType: m5.large\n hostResourceGroupArn: arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost\n tenancy: host\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Tag Guide\n\nThese are the five types of tags you might encounter relative to an `aws.ec2.Instance`:\n\n1. **Instance tags**: Applied to instances but not to `ebs_block_device` and `root_block_device` volumes.\n2. **Default tags**: Applied to the instance and to `ebs_block_device` and `root_block_device` volumes.\n3. **Volume tags**: Applied during creation to `ebs_block_device` and `root_block_device` volumes.\n4. **Root block device tags**: Applied only to the `root_block_device` volume. These conflict with `volume_tags`.\n5. **EBS block device tags**: Applied only to the specific `ebs_block_device` volume you configure them for and cannot be updated. These conflict with `volume_tags`.\n\nDo not use `volume_tags` if you plan to manage block device tags outside the `aws.ec2.Instance` configuration, such as using `tags` in an `aws.ebs.Volume` resource attached via `aws.ec2.VolumeAttachment`. Doing so will result in resource cycling and inconsistent behavior.\n\n## Import\n\nUsing `pulumi import`, import instances using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/instance:Instance web i-12345678\n```\n", "properties": { "ami": { "type": "string", @@ -213237,7 +213237,7 @@ } }, "aws:ec2/launchConfiguration:LaunchConfiguration": { - "description": "Provides a resource to create a new launch configuration, used for autoscaling groups.\n\n!\u003e **WARNING:** The use of launch configurations is discouraged in favour of launch templates. Read more in the [AWS EC2 Documentation](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html).\n\n\u003e **Note** When using `aws.ec2.LaunchConfiguration` with `aws.autoscaling.Group`, it is recommended to use the `name_prefix` (Optional) instead of the `name` (Optional) attribute.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"as_conf\", {\n name: \"web_config\",\n imageId: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"t2.micro\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"as_conf\",\n name=\"web_config\",\n image_id=ubuntu.id,\n instance_type=\"t2.micro\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var asConf = new Aws.Ec2.LaunchConfiguration(\"as_conf\", new()\n {\n Name = \"web_config\",\n ImageId = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewLaunchConfiguration(ctx, \"as_conf\", \u0026ec2.LaunchConfigurationArgs{\n\t\t\tName: pulumi.String(\"web_config\"),\n\t\t\tImageId: *pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchConfiguration;\nimport com.pulumi.aws.ec2.LaunchConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var asConf = new LaunchConfiguration(\"asConf\", LaunchConfigurationArgs.builder() \n .name(\"web_config\")\n .imageId(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n asConf:\n type: aws:ec2:LaunchConfiguration\n name: as_conf\n properties:\n name: web_config\n imageId: ${ubuntu.id}\n instanceType: t2.micro\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Using with AutoScaling Groups\n\nLaunch Configurations cannot be updated after creation with the Amazon\nWeb Service API. In order to update a Launch Configuration, this provider will\ndestroy the existing resource and create a replacement. In order to effectively\nuse a Launch Configuration resource with an AutoScaling Group resource,\nit's recommended to specify `create_before_destroy` in a lifecycle block.\nEither omit the Launch Configuration `name` attribute, or specify a partial name\nwith `name_prefix`. Example:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"as_conf\", {\n namePrefix: \"lc-example-\",\n imageId: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"t2.micro\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n name: \"asg-example\",\n launchConfiguration: asConf.name,\n minSize: 1,\n maxSize: 2,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"as_conf\",\n name_prefix=\"lc-example-\",\n image_id=ubuntu.id,\n instance_type=\"t2.micro\")\nbar = aws.autoscaling.Group(\"bar\",\n name=\"asg-example\",\n launch_configuration=as_conf.name,\n min_size=1,\n max_size=2)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var asConf = new Aws.Ec2.LaunchConfiguration(\"as_conf\", new()\n {\n NamePrefix = \"lc-example-\",\n ImageId = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n Name = \"asg-example\",\n LaunchConfiguration = asConf.Name,\n MinSize = 1,\n MaxSize = 2,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tasConf, err := ec2.NewLaunchConfiguration(ctx, \"as_conf\", \u0026ec2.LaunchConfigurationArgs{\n\t\t\tNamePrefix: pulumi.String(\"lc-example-\"),\n\t\t\tImageId: *pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tName: pulumi.String(\"asg-example\"),\n\t\t\tLaunchConfiguration: asConf.Name,\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchConfiguration;\nimport com.pulumi.aws.ec2.LaunchConfigurationArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var asConf = new LaunchConfiguration(\"asConf\", LaunchConfigurationArgs.builder() \n .namePrefix(\"lc-example-\")\n .imageId(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .name(\"asg-example\")\n .launchConfiguration(asConf.name())\n .minSize(1)\n .maxSize(2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n asConf:\n type: aws:ec2:LaunchConfiguration\n name: as_conf\n properties:\n namePrefix: lc-example-\n imageId: ${ubuntu.id}\n instanceType: t2.micro\n bar:\n type: aws:autoscaling:Group\n properties:\n name: asg-example\n launchConfiguration: ${asConf.name}\n minSize: 1\n maxSize: 2\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith this setup this provider generates a unique name for your Launch\nConfiguration and can then update the AutoScaling Group without conflict before\ndestroying the previous Launch Configuration.\n\n## Using with Spot Instances\n\nLaunch configurations can set the spot instance pricing to be used for the\nAuto Scaling Group to reserve instances. Simply specifying the `spot_price`\nparameter will set the price on the Launch Configuration which will attempt to\nreserve your instances at this price. See the [AWS Spot Instance\ndocumentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)\nfor more information or how to launch [Spot Instances][3] with this provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"as_conf\", {\n imageId: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"m4.large\",\n spotPrice: \"0.001\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n name: \"asg-example\",\n launchConfiguration: asConf.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"as_conf\",\n image_id=ubuntu.id,\n instance_type=\"m4.large\",\n spot_price=\"0.001\")\nbar = aws.autoscaling.Group(\"bar\",\n name=\"asg-example\",\n launch_configuration=as_conf.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var asConf = new Aws.Ec2.LaunchConfiguration(\"as_conf\", new()\n {\n ImageId = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"m4.large\",\n SpotPrice = \"0.001\",\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n Name = \"asg-example\",\n LaunchConfiguration = asConf.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tasConf, err := ec2.NewLaunchConfiguration(ctx, \"as_conf\", \u0026ec2.LaunchConfigurationArgs{\n\t\t\tImageId: *pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"m4.large\"),\n\t\t\tSpotPrice: pulumi.String(\"0.001\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tName: pulumi.String(\"asg-example\"),\n\t\t\tLaunchConfiguration: asConf.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchConfiguration;\nimport com.pulumi.aws.ec2.LaunchConfigurationArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var asConf = new LaunchConfiguration(\"asConf\", LaunchConfigurationArgs.builder() \n .imageId(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"m4.large\")\n .spotPrice(\"0.001\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .name(\"asg-example\")\n .launchConfiguration(asConf.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n asConf:\n type: aws:ec2:LaunchConfiguration\n name: as_conf\n properties:\n imageId: ${ubuntu.id}\n instanceType: m4.large\n spotPrice: '0.001'\n bar:\n type: aws:autoscaling:Group\n properties:\n name: asg-example\n launchConfiguration: ${asConf.name}\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Block devices\n\nEach of the `*_block_device` attributes controls a portion of the AWS\nLaunch Configuration's \"Block Device Mapping\". It's a good idea to familiarize yourself with [AWS's Block Device\nMapping docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html)\nto understand the implications of using these attributes.\n\nEach AWS Instance type has a different set of Instance Store block devices\navailable for attachment. AWS [publishes a\nlist](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes)\nof which ephemeral devices are available on each type. The devices are always\nidentified by the `virtual_name` in the format `ephemeral{0..N}`.\n\n\u003e **NOTE:** Changes to `*_block_device` configuration of _existing_ resources\ncannot currently be detected by this provider. After updating to block device\nconfiguration, resource recreation can be manually triggered by using the\n[`up` command with the --replace argument](https://www.pulumi.com/docs/reference/cli/pulumi_up/).\n \n### ebs_block_device\n\nModifying any of the `ebs_block_device` settings requires resource replacement.\n\n* `device_name` - (Required) The name of the device to mount.\n* `snapshot_id` - (Optional) The Snapshot ID to mount.\n* `volume_type` - (Optional) The type of volume. Can be `standard`, `gp2`, `gp3`, `st1`, `sc1` or `io1`.\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `iops` - (Optional) The amount of provisioned\n [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html).\n This must be set with a `volume_type` of `\"io1\"`.\n* `throughput` - (Optional) The throughput (MiBps) to provision for a `gp3` volume.\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed\n on instance termination (Default: `true`).\n* `encrypted` - (Optional) Whether the volume should be encrypted or not. Defaults to `false`.\n* `no_device` - (Optional) Whether the device in the block device mapping of the AMI is suppressed.\n\n### ephemeral_block_device\n\n* `device_name` - (Required) The name of the block device to mount on the instance.\n* `no_device` - (Optional) Whether the device in the block device mapping of the AMI is suppressed.\n* `virtual_name` - (Optional) The [Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames).\n\n### root_block_device\n\n\u003e Modifying any of the `root_block_device` settings requires resource replacement.\n\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed on instance termination. Defaults to `true`.\n* `encrypted` - (Optional) Whether the volume should be encrypted or not. Defaults to `false`.\n* `iops` - (Optional) The amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). This must be set with a `volume_type` of `io1`.\n* `throughput` - (Optional) The throughput (MiBps) to provision for a `gp3` volume.\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `volume_type` - (Optional) The type of volume. Can be `standard`, `gp2`, `gp3`, `st1`, `sc1` or `io1`.\n\n## Import\n\nUsing `pulumi import`, import launch configurations using the `name`. For example:\n\n```sh\n$ pulumi import aws:ec2/launchConfiguration:LaunchConfiguration as_conf pulumi-lg-123456\n```\n", + "description": "Provides a resource to create a new launch configuration, used for autoscaling groups.\n\n!\u003e **WARNING:** The use of launch configurations is discouraged in favour of launch templates. Read more in the [AWS EC2 Documentation](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html).\n\n\u003e **Note** When using `aws.ec2.LaunchConfiguration` with `aws.autoscaling.Group`, it is recommended to use the `name_prefix` (Optional) instead of the `name` (Optional) attribute.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"as_conf\", {\n name: \"web_config\",\n imageId: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"t2.micro\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"as_conf\",\n name=\"web_config\",\n image_id=ubuntu.id,\n instance_type=\"t2.micro\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var asConf = new Aws.Ec2.LaunchConfiguration(\"as_conf\", new()\n {\n Name = \"web_config\",\n ImageId = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewLaunchConfiguration(ctx, \"as_conf\", \u0026ec2.LaunchConfigurationArgs{\n\t\t\tName: pulumi.String(\"web_config\"),\n\t\t\tImageId: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchConfiguration;\nimport com.pulumi.aws.ec2.LaunchConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var asConf = new LaunchConfiguration(\"asConf\", LaunchConfigurationArgs.builder() \n .name(\"web_config\")\n .imageId(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n asConf:\n type: aws:ec2:LaunchConfiguration\n name: as_conf\n properties:\n name: web_config\n imageId: ${ubuntu.id}\n instanceType: t2.micro\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Using with AutoScaling Groups\n\nLaunch Configurations cannot be updated after creation with the Amazon\nWeb Service API. In order to update a Launch Configuration, this provider will\ndestroy the existing resource and create a replacement. In order to effectively\nuse a Launch Configuration resource with an AutoScaling Group resource,\nit's recommended to specify `create_before_destroy` in a lifecycle block.\nEither omit the Launch Configuration `name` attribute, or specify a partial name\nwith `name_prefix`. Example:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"as_conf\", {\n namePrefix: \"lc-example-\",\n imageId: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"t2.micro\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n name: \"asg-example\",\n launchConfiguration: asConf.name,\n minSize: 1,\n maxSize: 2,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"as_conf\",\n name_prefix=\"lc-example-\",\n image_id=ubuntu.id,\n instance_type=\"t2.micro\")\nbar = aws.autoscaling.Group(\"bar\",\n name=\"asg-example\",\n launch_configuration=as_conf.name,\n min_size=1,\n max_size=2)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var asConf = new Aws.Ec2.LaunchConfiguration(\"as_conf\", new()\n {\n NamePrefix = \"lc-example-\",\n ImageId = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n Name = \"asg-example\",\n LaunchConfiguration = asConf.Name,\n MinSize = 1,\n MaxSize = 2,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tasConf, err := ec2.NewLaunchConfiguration(ctx, \"as_conf\", \u0026ec2.LaunchConfigurationArgs{\n\t\t\tNamePrefix: pulumi.String(\"lc-example-\"),\n\t\t\tImageId: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tName: pulumi.String(\"asg-example\"),\n\t\t\tLaunchConfiguration: asConf.Name,\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchConfiguration;\nimport com.pulumi.aws.ec2.LaunchConfigurationArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var asConf = new LaunchConfiguration(\"asConf\", LaunchConfigurationArgs.builder() \n .namePrefix(\"lc-example-\")\n .imageId(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .name(\"asg-example\")\n .launchConfiguration(asConf.name())\n .minSize(1)\n .maxSize(2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n asConf:\n type: aws:ec2:LaunchConfiguration\n name: as_conf\n properties:\n namePrefix: lc-example-\n imageId: ${ubuntu.id}\n instanceType: t2.micro\n bar:\n type: aws:autoscaling:Group\n properties:\n name: asg-example\n launchConfiguration: ${asConf.name}\n minSize: 1\n maxSize: 2\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith this setup this provider generates a unique name for your Launch\nConfiguration and can then update the AutoScaling Group without conflict before\ndestroying the previous Launch Configuration.\n\n## Using with Spot Instances\n\nLaunch configurations can set the spot instance pricing to be used for the\nAuto Scaling Group to reserve instances. Simply specifying the `spot_price`\nparameter will set the price on the Launch Configuration which will attempt to\nreserve your instances at this price. See the [AWS Spot Instance\ndocumentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)\nfor more information or how to launch [Spot Instances][3] with this provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"as_conf\", {\n imageId: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"m4.large\",\n spotPrice: \"0.001\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n name: \"asg-example\",\n launchConfiguration: asConf.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"as_conf\",\n image_id=ubuntu.id,\n instance_type=\"m4.large\",\n spot_price=\"0.001\")\nbar = aws.autoscaling.Group(\"bar\",\n name=\"asg-example\",\n launch_configuration=as_conf.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var asConf = new Aws.Ec2.LaunchConfiguration(\"as_conf\", new()\n {\n ImageId = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"m4.large\",\n SpotPrice = \"0.001\",\n });\n\n var bar = new Aws.AutoScaling.Group(\"bar\", new()\n {\n Name = \"asg-example\",\n LaunchConfiguration = asConf.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tasConf, err := ec2.NewLaunchConfiguration(ctx, \"as_conf\", \u0026ec2.LaunchConfigurationArgs{\n\t\t\tImageId: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"m4.large\"),\n\t\t\tSpotPrice: pulumi.String(\"0.001\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", \u0026autoscaling.GroupArgs{\n\t\t\tName: pulumi.String(\"asg-example\"),\n\t\t\tLaunchConfiguration: asConf.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.LaunchConfiguration;\nimport com.pulumi.aws.ec2.LaunchConfigurationArgs;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var asConf = new LaunchConfiguration(\"asConf\", LaunchConfigurationArgs.builder() \n .imageId(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"m4.large\")\n .spotPrice(\"0.001\")\n .build());\n\n var bar = new Group(\"bar\", GroupArgs.builder() \n .name(\"asg-example\")\n .launchConfiguration(asConf.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n asConf:\n type: aws:ec2:LaunchConfiguration\n name: as_conf\n properties:\n imageId: ${ubuntu.id}\n instanceType: m4.large\n spotPrice: '0.001'\n bar:\n type: aws:autoscaling:Group\n properties:\n name: asg-example\n launchConfiguration: ${asConf.name}\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Block devices\n\nEach of the `*_block_device` attributes controls a portion of the AWS\nLaunch Configuration's \"Block Device Mapping\". It's a good idea to familiarize yourself with [AWS's Block Device\nMapping docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html)\nto understand the implications of using these attributes.\n\nEach AWS Instance type has a different set of Instance Store block devices\navailable for attachment. AWS [publishes a\nlist](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes)\nof which ephemeral devices are available on each type. The devices are always\nidentified by the `virtual_name` in the format `ephemeral{0..N}`.\n\n\u003e **NOTE:** Changes to `*_block_device` configuration of _existing_ resources\ncannot currently be detected by this provider. After updating to block device\nconfiguration, resource recreation can be manually triggered by using the\n[`up` command with the --replace argument](https://www.pulumi.com/docs/reference/cli/pulumi_up/).\n \n### ebs_block_device\n\nModifying any of the `ebs_block_device` settings requires resource replacement.\n\n* `device_name` - (Required) The name of the device to mount.\n* `snapshot_id` - (Optional) The Snapshot ID to mount.\n* `volume_type` - (Optional) The type of volume. Can be `standard`, `gp2`, `gp3`, `st1`, `sc1` or `io1`.\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `iops` - (Optional) The amount of provisioned\n [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html).\n This must be set with a `volume_type` of `\"io1\"`.\n* `throughput` - (Optional) The throughput (MiBps) to provision for a `gp3` volume.\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed\n on instance termination (Default: `true`).\n* `encrypted` - (Optional) Whether the volume should be encrypted or not. Defaults to `false`.\n* `no_device` - (Optional) Whether the device in the block device mapping of the AMI is suppressed.\n\n### ephemeral_block_device\n\n* `device_name` - (Required) The name of the block device to mount on the instance.\n* `no_device` - (Optional) Whether the device in the block device mapping of the AMI is suppressed.\n* `virtual_name` - (Optional) The [Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames).\n\n### root_block_device\n\n\u003e Modifying any of the `root_block_device` settings requires resource replacement.\n\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed on instance termination. Defaults to `true`.\n* `encrypted` - (Optional) Whether the volume should be encrypted or not. Defaults to `false`.\n* `iops` - (Optional) The amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). This must be set with a `volume_type` of `io1`.\n* `throughput` - (Optional) The throughput (MiBps) to provision for a `gp3` volume.\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `volume_type` - (Optional) The type of volume. Can be `standard`, `gp2`, `gp3`, `st1`, `sc1` or `io1`.\n\n## Import\n\nUsing `pulumi import`, import launch configurations using the `name`. For example:\n\n```sh\n$ pulumi import aws:ec2/launchConfiguration:LaunchConfiguration as_conf pulumi-lg-123456\n```\n", "properties": { "arn": { "type": "string", @@ -214206,7 +214206,7 @@ } }, "aws:ec2/localGatewayRouteTableVpcAssociation:LocalGatewayRouteTableVpcAssociation": { - "description": "Manages an EC2 Local Gateway Route Table VPC Association. More information can be found in the [Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-local-gateways.html#vpc-associations).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getLocalGatewayRouteTable({\n outpostArn: \"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\",\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleLocalGatewayRouteTableVpcAssociation = new aws.ec2.LocalGatewayRouteTableVpcAssociation(\"example\", {\n localGatewayRouteTableId: example.then(example =\u003e example.id),\n vpcId: exampleVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_local_gateway_route_table(outpost_arn=\"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\")\nexample_vpc = aws.ec2.Vpc(\"example\", cidr_block=\"10.0.0.0/16\")\nexample_local_gateway_route_table_vpc_association = aws.ec2.LocalGatewayRouteTableVpcAssociation(\"example\",\n local_gateway_route_table_id=example.id,\n vpc_id=example_vpc.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetLocalGatewayRouteTable.Invoke(new()\n {\n OutpostArn = \"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\",\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var exampleLocalGatewayRouteTableVpcAssociation = new Aws.Ec2.LocalGatewayRouteTableVpcAssociation(\"example\", new()\n {\n LocalGatewayRouteTableId = example.Apply(getLocalGatewayRouteTableResult =\u003e getLocalGatewayRouteTableResult.Id),\n VpcId = exampleVpc.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.GetLocalGatewayRouteTable(ctx, \u0026ec2.GetLocalGatewayRouteTableArgs{\n\t\t\tOutpostArn: pulumi.StringRef(\"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewLocalGatewayRouteTableVpcAssociation(ctx, \"example\", \u0026ec2.LocalGatewayRouteTableVpcAssociationArgs{\n\t\t\tLocalGatewayRouteTableId: *pulumi.String(example.Id),\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetLocalGatewayRouteTableArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.LocalGatewayRouteTableVpcAssociation;\nimport com.pulumi.aws.ec2.LocalGatewayRouteTableVpcAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getLocalGatewayRouteTable(GetLocalGatewayRouteTableArgs.builder()\n .outpostArn(\"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\")\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var exampleLocalGatewayRouteTableVpcAssociation = new LocalGatewayRouteTableVpcAssociation(\"exampleLocalGatewayRouteTableVpcAssociation\", LocalGatewayRouteTableVpcAssociationArgs.builder() \n .localGatewayRouteTableId(example.applyValue(getLocalGatewayRouteTableResult -\u003e getLocalGatewayRouteTableResult.id()))\n .vpcId(exampleVpc.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleVpc:\n type: aws:ec2:Vpc\n name: example\n properties:\n cidrBlock: 10.0.0.0/16\n exampleLocalGatewayRouteTableVpcAssociation:\n type: aws:ec2:LocalGatewayRouteTableVpcAssociation\n name: example\n properties:\n localGatewayRouteTableId: ${example.id}\n vpcId: ${exampleVpc.id}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getLocalGatewayRouteTable\n Arguments:\n outpostArn: arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_local_gateway_route_table_vpc_association` using the Local Gateway Route Table VPC Association identifier. For example:\n\n```sh\n$ pulumi import aws:ec2/localGatewayRouteTableVpcAssociation:LocalGatewayRouteTableVpcAssociation example lgw-vpc-assoc-1234567890abcdef\n```\n", + "description": "Manages an EC2 Local Gateway Route Table VPC Association. More information can be found in the [Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-local-gateways.html#vpc-associations).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getLocalGatewayRouteTable({\n outpostArn: \"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\",\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleLocalGatewayRouteTableVpcAssociation = new aws.ec2.LocalGatewayRouteTableVpcAssociation(\"example\", {\n localGatewayRouteTableId: example.then(example =\u003e example.id),\n vpcId: exampleVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_local_gateway_route_table(outpost_arn=\"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\")\nexample_vpc = aws.ec2.Vpc(\"example\", cidr_block=\"10.0.0.0/16\")\nexample_local_gateway_route_table_vpc_association = aws.ec2.LocalGatewayRouteTableVpcAssociation(\"example\",\n local_gateway_route_table_id=example.id,\n vpc_id=example_vpc.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetLocalGatewayRouteTable.Invoke(new()\n {\n OutpostArn = \"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\",\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var exampleLocalGatewayRouteTableVpcAssociation = new Aws.Ec2.LocalGatewayRouteTableVpcAssociation(\"example\", new()\n {\n LocalGatewayRouteTableId = example.Apply(getLocalGatewayRouteTableResult =\u003e getLocalGatewayRouteTableResult.Id),\n VpcId = exampleVpc.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.GetLocalGatewayRouteTable(ctx, \u0026ec2.GetLocalGatewayRouteTableArgs{\n\t\t\tOutpostArn: pulumi.StringRef(\"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewLocalGatewayRouteTableVpcAssociation(ctx, \"example\", \u0026ec2.LocalGatewayRouteTableVpcAssociationArgs{\n\t\t\tLocalGatewayRouteTableId: pulumi.String(example.Id),\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetLocalGatewayRouteTableArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.LocalGatewayRouteTableVpcAssociation;\nimport com.pulumi.aws.ec2.LocalGatewayRouteTableVpcAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getLocalGatewayRouteTable(GetLocalGatewayRouteTableArgs.builder()\n .outpostArn(\"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\")\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var exampleLocalGatewayRouteTableVpcAssociation = new LocalGatewayRouteTableVpcAssociation(\"exampleLocalGatewayRouteTableVpcAssociation\", LocalGatewayRouteTableVpcAssociationArgs.builder() \n .localGatewayRouteTableId(example.applyValue(getLocalGatewayRouteTableResult -\u003e getLocalGatewayRouteTableResult.id()))\n .vpcId(exampleVpc.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleVpc:\n type: aws:ec2:Vpc\n name: example\n properties:\n cidrBlock: 10.0.0.0/16\n exampleLocalGatewayRouteTableVpcAssociation:\n type: aws:ec2:LocalGatewayRouteTableVpcAssociation\n name: example\n properties:\n localGatewayRouteTableId: ${example.id}\n vpcId: ${exampleVpc.id}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getLocalGatewayRouteTable\n Arguments:\n outpostArn: arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_local_gateway_route_table_vpc_association` using the Local Gateway Route Table VPC Association identifier. For example:\n\n```sh\n$ pulumi import aws:ec2/localGatewayRouteTableVpcAssociation:LocalGatewayRouteTableVpcAssociation example lgw-vpc-assoc-1234567890abcdef\n```\n", "properties": { "localGatewayId": { "type": "string" @@ -216036,7 +216036,7 @@ } }, "aws:ec2/networkInterfaceSecurityGroupAttachment:NetworkInterfaceSecurityGroupAttachment": { - "description": "This resource attaches a security group to an Elastic Network Interface (ENI).\nIt can be used to attach a security group to any existing ENI, be it a\nsecondary ENI or one attached as the primary interface on an instance.\n\n\u003e **NOTE on instances, interfaces, and security groups:** This provider currently\nprovides the capability to assign security groups via the [`aws.ec2.Instance`][1]\nand the [`aws.ec2.NetworkInterface`][2] resources. Using this resource in\nconjunction with security groups provided in-line in those resources will cause\nconflicts, and will lead to spurious diffs and undefined behavior - please use\none or the other.\n\n## Example Usage\n\nThe following provides a very basic example of setting up an instance (provided\nby `instance`) in the default security group, creating a security group\n(provided by `sg`) and then attaching the security group to the instance's\nprimary network interface via the `aws.ec2.NetworkInterfaceSecurityGroupAttachment` resource,\nnamed `sg_attachment`:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ami = aws.ec2.getAmi({\n mostRecent: true,\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-hvm-*\"],\n }],\n owners: [\"amazon\"],\n});\nconst instance = new aws.ec2.Instance(\"instance\", {\n instanceType: \"t2.micro\",\n ami: ami.then(ami =\u003e ami.id),\n tags: {\n type: \"test-instance\",\n },\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {tags: {\n type: \"test-security-group\",\n}});\nconst sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", {\n securityGroupId: sg.id,\n networkInterfaceId: instance.primaryNetworkInterfaceId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nami = aws.ec2.get_ami(most_recent=True,\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*\"],\n )],\n owners=[\"amazon\"])\ninstance = aws.ec2.Instance(\"instance\",\n instance_type=\"t2.micro\",\n ami=ami.id,\n tags={\n \"type\": \"test-instance\",\n })\nsg = aws.ec2.SecurityGroup(\"sg\", tags={\n \"type\": \"test-security-group\",\n})\nsg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\",\n security_group_id=sg.id,\n network_interface_id=instance.primary_network_interface_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ami = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-hvm-*\",\n },\n },\n },\n Owners = new[]\n {\n \"amazon\",\n },\n });\n\n var instance = new Aws.Ec2.Instance(\"instance\", new()\n {\n InstanceType = \"t2.micro\",\n Ami = ami.Apply(getAmiResult =\u003e getAmiResult.Id),\n Tags = \n {\n { \"type\", \"test-instance\" },\n },\n });\n\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new()\n {\n Tags = \n {\n { \"type\", \"test-security-group\" },\n },\n });\n\n var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", new()\n {\n SecurityGroupId = sg.Id,\n NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tami, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := ec2.NewInstance(ctx, \"instance\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tAmi: *pulumi.String(ami.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-instance\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", \u0026ec2.SecurityGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-security-group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, \"sg_attachment\", \u0026ec2.NetworkInterfaceSecurityGroupAttachmentArgs{\n\t\t\tSecurityGroupId: sg.ID(),\n\t\t\tNetworkInterfaceId: instance.PrimaryNetworkInterfaceId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ami = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-hvm-*\")\n .build())\n .owners(\"amazon\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder() \n .instanceType(\"t2.micro\")\n .ami(ami.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .tags(Map.of(\"type\", \"test-instance\"))\n .build());\n\n var sg = new SecurityGroup(\"sg\", SecurityGroupArgs.builder() \n .tags(Map.of(\"type\", \"test-security-group\"))\n .build());\n\n var sgAttachment = new NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", NetworkInterfaceSecurityGroupAttachmentArgs.builder() \n .securityGroupId(sg.id())\n .networkInterfaceId(instance.primaryNetworkInterfaceId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: aws:ec2:Instance\n properties:\n instanceType: t2.micro\n ami: ${ami.id}\n tags:\n type: test-instance\n sg:\n type: aws:ec2:SecurityGroup\n properties:\n tags:\n type: test-security-group\n sgAttachment:\n type: aws:ec2:NetworkInterfaceSecurityGroupAttachment\n name: sg_attachment\n properties:\n securityGroupId: ${sg.id}\n networkInterfaceId: ${instance.primaryNetworkInterfaceId}\nvariables:\n ami:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - amzn-ami-hvm-*\n owners:\n - amazon\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nIn this example, `instance` is provided by the `aws.ec2.Instance` data source,\nfetching an external instance, possibly not managed by this provider.\n`sg_attachment` then attaches to the output instance's `network_interface_id`:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instance = aws.ec2.getInstance({\n instanceId: \"i-1234567890abcdef0\",\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {tags: {\n type: \"test-security-group\",\n}});\nconst sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", {\n securityGroupId: sg.id,\n networkInterfaceId: instance.then(instance =\u003e instance.networkInterfaceId),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance = aws.ec2.get_instance(instance_id=\"i-1234567890abcdef0\")\nsg = aws.ec2.SecurityGroup(\"sg\", tags={\n \"type\": \"test-security-group\",\n})\nsg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\",\n security_group_id=sg.id,\n network_interface_id=instance.network_interface_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = Aws.Ec2.GetInstance.Invoke(new()\n {\n InstanceId = \"i-1234567890abcdef0\",\n });\n\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new()\n {\n Tags = \n {\n { \"type\", \"test-security-group\" },\n },\n });\n\n var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", new()\n {\n SecurityGroupId = sg.Id,\n NetworkInterfaceId = instance.Apply(getInstanceResult =\u003e getInstanceResult.NetworkInterfaceId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := ec2.LookupInstance(ctx, \u0026ec2.LookupInstanceArgs{\n\t\t\tInstanceId: pulumi.StringRef(\"i-1234567890abcdef0\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", \u0026ec2.SecurityGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-security-group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, \"sg_attachment\", \u0026ec2.NetworkInterfaceSecurityGroupAttachmentArgs{\n\t\t\tSecurityGroupId: sg.ID(),\n\t\t\tNetworkInterfaceId: *pulumi.String(instance.NetworkInterfaceId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetInstanceArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var instance = Ec2Functions.getInstance(GetInstanceArgs.builder()\n .instanceId(\"i-1234567890abcdef0\")\n .build());\n\n var sg = new SecurityGroup(\"sg\", SecurityGroupArgs.builder() \n .tags(Map.of(\"type\", \"test-security-group\"))\n .build());\n\n var sgAttachment = new NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", NetworkInterfaceSecurityGroupAttachmentArgs.builder() \n .securityGroupId(sg.id())\n .networkInterfaceId(instance.applyValue(getInstanceResult -\u003e getInstanceResult.networkInterfaceId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sg:\n type: aws:ec2:SecurityGroup\n properties:\n tags:\n type: test-security-group\n sgAttachment:\n type: aws:ec2:NetworkInterfaceSecurityGroupAttachment\n name: sg_attachment\n properties:\n securityGroupId: ${sg.id}\n networkInterfaceId: ${instance.networkInterfaceId}\nvariables:\n instance:\n fn::invoke:\n Function: aws:ec2:getInstance\n Arguments:\n instanceId: i-1234567890abcdef0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Network Interface Security Group attachments using the associated network interface ID and security group ID, separated by an underscore (`_`). For example:\n\n```sh\n$ pulumi import aws:ec2/networkInterfaceSecurityGroupAttachment:NetworkInterfaceSecurityGroupAttachment sg_attachment eni-1234567890abcdef0_sg-1234567890abcdef0\n```\n", + "description": "This resource attaches a security group to an Elastic Network Interface (ENI).\nIt can be used to attach a security group to any existing ENI, be it a\nsecondary ENI or one attached as the primary interface on an instance.\n\n\u003e **NOTE on instances, interfaces, and security groups:** This provider currently\nprovides the capability to assign security groups via the [`aws.ec2.Instance`][1]\nand the [`aws.ec2.NetworkInterface`][2] resources. Using this resource in\nconjunction with security groups provided in-line in those resources will cause\nconflicts, and will lead to spurious diffs and undefined behavior - please use\none or the other.\n\n## Example Usage\n\nThe following provides a very basic example of setting up an instance (provided\nby `instance`) in the default security group, creating a security group\n(provided by `sg`) and then attaching the security group to the instance's\nprimary network interface via the `aws.ec2.NetworkInterfaceSecurityGroupAttachment` resource,\nnamed `sg_attachment`:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ami = aws.ec2.getAmi({\n mostRecent: true,\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-hvm-*\"],\n }],\n owners: [\"amazon\"],\n});\nconst instance = new aws.ec2.Instance(\"instance\", {\n instanceType: aws.ec2.InstanceType.T2_Micro,\n ami: ami.then(ami =\u003e ami.id),\n tags: {\n type: \"test-instance\",\n },\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {tags: {\n type: \"test-security-group\",\n}});\nconst sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", {\n securityGroupId: sg.id,\n networkInterfaceId: instance.primaryNetworkInterfaceId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nami = aws.ec2.get_ami(most_recent=True,\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*\"],\n )],\n owners=[\"amazon\"])\ninstance = aws.ec2.Instance(\"instance\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n ami=ami.id,\n tags={\n \"type\": \"test-instance\",\n })\nsg = aws.ec2.SecurityGroup(\"sg\", tags={\n \"type\": \"test-security-group\",\n})\nsg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\",\n security_group_id=sg.id,\n network_interface_id=instance.primary_network_interface_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ami = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-hvm-*\",\n },\n },\n },\n Owners = new[]\n {\n \"amazon\",\n },\n });\n\n var instance = new Aws.Ec2.Instance(\"instance\", new()\n {\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n Ami = ami.Apply(getAmiResult =\u003e getAmiResult.Id),\n Tags = \n {\n { \"type\", \"test-instance\" },\n },\n });\n\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new()\n {\n Tags = \n {\n { \"type\", \"test-security-group\" },\n },\n });\n\n var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", new()\n {\n SecurityGroupId = sg.Id,\n NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tami, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := ec2.NewInstance(ctx, \"instance\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tAmi: pulumi.String(ami.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-instance\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", \u0026ec2.SecurityGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-security-group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, \"sg_attachment\", \u0026ec2.NetworkInterfaceSecurityGroupAttachmentArgs{\n\t\t\tSecurityGroupId: sg.ID(),\n\t\t\tNetworkInterfaceId: instance.PrimaryNetworkInterfaceId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ami = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-hvm-*\")\n .build())\n .owners(\"amazon\")\n .build());\n\n var instance = new Instance(\"instance\", InstanceArgs.builder() \n .instanceType(\"t2.micro\")\n .ami(ami.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .tags(Map.of(\"type\", \"test-instance\"))\n .build());\n\n var sg = new SecurityGroup(\"sg\", SecurityGroupArgs.builder() \n .tags(Map.of(\"type\", \"test-security-group\"))\n .build());\n\n var sgAttachment = new NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", NetworkInterfaceSecurityGroupAttachmentArgs.builder() \n .securityGroupId(sg.id())\n .networkInterfaceId(instance.primaryNetworkInterfaceId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: aws:ec2:Instance\n properties:\n instanceType: t2.micro\n ami: ${ami.id}\n tags:\n type: test-instance\n sg:\n type: aws:ec2:SecurityGroup\n properties:\n tags:\n type: test-security-group\n sgAttachment:\n type: aws:ec2:NetworkInterfaceSecurityGroupAttachment\n name: sg_attachment\n properties:\n securityGroupId: ${sg.id}\n networkInterfaceId: ${instance.primaryNetworkInterfaceId}\nvariables:\n ami:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - amzn-ami-hvm-*\n owners:\n - amazon\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nIn this example, `instance` is provided by the `aws.ec2.Instance` data source,\nfetching an external instance, possibly not managed by this provider.\n`sg_attachment` then attaches to the output instance's `network_interface_id`:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instance = aws.ec2.getInstance({\n instanceId: \"i-1234567890abcdef0\",\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {tags: {\n type: \"test-security-group\",\n}});\nconst sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", {\n securityGroupId: sg.id,\n networkInterfaceId: instance.then(instance =\u003e instance.networkInterfaceId),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance = aws.ec2.get_instance(instance_id=\"i-1234567890abcdef0\")\nsg = aws.ec2.SecurityGroup(\"sg\", tags={\n \"type\": \"test-security-group\",\n})\nsg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\",\n security_group_id=sg.id,\n network_interface_id=instance.network_interface_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = Aws.Ec2.GetInstance.Invoke(new()\n {\n InstanceId = \"i-1234567890abcdef0\",\n });\n\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new()\n {\n Tags = \n {\n { \"type\", \"test-security-group\" },\n },\n });\n\n var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment(\"sg_attachment\", new()\n {\n SecurityGroupId = sg.Id,\n NetworkInterfaceId = instance.Apply(getInstanceResult =\u003e getInstanceResult.NetworkInterfaceId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance, err := ec2.LookupInstance(ctx, \u0026ec2.LookupInstanceArgs{\n\t\t\tInstanceId: pulumi.StringRef(\"i-1234567890abcdef0\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", \u0026ec2.SecurityGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-security-group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, \"sg_attachment\", \u0026ec2.NetworkInterfaceSecurityGroupAttachmentArgs{\n\t\t\tSecurityGroupId: sg.ID(),\n\t\t\tNetworkInterfaceId: pulumi.String(instance.NetworkInterfaceId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetInstanceArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;\nimport com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var instance = Ec2Functions.getInstance(GetInstanceArgs.builder()\n .instanceId(\"i-1234567890abcdef0\")\n .build());\n\n var sg = new SecurityGroup(\"sg\", SecurityGroupArgs.builder() \n .tags(Map.of(\"type\", \"test-security-group\"))\n .build());\n\n var sgAttachment = new NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", NetworkInterfaceSecurityGroupAttachmentArgs.builder() \n .securityGroupId(sg.id())\n .networkInterfaceId(instance.applyValue(getInstanceResult -\u003e getInstanceResult.networkInterfaceId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sg:\n type: aws:ec2:SecurityGroup\n properties:\n tags:\n type: test-security-group\n sgAttachment:\n type: aws:ec2:NetworkInterfaceSecurityGroupAttachment\n name: sg_attachment\n properties:\n securityGroupId: ${sg.id}\n networkInterfaceId: ${instance.networkInterfaceId}\nvariables:\n instance:\n fn::invoke:\n Function: aws:ec2:getInstance\n Arguments:\n instanceId: i-1234567890abcdef0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Network Interface Security Group attachments using the associated network interface ID and security group ID, separated by an underscore (`_`). For example:\n\n```sh\n$ pulumi import aws:ec2/networkInterfaceSecurityGroupAttachment:NetworkInterfaceSecurityGroupAttachment sg_attachment eni-1234567890abcdef0_sg-1234567890abcdef0\n```\n", "properties": { "networkInterfaceId": { "type": "string", @@ -216085,7 +216085,7 @@ } }, "aws:ec2/peeringConnectionOptions:PeeringConnectionOptions": { - "description": "Provides a resource to manage VPC peering connection options.\n\n\u003e **NOTE on VPC Peering Connections and VPC Peering Connection Options:** This provider provides\nboth a standalone VPC Peering Connection Options and a VPC Peering Connection\nresource with `accepter` and `requester` attributes. Do not manage options for the same VPC peering\nconnection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource.\nDoing so will cause a conflict of options and will overwrite the options.\nUsing a VPC Peering Connection Options resource decouples management of the connection options from\nmanagement of the VPC Peering Connection and allows options to be set correctly in cross-region and\ncross-account scenarios.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\nconst bar = new aws.ec2.Vpc(\"bar\", {cidrBlock: \"10.1.0.0/16\"});\nconst fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"foo\", {\n vpcId: foo.id,\n peerVpcId: bar.id,\n autoAccept: true,\n});\nconst fooPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"foo\", {\n vpcPeeringConnectionId: fooVpcPeeringConnection.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\nbar = aws.ec2.Vpc(\"bar\", cidr_block=\"10.1.0.0/16\")\nfoo_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"foo\",\n vpc_id=foo.id,\n peer_vpc_id=bar.id,\n auto_accept=True)\nfoo_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"foo\",\n vpc_peering_connection_id=foo_vpc_peering_connection.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var bar = new Aws.Ec2.Vpc(\"bar\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"foo\", new()\n {\n VpcId = foo.Id,\n PeerVpcId = bar.Id,\n AutoAccept = true,\n });\n\n var fooPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"foo\", new()\n {\n VpcPeeringConnectionId = fooVpcPeeringConnection.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewVpc(ctx, \"bar\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"foo\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tPeerVpcId: bar.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"foo\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: fooVpcPeeringConnection.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Vpc(\"foo\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var bar = new Vpc(\"bar\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var fooVpcPeeringConnection = new VpcPeeringConnection(\"fooVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(foo.id())\n .peerVpcId(bar.id())\n .autoAccept(true)\n .build());\n\n var fooPeeringConnectionOptions = new PeeringConnectionOptions(\"fooPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(fooVpcPeeringConnection.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n bar:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n fooVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n name: foo\n properties:\n vpcId: ${foo.id}\n peerVpcId: ${bar.id}\n autoAccept: true\n fooPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n name: foo\n properties:\n vpcPeeringConnectionId: ${fooVpcPeeringConnection.id}\n accepter:\n allowRemoteVpcDnsResolution: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cross-Account Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst peerVpc = new aws.ec2.Vpc(\"peer\", {\n cidrBlock: \"10.1.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst peer = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peer\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peer.then(peer =\u003e peer.accountId),\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peer\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n});\nconst requester = new aws.ec2.PeeringConnectionOptions(\"requester\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n requester: {\n allowRemoteVpcDnsResolution: true,\n },\n});\nconst accepter = new aws.ec2.PeeringConnectionOptions(\"accepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\npeer_vpc = aws.ec2.Vpc(\"peer\",\n cidr_block=\"10.1.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\npeer = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peer\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer.account_id,\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n })\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peer\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n })\nrequester = aws.ec2.PeeringConnectionOptions(\"requester\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n requester=aws.ec2.PeeringConnectionOptionsRequesterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\naccepter = aws.ec2.PeeringConnectionOptions(\"accepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peer\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n\n var peer = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peer\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peer.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peer\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n var requester = new Aws.Ec2.PeeringConnectionOptions(\"requester\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n var accepter = new Aws.Ec2.PeeringConnectionOptions(\"accepter\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peer\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeer, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Requester's side of the connection.\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: *pulumi.String(peer.AccountId),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the connection.\n\t\tpeerVpcPeeringConnectionAccepter, err := ec2.NewVpcPeeringConnectionAccepter(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"requester\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tRequester: \u0026ec2.PeeringConnectionOptionsRequesterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"accepter\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsRequesterArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build());\n\n final var peer = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peer.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n var requester = new PeeringConnectionOptions(\"requester\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .requester(PeeringConnectionOptionsRequesterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n var accepter = new PeeringConnectionOptions(\"accepter\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n peerVpc:\n type: aws:ec2:Vpc\n name: peer\n properties:\n cidrBlock: 10.1.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n name: peer\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peer.accountId}\n autoAccept: false\n tags:\n Side: Requester\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n name: peer\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\n requester:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n requester:\n allowRemoteVpcDnsResolution: true\n accepter:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n accepter:\n allowRemoteVpcDnsResolution: true\nvariables:\n peer:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Options using the VPC peering `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/peeringConnectionOptions:PeeringConnectionOptions foo pcx-111aaa111\n```\n", + "description": "Provides a resource to manage VPC peering connection options.\n\n\u003e **NOTE on VPC Peering Connections and VPC Peering Connection Options:** This provider provides\nboth a standalone VPC Peering Connection Options and a VPC Peering Connection\nresource with `accepter` and `requester` attributes. Do not manage options for the same VPC peering\nconnection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource.\nDoing so will cause a conflict of options and will overwrite the options.\nUsing a VPC Peering Connection Options resource decouples management of the connection options from\nmanagement of the VPC Peering Connection and allows options to be set correctly in cross-region and\ncross-account scenarios.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\nconst bar = new aws.ec2.Vpc(\"bar\", {cidrBlock: \"10.1.0.0/16\"});\nconst fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"foo\", {\n vpcId: foo.id,\n peerVpcId: bar.id,\n autoAccept: true,\n});\nconst fooPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"foo\", {\n vpcPeeringConnectionId: fooVpcPeeringConnection.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\nbar = aws.ec2.Vpc(\"bar\", cidr_block=\"10.1.0.0/16\")\nfoo_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"foo\",\n vpc_id=foo.id,\n peer_vpc_id=bar.id,\n auto_accept=True)\nfoo_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"foo\",\n vpc_peering_connection_id=foo_vpc_peering_connection.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var bar = new Aws.Ec2.Vpc(\"bar\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"foo\", new()\n {\n VpcId = foo.Id,\n PeerVpcId = bar.Id,\n AutoAccept = true,\n });\n\n var fooPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"foo\", new()\n {\n VpcPeeringConnectionId = fooVpcPeeringConnection.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewVpc(ctx, \"bar\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"foo\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tPeerVpcId: bar.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"foo\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: fooVpcPeeringConnection.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Vpc(\"foo\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var bar = new Vpc(\"bar\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var fooVpcPeeringConnection = new VpcPeeringConnection(\"fooVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(foo.id())\n .peerVpcId(bar.id())\n .autoAccept(true)\n .build());\n\n var fooPeeringConnectionOptions = new PeeringConnectionOptions(\"fooPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(fooVpcPeeringConnection.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n bar:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n fooVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n name: foo\n properties:\n vpcId: ${foo.id}\n peerVpcId: ${bar.id}\n autoAccept: true\n fooPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n name: foo\n properties:\n vpcPeeringConnectionId: ${fooVpcPeeringConnection.id}\n accepter:\n allowRemoteVpcDnsResolution: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Cross-Account Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst peerVpc = new aws.ec2.Vpc(\"peer\", {\n cidrBlock: \"10.1.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst peer = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peer\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peer.then(peer =\u003e peer.accountId),\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peer\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n});\nconst requester = new aws.ec2.PeeringConnectionOptions(\"requester\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n requester: {\n allowRemoteVpcDnsResolution: true,\n },\n});\nconst accepter = new aws.ec2.PeeringConnectionOptions(\"accepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\npeer_vpc = aws.ec2.Vpc(\"peer\",\n cidr_block=\"10.1.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\npeer = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peer\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer.account_id,\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n })\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peer\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n })\nrequester = aws.ec2.PeeringConnectionOptions(\"requester\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n requester=aws.ec2.PeeringConnectionOptionsRequesterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\naccepter = aws.ec2.PeeringConnectionOptions(\"accepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peer\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n\n var peer = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peer\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peer.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peer\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n var requester = new Aws.Ec2.PeeringConnectionOptions(\"requester\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n var accepter = new Aws.Ec2.PeeringConnectionOptions(\"accepter\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peer\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeer, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Requester's side of the connection.\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: pulumi.String(peer.AccountId),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the connection.\n\t\tpeerVpcPeeringConnectionAccepter, err := ec2.NewVpcPeeringConnectionAccepter(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"requester\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tRequester: \u0026ec2.PeeringConnectionOptionsRequesterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"accepter\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsRequesterArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build());\n\n final var peer = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peer.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n var requester = new PeeringConnectionOptions(\"requester\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .requester(PeeringConnectionOptionsRequesterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n var accepter = new PeeringConnectionOptions(\"accepter\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n peerVpc:\n type: aws:ec2:Vpc\n name: peer\n properties:\n cidrBlock: 10.1.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n name: peer\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peer.accountId}\n autoAccept: false\n tags:\n Side: Requester\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n name: peer\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\n requester:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n requester:\n allowRemoteVpcDnsResolution: true\n accepter:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n accepter:\n allowRemoteVpcDnsResolution: true\nvariables:\n peer:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Options using the VPC peering `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/peeringConnectionOptions:PeeringConnectionOptions foo pcx-111aaa111\n```\n", "properties": { "accepter": { "$ref": "#/types/aws:ec2/PeeringConnectionOptionsAccepter:PeeringConnectionOptionsAccepter", @@ -216144,7 +216144,7 @@ } }, "aws:ec2/placementGroup:PlacementGroup": { - "description": "Provides an EC2 placement group. Read more about placement groups\nin [AWS Docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.PlacementGroup(\"web\", {\n name: \"hunky-dory-pg\",\n strategy: \"cluster\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.PlacementGroup(\"web\",\n name=\"hunky-dory-pg\",\n strategy=\"cluster\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var web = new Aws.Ec2.PlacementGroup(\"web\", new()\n {\n Name = \"hunky-dory-pg\",\n Strategy = \"cluster\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewPlacementGroup(ctx, \"web\", \u0026ec2.PlacementGroupArgs{\n\t\t\tName: pulumi.String(\"hunky-dory-pg\"),\n\t\t\tStrategy: pulumi.String(\"cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.PlacementGroup;\nimport com.pulumi.aws.ec2.PlacementGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var web = new PlacementGroup(\"web\", PlacementGroupArgs.builder() \n .name(\"hunky-dory-pg\")\n .strategy(\"cluster\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:PlacementGroup\n properties:\n name: hunky-dory-pg\n strategy: cluster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import placement groups using the `name`. For example:\n\n```sh\n$ pulumi import aws:ec2/placementGroup:PlacementGroup prod_pg production-placement-group\n```\n", + "description": "Provides an EC2 placement group. Read more about placement groups\nin [AWS Docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.PlacementGroup(\"web\", {\n name: \"hunky-dory-pg\",\n strategy: aws.ec2.PlacementStrategy.Cluster,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.PlacementGroup(\"web\",\n name=\"hunky-dory-pg\",\n strategy=aws.ec2.PlacementStrategy.CLUSTER)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var web = new Aws.Ec2.PlacementGroup(\"web\", new()\n {\n Name = \"hunky-dory-pg\",\n Strategy = Aws.Ec2.PlacementStrategy.Cluster,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewPlacementGroup(ctx, \"web\", \u0026ec2.PlacementGroupArgs{\n\t\t\tName: pulumi.String(\"hunky-dory-pg\"),\n\t\t\tStrategy: pulumi.String(ec2.PlacementStrategyCluster),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.PlacementGroup;\nimport com.pulumi.aws.ec2.PlacementGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var web = new PlacementGroup(\"web\", PlacementGroupArgs.builder() \n .name(\"hunky-dory-pg\")\n .strategy(\"cluster\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:PlacementGroup\n properties:\n name: hunky-dory-pg\n strategy: cluster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import placement groups using the `name`. For example:\n\n```sh\n$ pulumi import aws:ec2/placementGroup:PlacementGroup prod_pg production-placement-group\n```\n", "properties": { "arn": { "type": "string", @@ -216774,7 +216774,7 @@ } }, "aws:ec2/securityGroup:SecurityGroup": { - "description": "Provides a security group resource.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or `egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID. The `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules. You should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** The `cidr_blocks` and `ipv6_cidr_blocks` parameters are optional in the `ingress` and `egress` blocks. If nothing is specified, traffic will be blocked as described in _NOTE on Egress rules_ later.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst allowTls = new aws.ec2.SecurityGroup(\"allow_tls\", {\n name: \"allow_tls\",\n description: \"Allow TLS inbound traffic and all outbound traffic\",\n vpcId: main.id,\n tags: {\n Name: \"allow_tls\",\n },\n});\nconst allowTlsIpv4 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: main.cidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowTlsIpv6 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: main.ipv6CidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowAllTrafficIpv4 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: \"0.0.0.0/0\",\n ipProtocol: \"-1\",\n});\nconst allowAllTrafficIpv6 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: \"::/0\",\n ipProtocol: \"-1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nallow_tls = aws.ec2.SecurityGroup(\"allow_tls\",\n name=\"allow_tls\",\n description=\"Allow TLS inbound traffic and all outbound traffic\",\n vpc_id=main[\"id\"],\n tags={\n \"Name\": \"allow_tls\",\n })\nallow_tls_ipv4 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=main[\"cidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_tls_ipv6 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=main[\"ipv6CidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_all_traffic_ipv4 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=\"0.0.0.0/0\",\n ip_protocol=\"-1\")\nallow_all_traffic_ipv6 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=\"::/0\",\n ip_protocol=\"-1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allowTls = new Aws.Ec2.SecurityGroup(\"allow_tls\", new()\n {\n Name = \"allow_tls\",\n Description = \"Allow TLS inbound traffic and all outbound traffic\",\n VpcId = main.Id,\n Tags = \n {\n { \"Name\", \"allow_tls\" },\n },\n });\n\n var allowTlsIpv4 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = main.CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowTlsIpv6 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = main.Ipv6CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowAllTrafficIpv4 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = \"0.0.0.0/0\",\n IpProtocol = \"-1\",\n });\n\n var allowAllTrafficIpv6 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = \"::/0\",\n IpProtocol = \"-1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tallowTls, err := ec2.NewSecurityGroup(ctx, \"allow_tls\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"allow_tls\"),\n\t\t\tDescription: pulumi.String(\"Allow TLS inbound traffic and all outbound traffic\"),\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"allow_tls\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv4\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.Any(main.CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv6\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.Any(main.Ipv6CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv4\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv6\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.String(\"::/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRule;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRuleArgs;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRule;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allowTls = new SecurityGroup(\"allowTls\", SecurityGroupArgs.builder() \n .name(\"allow_tls\")\n .description(\"Allow TLS inbound traffic and all outbound traffic\")\n .vpcId(main.id())\n .tags(Map.of(\"Name\", \"allow_tls\"))\n .build());\n\n var allowTlsIpv4 = new SecurityGroupIngressRule(\"allowTlsIpv4\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(main.cidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowTlsIpv6 = new SecurityGroupIngressRule(\"allowTlsIpv6\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(main.ipv6CidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowAllTrafficIpv4 = new SecurityGroupEgressRule(\"allowAllTrafficIpv4\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(\"0.0.0.0/0\")\n .ipProtocol(\"-1\")\n .build());\n\n var allowAllTrafficIpv6 = new SecurityGroupEgressRule(\"allowAllTrafficIpv6\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(\"::/0\")\n .ipProtocol(\"-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowTls:\n type: aws:ec2:SecurityGroup\n name: allow_tls\n properties:\n name: allow_tls\n description: Allow TLS inbound traffic and all outbound traffic\n vpcId: ${main.id}\n tags:\n Name: allow_tls\n allowTlsIpv4:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: ${main.cidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowTlsIpv6:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ${main.ipv6CidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowAllTrafficIpv4:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: 0.0.0.0/0\n ipProtocol: '-1'\n allowAllTrafficIpv6:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ::/0\n ipProtocol: '-1'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, **this provider will remove this default rule**, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this `egress` block:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n ipv6CidrBlocks: [\"::/0\"],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n ipv6_cidr_blocks=[\"::/0\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Ipv6CidrBlocks = new[]\n {\n \"::/0\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .cidrBlocks(\"0.0.0.0/0\")\n .ipv6CidrBlocks(\"::/0\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n cidrBlocks:\n - 0.0.0.0/0\n ipv6CidrBlocks:\n - ::/0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nPrefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"my_endpoint\", {});\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_endpoint = aws.ec2.VpcEndpoint(\"my_endpoint\")\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"my_endpoint\");\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"my_endpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n name: my_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n\n### Removing All Ingress and Egress Rules\n\nThe `ingress` and `egress` arguments are processed in attributes-as-blocks mode. Due to this, removing these arguments from the configuration will **not** cause the provider to destroy the managed rules. To subsequently remove all managed ingress and egress rules:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n vpcId: exampleAwsVpc.id,\n ingress: [],\n egress: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n vpc_id=example_aws_vpc[\"id\"],\n ingress=[],\n egress=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n VpcId = exampleAwsVpc.Id,\n Ingress = new[] {},\n Egress = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"sg\")\n .vpcId(exampleAwsVpc.id())\n .ingress()\n .egress()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n vpcId: ${exampleAwsVpc.id}\n ingress: []\n egress: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Recreating a Security Group\n\nA simple security group `name` change \"forces new\" the security group--the provider destroys the security group and creates a new one. (Likewise, `description`, `name_prefix`, or `vpc_id` [cannot be changed](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#creating-security-group).) Attempting to recreate the security group leads to a variety of complications depending on how it is used.\n\nSecurity groups are generally associated with other resources--**more than 100** AWS Provider resources reference security groups. Referencing a resource from another resource creates a one-way dependency. For example, if you create an EC2 `aws.ec2.Instance` that has a `vpc_security_group_ids` argument that refers to an `aws.ec2.SecurityGroup` resource, the `aws.ec2.SecurityGroup` is a dependent of the `aws.ec2.Instance`. Because of this, the provider will create the security group first so that it can then be associated with the EC2 instance.\n\nHowever, the dependency relationship actually goes both directions causing the _Security Group Deletion Problem_. AWS does not allow you to delete the security group associated with another resource (_e.g._, the `aws.ec2.Instance`).\n\nThe provider does not model bi-directional dependencies like this, but, even if it did, simply knowing the dependency situation would not be enough to solve it. For example, some resources must always have an associated security group while others don't need to. In addition, when the `aws.ec2.SecurityGroup` resource attempts to recreate, it receives a dependent object error, which does not provide information on whether the dependent object is a security group rule or, for example, an associated EC2 instance. Within the provider, the associated resource (_e.g._, `aws.ec2.Instance`) does not receive an error when the `aws.ec2.SecurityGroup` is trying to recreate even though that is where changes to the associated resource would need to take place (_e.g._, removing the security group association).\n\nDespite these sticky problems, below are some ways to improve your experience when you find it necessary to recreate a security group.\n\n### `create_before_destroy`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nNormally, the provider first deletes the existing security group resource and then creates a new one. When a security group is associated with a resource, the delete won't succeed. You can invert the default behavior using the `create_before_destroy` meta argument:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"changeable-name\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"changeable-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"changeable-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"changeable-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"changeable-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: changeable-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### `replace_triggered_by`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nTo replace a resource when a security group changes, use the `replace_triggered_by` meta argument. Note that in this example, the `aws.ec2.Instance` will be destroyed and created again when the `aws.ec2.SecurityGroup` changes.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"sg\"});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n instanceType: \"t3.small\",\n vpcSecurityGroupIds: [test.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"sg\")\nexample_instance = aws.ec2.Instance(\"example\",\n instance_type=\"t3.small\",\n vpc_security_group_ids=[test[\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n InstanceType = \"t3.small\",\n VpcSecurityGroupIds = new[]\n {\n test.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t3.small\"),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\ttest.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"sg\")\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .instanceType(\"t3.small\")\n .vpcSecurityGroupIds(test.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n instanceType: t3.small\n vpcSecurityGroupIds:\n - ${test.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Shorter timeout\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nIf destroying a security group takes a long time, it may be because the provider cannot distinguish between a dependent object (_e.g._, a security group rule or EC2 instance) that is _in the process of being deleted_ and one that is not. In other words, it may be waiting for a train that isn't scheduled to arrive. To fail faster, shorten the `delete` timeout from the default timeout:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"izizavle\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"izizavle\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"izizavle\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"izizavle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"izizavle\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: izizavle\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Provisioners\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\n**DISCLAIMER:** We **_HIGHLY_** recommend using one of the above approaches and _NOT_ using local provisioners. Provisioners, like the one shown below, should be considered a **last resort** since they are _not readable_, _require skills outside standard configuration_, are _error prone_ and _difficult to maintain_, are not compatible with cloud environments and upgrade tools, require AWS CLI installation, and are subject to changes outside the AWS Provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as _null from \"@pulumi/null\";\nimport * as aws from \"@pulumi/aws\";\nimport * as command from \"@pulumi/command\";\nimport * as std from \"@pulumi/std\";\n\nconst default = aws.ec2.getSecurityGroup({\n name: \"default\",\n});\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n tags: {\n workaround1: \"tagged-name\",\n workaround2: _default.then(_default =\u003e _default.id),\n },\n});\nconst exampleProvisioner0 = new command.local.Command(\"exampleProvisioner0\", {\n create: \"true\",\n update: \"true\",\n \"delete\": ` ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n`,\n}, {\n dependsOn: [example],\n});\nconst exampleResource = new _null.index.Resource(\"example\", {triggers: {\n rerunUponChangeOf: std.join({\n separator: \",\",\n input: exampleAwsVpcEndpoint.securityGroupIds,\n }).result,\n}});\nconst exampleResourceProvisioner0 = new command.local.Command(\"exampleResourceProvisioner0\", {create: ` aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${_default.id}\n`}, {\n dependsOn: [exampleResource],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_command as command\nimport pulumi_null as null\nimport pulumi_std as std\n\ndefault = aws.ec2.get_security_group(name=\"default\")\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n tags={\n \"workaround1\": \"tagged-name\",\n \"workaround2\": default.id,\n })\nexample_provisioner0 = command.local.Command(\"exampleProvisioner0\",\n create=true,\n update=true,\n delete=f ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values={tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.workaround2} --remove-security-group-ids {id}\n,\n opts=pulumi.ResourceOptions(depends_on=[example]))\nexample_resource = null.index.Resource(\"example\", triggers={\n rerunUponChangeOf: std.join(separator=,,\n input=example_aws_vpc_endpoint.security_group_ids).result,\n})\nexample_resource_provisioner0 = command.local.Command(\"exampleResourceProvisioner0\", create=f aws ec2 modify-vpc-endpoint --vpc-endpoint-id {example_aws_vpc_endpoint.id} --remove-security-group-ids {default.id}\n,\nopts=pulumi.ResourceOptions(depends_on=[example_resource]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Command = Pulumi.Command;\nusing Null = Pulumi.Null;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetSecurityGroup.Invoke(new()\n {\n Name = \"default\",\n });\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n Tags = \n {\n { \"workaround1\", \"tagged-name\" },\n { \"workaround2\", @default.Apply(@default =\u003e @default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)) },\n },\n });\n\n var exampleProvisioner0 = new Command.Local.Command(\"exampleProvisioner0\", new()\n {\n Create = \"true\",\n Update = \"true\",\n Delete = @$\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"\"Name=tag:Name,Values={tags.Workaround1}\"\" --query \"\"VpcEndpoints[0].VpcEndpointId\"\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.Workaround2} --remove-security-group-ids {id}\n\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n example,\n },\n });\n\n var exampleResource = new Null.Index.Resource(\"example\", new()\n {\n Triggers = \n {\n { \"rerunUponChangeOf\", Std.Join.Invoke(new()\n {\n Separator = \",\",\n Input = exampleAwsVpcEndpoint.SecurityGroupIds,\n }).Result },\n },\n });\n\n var exampleResourceProvisioner0 = new Command.Local.Command(\"exampleResourceProvisioner0\", new()\n {\n Create = @$\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id {exampleAwsVpcEndpoint.Id} --remove-security-group-ids {@default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)}\n\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleResource,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-command/sdk/v1/go/command/local\"\n\t\"github.com/pulumi/pulumi-null/sdk/v1/go/null\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_default, err := ec2.LookupSecurityGroup(ctx, \u0026ec2.LookupSecurityGroupArgs{\nName: pulumi.StringRef(\"default\"),\n}, nil);\nif err != nil {\nreturn err\n}\nexample, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\nName: pulumi.String(\"sg\"),\nTags: pulumi.StringMap{\n\"workaround1\": pulumi.String(\"tagged-name\"),\n\"workaround2\": *pulumi.String(_default.Id),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = local.NewCommand(ctx, \"exampleProvisioner0\", \u0026local.CommandArgs{\nCreate: \"true\",\nUpdate: \"true\",\nDelete: fmt.Sprintf(\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \\\"Name=tag:Name,Values=%v\\\" --query \\\"VpcEndpoints[0].VpcEndpointId\\\" --output text` \u0026\u0026\\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %v --remove-security-group-ids %v\\n\", tags.Workaround1, tags.Workaround2, id),\n}, pulumi.DependsOn([]pulumi.Resource{\nexample,\n}))\nif err != nil {\nreturn err\n}\nexampleResource, err := index.NewResource(ctx, \"example\", \u0026index.ResourceArgs{\nTriggers: invokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\nSeparator: \",\",\nInput: exampleAwsVpcEndpoint.SecurityGroupIds,\n}, nil)\nif err != nil {\nreturn err\n}\nmap[string]interface{}{\n\"rerunUponChangeOf\": invokeJoin.Result,\n},\n})\nif err != nil {\nreturn err\n}\n_, err = local.NewCommand(ctx, \"exampleResourceProvisioner0\", \u0026local.CommandArgs{\nCreate: fmt.Sprintf(\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id %v --remove-security-group-ids %v\\n\", exampleAwsVpcEndpoint.Id, _default.Id),\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleResource,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.command.local.Command;\nimport com.pulumi.command.local.CommandArgs;\nimport com.pulumi.null.resource;\nimport com.pulumi.null.ResourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getSecurityGroup(GetSecurityGroupArgs.builder()\n .name(\"default\")\n .build());\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"sg\")\n .tags(Map.ofEntries(\n Map.entry(\"workaround1\", \"tagged-name\"),\n Map.entry(\"workaround2\", default_.id())\n ))\n .build());\n\n var exampleProvisioner0 = new Command(\"exampleProvisioner0\", CommandArgs.builder() \n .create(\"true\")\n .update(\"true\")\n .delete(\"\"\"\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=%s\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %s --remove-security-group-ids %s\n\", tags.workaround1(),tags.workaround2(),id))\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder() \n .triggers(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n var exampleResourceProvisioner0 = new Command(\"exampleResourceProvisioner0\", CommandArgs.builder() \n .create(\"\"\"\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id %s --remove-security-group-ids %s\n\", exampleAwsVpcEndpoint.id(),default_.id()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleResource)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n tags:\n workaround1: tagged-name\n workaround2: ${default.id}\n exampleProvisioner0:\n type: command:local:Command\n properties:\n create: 'true'\n update: 'true'\n delete: |2\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n options:\n dependson:\n - ${example}\n exampleResource:\n type: null:resource\n name: example\n properties:\n triggers:\n rerunUponChangeOf:\n fn::invoke:\n Function: std:join\n Arguments:\n separator: ','\n input: ${exampleAwsVpcEndpoint.securityGroupIds}\n Return: result\n exampleResourceProvisioner0:\n type: command:local:Command\n properties:\n create: |2\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${default.id}\n options:\n dependson:\n - ${exampleResource}\nvariables:\n default:\n fn::invoke:\n Function: aws:ec2:getSecurityGroup\n Arguments:\n name: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Security Groups using the security group `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8\n```\n", + "description": "Provides a security group resource.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or `egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID. The `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules. You should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** The `cidr_blocks` and `ipv6_cidr_blocks` parameters are optional in the `ingress` and `egress` blocks. If nothing is specified, traffic will be blocked as described in _NOTE on Egress rules_ later.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst allowTls = new aws.ec2.SecurityGroup(\"allow_tls\", {\n name: \"allow_tls\",\n description: \"Allow TLS inbound traffic and all outbound traffic\",\n vpcId: main.id,\n tags: {\n Name: \"allow_tls\",\n },\n});\nconst allowTlsIpv4 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: main.cidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowTlsIpv6 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: main.ipv6CidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowAllTrafficIpv4 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: \"0.0.0.0/0\",\n ipProtocol: \"-1\",\n});\nconst allowAllTrafficIpv6 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: \"::/0\",\n ipProtocol: \"-1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nallow_tls = aws.ec2.SecurityGroup(\"allow_tls\",\n name=\"allow_tls\",\n description=\"Allow TLS inbound traffic and all outbound traffic\",\n vpc_id=main[\"id\"],\n tags={\n \"Name\": \"allow_tls\",\n })\nallow_tls_ipv4 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=main[\"cidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_tls_ipv6 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=main[\"ipv6CidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_all_traffic_ipv4 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=\"0.0.0.0/0\",\n ip_protocol=\"-1\")\nallow_all_traffic_ipv6 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=\"::/0\",\n ip_protocol=\"-1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allowTls = new Aws.Ec2.SecurityGroup(\"allow_tls\", new()\n {\n Name = \"allow_tls\",\n Description = \"Allow TLS inbound traffic and all outbound traffic\",\n VpcId = main.Id,\n Tags = \n {\n { \"Name\", \"allow_tls\" },\n },\n });\n\n var allowTlsIpv4 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = main.CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowTlsIpv6 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = main.Ipv6CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowAllTrafficIpv4 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = \"0.0.0.0/0\",\n IpProtocol = \"-1\",\n });\n\n var allowAllTrafficIpv6 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = \"::/0\",\n IpProtocol = \"-1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tallowTls, err := ec2.NewSecurityGroup(ctx, \"allow_tls\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"allow_tls\"),\n\t\t\tDescription: pulumi.String(\"Allow TLS inbound traffic and all outbound traffic\"),\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"allow_tls\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv4\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.Any(main.CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv6\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.Any(main.Ipv6CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv4\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv6\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.String(\"::/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRule;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRuleArgs;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRule;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allowTls = new SecurityGroup(\"allowTls\", SecurityGroupArgs.builder() \n .name(\"allow_tls\")\n .description(\"Allow TLS inbound traffic and all outbound traffic\")\n .vpcId(main.id())\n .tags(Map.of(\"Name\", \"allow_tls\"))\n .build());\n\n var allowTlsIpv4 = new SecurityGroupIngressRule(\"allowTlsIpv4\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(main.cidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowTlsIpv6 = new SecurityGroupIngressRule(\"allowTlsIpv6\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(main.ipv6CidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowAllTrafficIpv4 = new SecurityGroupEgressRule(\"allowAllTrafficIpv4\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(\"0.0.0.0/0\")\n .ipProtocol(\"-1\")\n .build());\n\n var allowAllTrafficIpv6 = new SecurityGroupEgressRule(\"allowAllTrafficIpv6\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(\"::/0\")\n .ipProtocol(\"-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowTls:\n type: aws:ec2:SecurityGroup\n name: allow_tls\n properties:\n name: allow_tls\n description: Allow TLS inbound traffic and all outbound traffic\n vpcId: ${main.id}\n tags:\n Name: allow_tls\n allowTlsIpv4:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: ${main.cidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowTlsIpv6:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ${main.ipv6CidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowAllTrafficIpv4:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: 0.0.0.0/0\n ipProtocol: '-1'\n allowAllTrafficIpv6:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ::/0\n ipProtocol: '-1'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, **this provider will remove this default rule**, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this `egress` block:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n ipv6CidrBlocks: [\"::/0\"],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n ipv6_cidr_blocks=[\"::/0\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Ipv6CidrBlocks = new[]\n {\n \"::/0\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .cidrBlocks(\"0.0.0.0/0\")\n .ipv6CidrBlocks(\"::/0\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n cidrBlocks:\n - 0.0.0.0/0\n ipv6CidrBlocks:\n - ::/0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nPrefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"my_endpoint\", {});\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_endpoint = aws.ec2.VpcEndpoint(\"my_endpoint\")\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"my_endpoint\");\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"my_endpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n name: my_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n\n### Removing All Ingress and Egress Rules\n\nThe `ingress` and `egress` arguments are processed in attributes-as-blocks mode. Due to this, removing these arguments from the configuration will **not** cause the provider to destroy the managed rules. To subsequently remove all managed ingress and egress rules:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n vpcId: exampleAwsVpc.id,\n ingress: [],\n egress: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n vpc_id=example_aws_vpc[\"id\"],\n ingress=[],\n egress=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n VpcId = exampleAwsVpc.Id,\n Ingress = new[] {},\n Egress = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"sg\")\n .vpcId(exampleAwsVpc.id())\n .ingress()\n .egress()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n vpcId: ${exampleAwsVpc.id}\n ingress: []\n egress: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Recreating a Security Group\n\nA simple security group `name` change \"forces new\" the security group--the provider destroys the security group and creates a new one. (Likewise, `description`, `name_prefix`, or `vpc_id` [cannot be changed](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#creating-security-group).) Attempting to recreate the security group leads to a variety of complications depending on how it is used.\n\nSecurity groups are generally associated with other resources--**more than 100** AWS Provider resources reference security groups. Referencing a resource from another resource creates a one-way dependency. For example, if you create an EC2 `aws.ec2.Instance` that has a `vpc_security_group_ids` argument that refers to an `aws.ec2.SecurityGroup` resource, the `aws.ec2.SecurityGroup` is a dependent of the `aws.ec2.Instance`. Because of this, the provider will create the security group first so that it can then be associated with the EC2 instance.\n\nHowever, the dependency relationship actually goes both directions causing the _Security Group Deletion Problem_. AWS does not allow you to delete the security group associated with another resource (_e.g._, the `aws.ec2.Instance`).\n\nThe provider does not model bi-directional dependencies like this, but, even if it did, simply knowing the dependency situation would not be enough to solve it. For example, some resources must always have an associated security group while others don't need to. In addition, when the `aws.ec2.SecurityGroup` resource attempts to recreate, it receives a dependent object error, which does not provide information on whether the dependent object is a security group rule or, for example, an associated EC2 instance. Within the provider, the associated resource (_e.g._, `aws.ec2.Instance`) does not receive an error when the `aws.ec2.SecurityGroup` is trying to recreate even though that is where changes to the associated resource would need to take place (_e.g._, removing the security group association).\n\nDespite these sticky problems, below are some ways to improve your experience when you find it necessary to recreate a security group.\n\n### `create_before_destroy`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nNormally, the provider first deletes the existing security group resource and then creates a new one. When a security group is associated with a resource, the delete won't succeed. You can invert the default behavior using the `create_before_destroy` meta argument:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"changeable-name\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"changeable-name\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"changeable-name\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"changeable-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"changeable-name\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: changeable-name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### `replace_triggered_by`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nTo replace a resource when a security group changes, use the `replace_triggered_by` meta argument. Note that in this example, the `aws.ec2.Instance` will be destroyed and created again when the `aws.ec2.SecurityGroup` changes.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"sg\"});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n instanceType: aws.ec2.InstanceType.T3_Small,\n vpcSecurityGroupIds: [test.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"sg\")\nexample_instance = aws.ec2.Instance(\"example\",\n instance_type=aws.ec2.InstanceType.T3_SMALL,\n vpc_security_group_ids=[test[\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n InstanceType = Aws.Ec2.InstanceType.T3_Small,\n VpcSecurityGroupIds = new[]\n {\n test.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T3_Small),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\ttest.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"sg\")\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .instanceType(\"t3.small\")\n .vpcSecurityGroupIds(test.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n instanceType: t3.small\n vpcSecurityGroupIds:\n - ${test.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Shorter timeout\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nIf destroying a security group takes a long time, it may be because the provider cannot distinguish between a dependent object (_e.g._, a security group rule or EC2 instance) that is _in the process of being deleted_ and one that is not. In other words, it may be waiting for a train that isn't scheduled to arrive. To fail faster, shorten the `delete` timeout from the default timeout:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"izizavle\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"izizavle\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"izizavle\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"izizavle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"izizavle\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: izizavle\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Provisioners\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\n**DISCLAIMER:** We **_HIGHLY_** recommend using one of the above approaches and _NOT_ using local provisioners. Provisioners, like the one shown below, should be considered a **last resort** since they are _not readable_, _require skills outside standard configuration_, are _error prone_ and _difficult to maintain_, are not compatible with cloud environments and upgrade tools, require AWS CLI installation, and are subject to changes outside the AWS Provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as _null from \"@pulumi/null\";\nimport * as aws from \"@pulumi/aws\";\nimport * as command from \"@pulumi/command\";\nimport * as std from \"@pulumi/std\";\n\nconst default = aws.ec2.getSecurityGroup({\n name: \"default\",\n});\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n tags: {\n workaround1: \"tagged-name\",\n workaround2: _default.then(_default =\u003e _default.id),\n },\n});\nconst exampleProvisioner0 = new command.local.Command(\"exampleProvisioner0\", {\n create: \"true\",\n update: \"true\",\n \"delete\": ` ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n`,\n}, {\n dependsOn: [example],\n});\nconst exampleResource = new _null.index.Resource(\"example\", {triggers: {\n rerunUponChangeOf: std.join({\n separator: \",\",\n input: exampleAwsVpcEndpoint.securityGroupIds,\n }).result,\n}});\nconst exampleResourceProvisioner0 = new command.local.Command(\"exampleResourceProvisioner0\", {create: ` aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${_default.id}\n`}, {\n dependsOn: [exampleResource],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_command as command\nimport pulumi_null as null\nimport pulumi_std as std\n\ndefault = aws.ec2.get_security_group(name=\"default\")\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n tags={\n \"workaround1\": \"tagged-name\",\n \"workaround2\": default.id,\n })\nexample_provisioner0 = command.local.Command(\"exampleProvisioner0\",\n create=true,\n update=true,\n delete=f ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values={tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.workaround2} --remove-security-group-ids {id}\n,\n opts=pulumi.ResourceOptions(depends_on=[example]))\nexample_resource = null.index.Resource(\"example\", triggers={\n rerunUponChangeOf: std.join(separator=,,\n input=example_aws_vpc_endpoint.security_group_ids).result,\n})\nexample_resource_provisioner0 = command.local.Command(\"exampleResourceProvisioner0\", create=f aws ec2 modify-vpc-endpoint --vpc-endpoint-id {example_aws_vpc_endpoint.id} --remove-security-group-ids {default.id}\n,\nopts=pulumi.ResourceOptions(depends_on=[example_resource]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Command = Pulumi.Command;\nusing Null = Pulumi.Null;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetSecurityGroup.Invoke(new()\n {\n Name = \"default\",\n });\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n Tags = \n {\n { \"workaround1\", \"tagged-name\" },\n { \"workaround2\", @default.Apply(@default =\u003e @default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)) },\n },\n });\n\n var exampleProvisioner0 = new Command.Local.Command(\"exampleProvisioner0\", new()\n {\n Create = \"true\",\n Update = \"true\",\n Delete = @$\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"\"Name=tag:Name,Values={tags.Workaround1}\"\" --query \"\"VpcEndpoints[0].VpcEndpointId\"\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.Workaround2} --remove-security-group-ids {id}\n\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n example,\n },\n });\n\n var exampleResource = new Null.Index.Resource(\"example\", new()\n {\n Triggers = \n {\n { \"rerunUponChangeOf\", Std.Join.Invoke(new()\n {\n Separator = \",\",\n Input = exampleAwsVpcEndpoint.SecurityGroupIds,\n }).Result },\n },\n });\n\n var exampleResourceProvisioner0 = new Command.Local.Command(\"exampleResourceProvisioner0\", new()\n {\n Create = @$\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id {exampleAwsVpcEndpoint.Id} --remove-security-group-ids {@default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)}\n\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleResource,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-command/sdk/v1/go/command/local\"\n\t\"github.com/pulumi/pulumi-null/sdk/v1/go/null\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_default, err := ec2.LookupSecurityGroup(ctx, \u0026ec2.LookupSecurityGroupArgs{\nName: pulumi.StringRef(\"default\"),\n}, nil);\nif err != nil {\nreturn err\n}\nexample, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\nName: pulumi.String(\"sg\"),\nTags: pulumi.StringMap{\n\"workaround1\": pulumi.String(\"tagged-name\"),\n\"workaround2\": pulumi.String(_default.Id),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = local.NewCommand(ctx, \"exampleProvisioner0\", \u0026local.CommandArgs{\nCreate: \"true\",\nUpdate: \"true\",\nDelete: fmt.Sprintf(\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \\\"Name=tag:Name,Values=%v\\\" --query \\\"VpcEndpoints[0].VpcEndpointId\\\" --output text` \u0026\u0026\\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %v --remove-security-group-ids %v\\n\", tags.Workaround1, tags.Workaround2, id),\n}, pulumi.DependsOn([]pulumi.Resource{\nexample,\n}))\nif err != nil {\nreturn err\n}\nexampleResource, err := index.NewResource(ctx, \"example\", \u0026index.ResourceArgs{\nTriggers: invokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\nSeparator: \",\",\nInput: exampleAwsVpcEndpoint.SecurityGroupIds,\n}, nil)\nif err != nil {\nreturn err\n}\nmap[string]interface{}{\n\"rerunUponChangeOf\": invokeJoin.Result,\n},\n})\nif err != nil {\nreturn err\n}\n_, err = local.NewCommand(ctx, \"exampleResourceProvisioner0\", \u0026local.CommandArgs{\nCreate: fmt.Sprintf(\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id %v --remove-security-group-ids %v\\n\", exampleAwsVpcEndpoint.Id, _default.Id),\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleResource,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.command.local.Command;\nimport com.pulumi.command.local.CommandArgs;\nimport com.pulumi.null.resource;\nimport com.pulumi.null.ResourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getSecurityGroup(GetSecurityGroupArgs.builder()\n .name(\"default\")\n .build());\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .name(\"sg\")\n .tags(Map.ofEntries(\n Map.entry(\"workaround1\", \"tagged-name\"),\n Map.entry(\"workaround2\", default_.id())\n ))\n .build());\n\n var exampleProvisioner0 = new Command(\"exampleProvisioner0\", CommandArgs.builder() \n .create(\"true\")\n .update(\"true\")\n .delete(\"\"\"\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=%s\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %s --remove-security-group-ids %s\n\", tags.workaround1(),tags.workaround2(),id))\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder() \n .triggers(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n var exampleResourceProvisioner0 = new Command(\"exampleResourceProvisioner0\", CommandArgs.builder() \n .create(\"\"\"\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id %s --remove-security-group-ids %s\n\", exampleAwsVpcEndpoint.id(),default_.id()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleResource)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n tags:\n workaround1: tagged-name\n workaround2: ${default.id}\n exampleProvisioner0:\n type: command:local:Command\n properties:\n create: 'true'\n update: 'true'\n delete: |2\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n options:\n dependson:\n - ${example}\n exampleResource:\n type: null:resource\n name: example\n properties:\n triggers:\n rerunUponChangeOf:\n fn::invoke:\n Function: std:join\n Arguments:\n separator: ','\n input: ${exampleAwsVpcEndpoint.securityGroupIds}\n Return: result\n exampleResourceProvisioner0:\n type: command:local:Command\n properties:\n create: |2\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${default.id}\n options:\n dependson:\n - ${exampleResource}\nvariables:\n default:\n fn::invoke:\n Function: aws:ec2:getSecurityGroup\n Arguments:\n name: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Security Groups using the security group `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8\n```\n", "properties": { "arn": { "type": "string", @@ -217027,7 +217027,7 @@ } }, "aws:ec2/securityGroupRule:SecurityGroupRule": { - "description": "Provides a security group rule resource. Represents a single `ingress` or\n`egress` group rule, which can be added to external Security Groups.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or\n`egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID.\nThe `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules.\nYou should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Setting `protocol = \"all\"` or `protocol = -1` with `from_port` and `to_port` will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n## Example Usage\n\nBasic usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroupRule(\"example\", {\n type: \"ingress\",\n fromPort: 0,\n toPort: 65535,\n protocol: \"tcp\",\n cidrBlocks: [exampleAwsVpc.cidrBlock],\n ipv6CidrBlocks: [exampleAwsVpc.ipv6CidrBlock],\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroupRule(\"example\",\n type=\"ingress\",\n from_port=0,\n to_port=65535,\n protocol=\"tcp\",\n cidr_blocks=[example_aws_vpc[\"cidrBlock\"]],\n ipv6_cidr_blocks=[example_aws_vpc[\"ipv6CidrBlock\"]],\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroupRule(\"example\", new()\n {\n Type = \"ingress\",\n FromPort = 0,\n ToPort = 65535,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n exampleAwsVpc.CidrBlock,\n },\n Ipv6CidrBlocks = new[]\n {\n exampleAwsVpc.Ipv6CidrBlock,\n },\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroupRule(ctx, \"example\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"ingress\"),\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tToPort: pulumi.Int(65535),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\texampleAwsVpc.CidrBlock,\n\t\t\t},\n\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\texampleAwsVpc.Ipv6CidrBlock,\n\t\t\t},\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroupRule(\"example\", SecurityGroupRuleArgs.builder() \n .type(\"ingress\")\n .fromPort(0)\n .toPort(65535)\n .protocol(\"tcp\")\n .cidrBlocks(exampleAwsVpc.cidrBlock())\n .ipv6CidrBlocks(exampleAwsVpc.ipv6CidrBlock())\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroupRule\n properties:\n type: ingress\n fromPort: 0\n toPort: 65535\n protocol: tcp\n cidrBlocks:\n - ${exampleAwsVpc.cidrBlock}\n ipv6CidrBlocks:\n - ${exampleAwsVpc.ipv6CidrBlock}\n securityGroupId: sg-123456\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nManaged Prefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\n\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"my_endpoint\", {});\nconst allowAll = new aws.ec2.SecurityGroupRule(\"allow_all\", {\n type: \"egress\",\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n fromPort: 0,\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nmy_endpoint = aws.ec2.VpcEndpoint(\"my_endpoint\")\nallow_all = aws.ec2.SecurityGroupRule(\"allow_all\",\n type=\"egress\",\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n from_port=0,\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"my_endpoint\");\n\n var allowAll = new Aws.Ec2.SecurityGroupRule(\"allow_all\", new()\n {\n Type = \"egress\",\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n FromPort = 0,\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"my_endpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"allow_all\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tToPort: pulumi.Int(0),\n\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t},\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var allowAll = new SecurityGroupRule(\"allowAll\", SecurityGroupRuleArgs.builder() \n .type(\"egress\")\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .fromPort(0)\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowAll:\n type: aws:ec2:SecurityGroupRule\n name: allow_all\n properties:\n type: egress\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n fromPort: 0\n securityGroupId: sg-123456\n # ...\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n name: my_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList`\nor `ec2_managed_prefix_list` data sources:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst s3 = current.then(current =\u003e aws.ec2.getPrefixList({\n name: `com.amazonaws.${current.name}.s3`,\n}));\nconst s3GatewayEgress = new aws.ec2.SecurityGroupRule(\"s3_gateway_egress\", {\n description: \"S3 Gateway Egress\",\n type: \"egress\",\n securityGroupId: \"sg-123456\",\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n prefixListIds: [s3.then(s3 =\u003e s3.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\ns3 = aws.ec2.get_prefix_list(name=f\"com.amazonaws.{current.name}.s3\")\ns3_gateway_egress = aws.ec2.SecurityGroupRule(\"s3_gateway_egress\",\n description=\"S3 Gateway Egress\",\n type=\"egress\",\n security_group_id=\"sg-123456\",\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n prefix_list_ids=[s3.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var s3 = Aws.Ec2.GetPrefixList.Invoke(new()\n {\n Name = $\"com.amazonaws.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.s3\",\n });\n\n var s3GatewayEgress = new Aws.Ec2.SecurityGroupRule(\"s3_gateway_egress\", new()\n {\n Description = \"S3 Gateway Egress\",\n Type = \"egress\",\n SecurityGroupId = \"sg-123456\",\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n PrefixListIds = new[]\n {\n s3.Apply(getPrefixListResult =\u003e getPrefixListResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3, err := ec2.GetPrefixList(ctx, \u0026ec2.GetPrefixListArgs{\n\t\t\tName: pulumi.StringRef(fmt.Sprintf(\"com.amazonaws.%v.s3\", current.Name)),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"s3_gateway_egress\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tDescription: pulumi.String(\"S3 Gateway Egress\"),\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tToPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t*pulumi.String(s3.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetPrefixListArgs;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var s3 = Ec2Functions.getPrefixList(GetPrefixListArgs.builder()\n .name(String.format(\"com.amazonaws.%s.s3\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .build());\n\n var s3GatewayEgress = new SecurityGroupRule(\"s3GatewayEgress\", SecurityGroupRuleArgs.builder() \n .description(\"S3 Gateway Egress\")\n .type(\"egress\")\n .securityGroupId(\"sg-123456\")\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .prefixListIds(s3.applyValue(getPrefixListResult -\u003e getPrefixListResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3GatewayEgress:\n type: aws:ec2:SecurityGroupRule\n name: s3_gateway_egress\n properties:\n description: S3 Gateway Egress\n type: egress\n securityGroupId: sg-123456\n fromPort: 443\n toPort: 443\n protocol: tcp\n prefixListIds:\n - ${s3.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n s3:\n fn::invoke:\n Function: aws:ec2:getPrefixList\n Arguments:\n name: com.amazonaws.${current.name}.s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImport a rule with various IPv4 and IPv6 source CIDR blocks:\n\nImport a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\nImport a default any/any egress rule to 0.0.0.0/0:\n\nImport an egress rule with a prefix list ID destination:\n\nImport a rule applicable to all protocols and ports with a security group source:\n\nImport a rule that has itself and an IPv6 CIDR block as sources:\n\n__Using `pulumi import` to import__ Security Group Rules using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (such as a `cidr_block`) separated by underscores (`_`). All parts are required. For example:\n\n__NOTE:__ Not all rule permissions (e.g., not all of a rule's CIDR blocks) need to be imported for this provider to manage rule permissions. However, importing some of a rule's permissions but not others, and then making changes to the rule will result in the creation of an additional rule to capture the updated permissions. Rule permissions that were not imported are left intact in the original rule.\n\nImport an ingress rule in security group `sg-6e616f6d69` for TCP port 8000 with an IPv4 destination CIDR of `10.0.3.0/24`:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6e616f6d69_ingress_tcp_8000_8000_10.0.3.0/24\n```\nImport a rule with various IPv4 and IPv6 source CIDR blocks:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-4973616163_ingress_tcp_100_121_10.1.0.0/16_2001:db8::/48_10.2.0.0/16_2002:db8::/48\n```\nImport a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6777656e646f6c796e_ingress_92_0_65536_10.0.3.0/24_10.0.4.0/24\n```\nImport a default any/any egress rule to 0.0.0.0/0:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule default_egress sg-6777656e646f6c796e_egress_all_0_0_0.0.0.0/0\n```\nImport an egress rule with a prefix list ID destination:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule egress sg-62726f6479_egress_tcp_8000_8000_pl-6469726b\n```\nImport a rule applicable to all protocols and ports with a security group source:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress_rule sg-7472697374616e_ingress_all_0_65536_sg-6176657279\n```\nImport a rule that has itself and an IPv6 CIDR block as sources:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule rule_name sg-656c65616e6f72_ingress_tcp_80_80_self_2001:db8::/48\n```\n", + "description": "Provides a security group rule resource. Represents a single `ingress` or\n`egress` group rule, which can be added to external Security Groups.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or\n`egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID.\nThe `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules.\nYou should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Setting `protocol = \"all\"` or `protocol = -1` with `from_port` and `to_port` will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n## Example Usage\n\nBasic usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroupRule(\"example\", {\n type: \"ingress\",\n fromPort: 0,\n toPort: 65535,\n protocol: aws.ec2.ProtocolType.TCP,\n cidrBlocks: [exampleAwsVpc.cidrBlock],\n ipv6CidrBlocks: [exampleAwsVpc.ipv6CidrBlock],\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroupRule(\"example\",\n type=\"ingress\",\n from_port=0,\n to_port=65535,\n protocol=aws.ec2.ProtocolType.TCP,\n cidr_blocks=[example_aws_vpc[\"cidrBlock\"]],\n ipv6_cidr_blocks=[example_aws_vpc[\"ipv6CidrBlock\"]],\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroupRule(\"example\", new()\n {\n Type = \"ingress\",\n FromPort = 0,\n ToPort = 65535,\n Protocol = Aws.Ec2.ProtocolType.TCP,\n CidrBlocks = new[]\n {\n exampleAwsVpc.CidrBlock,\n },\n Ipv6CidrBlocks = new[]\n {\n exampleAwsVpc.Ipv6CidrBlock,\n },\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroupRule(ctx, \"example\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"ingress\"),\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tToPort: pulumi.Int(65535),\n\t\t\tProtocol: pulumi.String(ec2.ProtocolTypeTCP),\n\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\texampleAwsVpc.CidrBlock,\n\t\t\t},\n\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\texampleAwsVpc.Ipv6CidrBlock,\n\t\t\t},\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroupRule(\"example\", SecurityGroupRuleArgs.builder() \n .type(\"ingress\")\n .fromPort(0)\n .toPort(65535)\n .protocol(\"tcp\")\n .cidrBlocks(exampleAwsVpc.cidrBlock())\n .ipv6CidrBlocks(exampleAwsVpc.ipv6CidrBlock())\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroupRule\n properties:\n type: ingress\n fromPort: 0\n toPort: 65535\n protocol: tcp\n cidrBlocks:\n - ${exampleAwsVpc.cidrBlock}\n ipv6CidrBlocks:\n - ${exampleAwsVpc.ipv6CidrBlock}\n securityGroupId: sg-123456\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nManaged Prefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\n\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"my_endpoint\", {});\nconst allowAll = new aws.ec2.SecurityGroupRule(\"allow_all\", {\n type: \"egress\",\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n fromPort: 0,\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nmy_endpoint = aws.ec2.VpcEndpoint(\"my_endpoint\")\nallow_all = aws.ec2.SecurityGroupRule(\"allow_all\",\n type=\"egress\",\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n from_port=0,\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"my_endpoint\");\n\n var allowAll = new Aws.Ec2.SecurityGroupRule(\"allow_all\", new()\n {\n Type = \"egress\",\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n FromPort = 0,\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"my_endpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"allow_all\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tToPort: pulumi.Int(0),\n\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t},\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var allowAll = new SecurityGroupRule(\"allowAll\", SecurityGroupRuleArgs.builder() \n .type(\"egress\")\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .fromPort(0)\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowAll:\n type: aws:ec2:SecurityGroupRule\n name: allow_all\n properties:\n type: egress\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n fromPort: 0\n securityGroupId: sg-123456\n # ...\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n name: my_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList`\nor `ec2_managed_prefix_list` data sources:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst s3 = current.then(current =\u003e aws.ec2.getPrefixList({\n name: `com.amazonaws.${current.name}.s3`,\n}));\nconst s3GatewayEgress = new aws.ec2.SecurityGroupRule(\"s3_gateway_egress\", {\n description: \"S3 Gateway Egress\",\n type: \"egress\",\n securityGroupId: \"sg-123456\",\n fromPort: 443,\n toPort: 443,\n protocol: aws.ec2.ProtocolType.TCP,\n prefixListIds: [s3.then(s3 =\u003e s3.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\ns3 = aws.ec2.get_prefix_list(name=f\"com.amazonaws.{current.name}.s3\")\ns3_gateway_egress = aws.ec2.SecurityGroupRule(\"s3_gateway_egress\",\n description=\"S3 Gateway Egress\",\n type=\"egress\",\n security_group_id=\"sg-123456\",\n from_port=443,\n to_port=443,\n protocol=aws.ec2.ProtocolType.TCP,\n prefix_list_ids=[s3.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var s3 = Aws.Ec2.GetPrefixList.Invoke(new()\n {\n Name = $\"com.amazonaws.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.s3\",\n });\n\n var s3GatewayEgress = new Aws.Ec2.SecurityGroupRule(\"s3_gateway_egress\", new()\n {\n Description = \"S3 Gateway Egress\",\n Type = \"egress\",\n SecurityGroupId = \"sg-123456\",\n FromPort = 443,\n ToPort = 443,\n Protocol = Aws.Ec2.ProtocolType.TCP,\n PrefixListIds = new[]\n {\n s3.Apply(getPrefixListResult =\u003e getPrefixListResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3, err := ec2.GetPrefixList(ctx, \u0026ec2.GetPrefixListArgs{\n\t\t\tName: pulumi.StringRef(fmt.Sprintf(\"com.amazonaws.%v.s3\", current.Name)),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"s3_gateway_egress\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tDescription: pulumi.String(\"S3 Gateway Egress\"),\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tToPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(ec2.ProtocolTypeTCP),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(s3.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetPrefixListArgs;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var s3 = Ec2Functions.getPrefixList(GetPrefixListArgs.builder()\n .name(String.format(\"com.amazonaws.%s.s3\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .build());\n\n var s3GatewayEgress = new SecurityGroupRule(\"s3GatewayEgress\", SecurityGroupRuleArgs.builder() \n .description(\"S3 Gateway Egress\")\n .type(\"egress\")\n .securityGroupId(\"sg-123456\")\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .prefixListIds(s3.applyValue(getPrefixListResult -\u003e getPrefixListResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3GatewayEgress:\n type: aws:ec2:SecurityGroupRule\n name: s3_gateway_egress\n properties:\n description: S3 Gateway Egress\n type: egress\n securityGroupId: sg-123456\n fromPort: 443\n toPort: 443\n protocol: tcp\n prefixListIds:\n - ${s3.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n s3:\n fn::invoke:\n Function: aws:ec2:getPrefixList\n Arguments:\n name: com.amazonaws.${current.name}.s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nImport a rule with various IPv4 and IPv6 source CIDR blocks:\n\nImport a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\nImport a default any/any egress rule to 0.0.0.0/0:\n\nImport an egress rule with a prefix list ID destination:\n\nImport a rule applicable to all protocols and ports with a security group source:\n\nImport a rule that has itself and an IPv6 CIDR block as sources:\n\n__Using `pulumi import` to import__ Security Group Rules using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (such as a `cidr_block`) separated by underscores (`_`). All parts are required. For example:\n\n__NOTE:__ Not all rule permissions (e.g., not all of a rule's CIDR blocks) need to be imported for this provider to manage rule permissions. However, importing some of a rule's permissions but not others, and then making changes to the rule will result in the creation of an additional rule to capture the updated permissions. Rule permissions that were not imported are left intact in the original rule.\n\nImport an ingress rule in security group `sg-6e616f6d69` for TCP port 8000 with an IPv4 destination CIDR of `10.0.3.0/24`:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6e616f6d69_ingress_tcp_8000_8000_10.0.3.0/24\n```\nImport a rule with various IPv4 and IPv6 source CIDR blocks:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-4973616163_ingress_tcp_100_121_10.1.0.0/16_2001:db8::/48_10.2.0.0/16_2002:db8::/48\n```\nImport a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6777656e646f6c796e_ingress_92_0_65536_10.0.3.0/24_10.0.4.0/24\n```\nImport a default any/any egress rule to 0.0.0.0/0:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule default_egress sg-6777656e646f6c796e_egress_all_0_0_0.0.0.0/0\n```\nImport an egress rule with a prefix list ID destination:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule egress sg-62726f6479_egress_tcp_8000_8000_pl-6469726b\n```\nImport a rule applicable to all protocols and ports with a security group source:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress_rule sg-7472697374616e_ingress_all_0_65536_sg-6176657279\n```\nImport a rule that has itself and an IPv6 CIDR block as sources:\n\n```sh\n$ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule rule_name sg-656c65616e6f72_ingress_tcp_80_80_self_2001:db8::/48\n```\n", "properties": { "cidrBlocks": { "type": "array", @@ -217382,7 +217382,7 @@ } }, "aws:ec2/spotFleetRequest:SpotFleetRequest": { - "description": "Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot\ninstances to be requested on the Spot market.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Fleet or Auto Scaling Group resources instead.\n\n## Example Usage\n\n### Using launch specifications\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a Spot fleet\nconst cheapCompute = new aws.ec2.SpotFleetRequest(\"cheap_compute\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.03\",\n allocationStrategy: \"diversified\",\n targetCapacity: 6,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m4.10xlarge\",\n ami: \"ami-1234\",\n spotPrice: \"2.793\",\n placementTenancy: \"dedicated\",\n iamInstanceProfileArn: example.arn,\n },\n {\n instanceType: \"m4.4xlarge\",\n ami: \"ami-5678\",\n keyName: \"my-key\",\n spotPrice: \"1.117\",\n iamInstanceProfileArn: example.arn,\n availabilityZone: \"us-west-1a\",\n subnetId: \"subnet-1234\",\n weightedCapacity: \"35\",\n rootBlockDevices: [{\n volumeSize: 300,\n volumeType: \"gp2\",\n }],\n tags: {\n Name: \"spot-fleet-example\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a Spot fleet\ncheap_compute = aws.ec2.SpotFleetRequest(\"cheap_compute\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.03\",\n allocation_strategy=\"diversified\",\n target_capacity=6,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.10xlarge\",\n ami=\"ami-1234\",\n spot_price=\"2.793\",\n placement_tenancy=\"dedicated\",\n iam_instance_profile_arn=example[\"arn\"],\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.4xlarge\",\n ami=\"ami-5678\",\n key_name=\"my-key\",\n spot_price=\"1.117\",\n iam_instance_profile_arn=example[\"arn\"],\n availability_zone=\"us-west-1a\",\n subnet_id=\"subnet-1234\",\n weighted_capacity=\"35\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=300,\n volume_type=\"gp2\",\n )],\n tags={\n \"Name\": \"spot-fleet-example\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a Spot fleet\n var cheapCompute = new Aws.Ec2.SpotFleetRequest(\"cheap_compute\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.03\",\n AllocationStrategy = \"diversified\",\n TargetCapacity = 6,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.10xlarge\",\n Ami = \"ami-1234\",\n SpotPrice = \"2.793\",\n PlacementTenancy = \"dedicated\",\n IamInstanceProfileArn = example.Arn,\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.4xlarge\",\n Ami = \"ami-5678\",\n KeyName = \"my-key\",\n SpotPrice = \"1.117\",\n IamInstanceProfileArn = example.Arn,\n AvailabilityZone = \"us-west-1a\",\n SubnetId = \"subnet-1234\",\n WeightedCapacity = \"35\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 300,\n VolumeType = \"gp2\",\n },\n },\n Tags = \n {\n { \"Name\", \"spot-fleet-example\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Request a Spot fleet\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"cheap_compute\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tAllocationStrategy: pulumi.String(\"diversified\"),\n\t\t\tTargetCapacity: pulumi.Int(6),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.10xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"2.793\"),\n\t\t\t\t\tPlacementTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(example.Arn),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.4xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-5678\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"1.117\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(example.Arn),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\t\t\tSubnetId: pulumi.String(\"subnet-1234\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"35\"),\n\t\t\t\t\tRootBlockDevices: ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArray{\n\t\t\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs{\n\t\t\t\t\t\t\tVolumeSize: pulumi.Int(300),\n\t\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"Name\": pulumi.String(\"spot-fleet-example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapCompute = new SpotFleetRequest(\"cheapCompute\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.03\")\n .allocationStrategy(\"diversified\")\n .targetCapacity(6)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.10xlarge\")\n .ami(\"ami-1234\")\n .spotPrice(\"2.793\")\n .placementTenancy(\"dedicated\")\n .iamInstanceProfileArn(example.arn())\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.4xlarge\")\n .ami(\"ami-5678\")\n .keyName(\"my-key\")\n .spotPrice(\"1.117\")\n .iamInstanceProfileArn(example.arn())\n .availabilityZone(\"us-west-1a\")\n .subnetId(\"subnet-1234\")\n .weightedCapacity(35)\n .rootBlockDevices(SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs.builder()\n .volumeSize(\"300\")\n .volumeType(\"gp2\")\n .build())\n .tags(Map.of(\"Name\", \"spot-fleet-example\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a Spot fleet\n cheapCompute:\n type: aws:ec2:SpotFleetRequest\n name: cheap_compute\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.03'\n allocationStrategy: diversified\n targetCapacity: 6\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m4.10xlarge\n ami: ami-1234\n spotPrice: '2.793'\n placementTenancy: dedicated\n iamInstanceProfileArn: ${example.arn}\n - instanceType: m4.4xlarge\n ami: ami-5678\n keyName: my-key\n spotPrice: '1.117'\n iamInstanceProfileArn: ${example.arn}\n availabilityZone: us-west-1a\n subnetId: subnet-1234\n weightedCapacity: 35\n rootBlockDevices:\n - volumeSize: '300'\n volumeType: gp2\n tags:\n Name: spot-fleet-example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using launch templates\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.LaunchTemplate(\"foo\", {\n name: \"launch-template\",\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: foo.id,\n version: foo.latestVersion,\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.LaunchTemplate(\"foo\",\n name=\"launch-template\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo.id,\n version=foo.latest_version,\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.LaunchTemplate(\"foo\", new()\n {\n Name = \"launch-template\",\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = foo.Id,\n Version = foo.LatestVersion,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.NewLaunchTemplate(ctx, \"foo\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tName: pulumi.String(\"launch-template\"),\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: foo.ID(),\n\t\t\t\t\t\tVersion: foo.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new LaunchTemplate(\"foo\", LaunchTemplateArgs.builder() \n .name(\"launch-template\")\n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(foo.id())\n .version(foo.latestVersion())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:LaunchTemplate\n properties:\n name: launch-template\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n name: foo\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${foo.id}\n version: ${foo.latestVersion}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **NOTE:** This provider does not support the functionality where multiple `subnet_id` or `availability_zone` parameters can be specified in the same\nlaunch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used or launch template overrides should be configured, one per subnet:\n\n### Using multiple launch specifications\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m1.small\",\n ami: \"ami-d06a90b0\",\n keyName: \"my-key\",\n availabilityZone: \"us-west-2a\",\n },\n {\n instanceType: \"m5.large\",\n ami: \"ami-d06a90b0\",\n keyName: \"my-key\",\n availabilityZone: \"us-west-2a\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m1.small\",\n ami=\"ami-d06a90b0\",\n key_name=\"my-key\",\n availability_zone=\"us-west-2a\",\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m5.large\",\n ami=\"ami-d06a90b0\",\n key_name=\"my-key\",\n availability_zone=\"us-west-2a\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m1.small\",\n Ami = \"ami-d06a90b0\",\n KeyName = \"my-key\",\n AvailabilityZone = \"us-west-2a\",\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m5.large\",\n Ami = \"ami-d06a90b0\",\n KeyName = \"my-key\",\n AvailabilityZone = \"us-west-2a\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new SpotFleetRequest(\"foo\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m1.small\")\n .ami(\"ami-d06a90b0\")\n .keyName(\"my-key\")\n .availabilityZone(\"us-west-2a\")\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m5.large\")\n .ami(\"ami-d06a90b0\")\n .keyName(\"my-key\")\n .availabilityZone(\"us-west-2a\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m1.small\n ami: ami-d06a90b0\n keyName: my-key\n availabilityZone: us-west-2a\n - instanceType: m5.large\n ami: ami-d06a90b0\n keyName: my-key\n availabilityZone: us-west-2a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e In this example, we use a `dynamic` block to define zero or more `launch_specification` blocks, producing one for each element in the list of subnet ids.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnets = config.requireObject(\"subnets\");\nconst example = new aws.ec2.SpotFleetRequest(\"example\", {\n launchSpecifications: .map(s =\u003e ({\n subnetId: s[1],\n })).map((v, k) =\u003e ({key: k, value: v})).map(entry =\u003e ({\n ami: \"ami-1234\",\n instanceType: \"m4.4xlarge\",\n subnetId: entry.value.subnetId,\n vpcSecurityGroupIds: \"sg-123456\",\n rootBlockDevices: [{\n volumeSize: 8,\n volumeType: \"gp2\",\n deleteOnTermination: true,\n }],\n tags: {\n Name: \"Spot Node\",\n tag_builder: \"builder\",\n },\n })),\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n targetCapacity: 3,\n validUntil: \"2019-11-04T20:44:20Z\",\n allocationStrategy: \"lowestPrice\",\n fleetType: \"request\",\n waitForFulfillment: true,\n terminateInstancesWithExpiration: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnets = config.require_object(\"subnets\")\nexample = aws.ec2.SpotFleetRequest(\"example\",\n launch_specifications=[aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-1234\",\n instance_type=\"m4.4xlarge\",\n subnet_id=entry[\"value\"][\"subnetId\"],\n vpc_security_group_ids=\"sg-123456\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=8,\n volume_type=\"gp2\",\n delete_on_termination=True,\n )],\n tags={\n \"Name\": \"Spot Node\",\n \"tag_builder\": \"builder\",\n },\n ) for entry in [{\"key\": k, \"value\": v} for k, v in [{\n \"subnetId\": s[1],\n } for s in subnets]]],\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n target_capacity=3,\n valid_until=\"2019-11-04T20:44:20Z\",\n allocation_strategy=\"lowestPrice\",\n fleet_type=\"request\",\n wait_for_fulfillment=True,\n terminate_instances_with_expiration=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnets = config.RequireObject\u003cdynamic\u003e(\"subnets\");\n var example = new Aws.Ec2.SpotFleetRequest(\"example\", new()\n {\n LaunchSpecifications = .Select(s =\u003e \n {\n return \n {\n { \"subnetId\", s[1] },\n };\n }).ToList().Select((v, k) =\u003e new { Key = k, Value = v }).Select(entry =\u003e \n {\n return new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-1234\",\n InstanceType = \"m4.4xlarge\",\n SubnetId = entry.Value.SubnetId,\n VpcSecurityGroupIds = \"sg-123456\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 8,\n VolumeType = \"gp2\",\n DeleteOnTermination = true,\n },\n },\n Tags = \n {\n { \"Name\", \"Spot Node\" },\n { \"tag_builder\", \"builder\" },\n },\n };\n }).ToList(),\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n TargetCapacity = 3,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n AllocationStrategy = \"lowestPrice\",\n FleetType = \"request\",\n WaitForFulfillment = true,\n TerminateInstancesWithExpiration = true,\n });\n\n});\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using multiple launch configurations\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [vpcId],\n }],\n});\nconst foo = new aws.ec2.LaunchTemplate(\"foo\", {\n name: \"launch-template\",\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: foo.id,\n version: foo.latestVersion,\n },\n overrides: [\n {\n subnetId: example.then(example =\u003e example.ids?.[0]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[1]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[2]),\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[vpc_id],\n)])\nfoo = aws.ec2.LaunchTemplate(\"foo\",\n name=\"launch-template\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo.id,\n version=foo.latest_version,\n ),\n overrides=[\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[0],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[1],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[2],\n ),\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n vpcId,\n },\n },\n },\n });\n\n var foo = new Aws.Ec2.LaunchTemplate(\"foo\", new()\n {\n Name = \"launch-template\",\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = foo.Id,\n Version = foo.LatestVersion,\n },\n Overrides = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[2]),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nvpcId,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nfoo, err := ec2.NewLaunchTemplate(ctx, \"foo\", \u0026ec2.LaunchTemplateArgs{\nName: pulumi.String(\"launch-template\"),\nImageId: pulumi.String(\"ami-516b9131\"),\nInstanceType: pulumi.String(\"m1.small\"),\nKeyName: pulumi.String(\"some-key\"),\n})\nif err != nil {\nreturn err\n}\n_, err = ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\nIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\nSpotPrice: pulumi.String(\"0.005\"),\nTargetCapacity: pulumi.Int(2),\nValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\nLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\nLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\nId: foo.ID(),\nVersion: foo.LatestVersion,\n},\nOverrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[0]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[1]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[2]),\n},\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(vpcId)\n .build())\n .build());\n\n var foo = new LaunchTemplate(\"foo\", LaunchTemplateArgs.builder() \n .name(\"launch-template\")\n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(foo.id())\n .version(foo.latestVersion())\n .build())\n .overrides( \n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[2]))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:LaunchTemplate\n properties:\n name: launch-template\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n name: foo\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${foo.id}\n version: ${foo.latestVersion}\n overrides:\n - subnetId: ${example.ids[0]}\n - subnetId: ${example.ids[1]}\n - subnetId: ${example.ids[2]}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${vpcId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Spot Fleet Requests using `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/spotFleetRequest:SpotFleetRequest fleet sfr-005e9ec8-5546-4c31-b317-31a62325411e\n```\n", + "description": "Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot\ninstances to be requested on the Spot market.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Fleet or Auto Scaling Group resources instead.\n\n## Example Usage\n\n### Using launch specifications\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a Spot fleet\nconst cheapCompute = new aws.ec2.SpotFleetRequest(\"cheap_compute\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.03\",\n allocationStrategy: \"diversified\",\n targetCapacity: 6,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m4.10xlarge\",\n ami: \"ami-1234\",\n spotPrice: \"2.793\",\n placementTenancy: \"dedicated\",\n iamInstanceProfileArn: example.arn,\n },\n {\n instanceType: \"m4.4xlarge\",\n ami: \"ami-5678\",\n keyName: \"my-key\",\n spotPrice: \"1.117\",\n iamInstanceProfileArn: example.arn,\n availabilityZone: \"us-west-1a\",\n subnetId: \"subnet-1234\",\n weightedCapacity: \"35\",\n rootBlockDevices: [{\n volumeSize: 300,\n volumeType: \"gp2\",\n }],\n tags: {\n Name: \"spot-fleet-example\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a Spot fleet\ncheap_compute = aws.ec2.SpotFleetRequest(\"cheap_compute\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.03\",\n allocation_strategy=\"diversified\",\n target_capacity=6,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.10xlarge\",\n ami=\"ami-1234\",\n spot_price=\"2.793\",\n placement_tenancy=\"dedicated\",\n iam_instance_profile_arn=example[\"arn\"],\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.4xlarge\",\n ami=\"ami-5678\",\n key_name=\"my-key\",\n spot_price=\"1.117\",\n iam_instance_profile_arn=example[\"arn\"],\n availability_zone=\"us-west-1a\",\n subnet_id=\"subnet-1234\",\n weighted_capacity=\"35\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=300,\n volume_type=\"gp2\",\n )],\n tags={\n \"Name\": \"spot-fleet-example\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a Spot fleet\n var cheapCompute = new Aws.Ec2.SpotFleetRequest(\"cheap_compute\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.03\",\n AllocationStrategy = \"diversified\",\n TargetCapacity = 6,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.10xlarge\",\n Ami = \"ami-1234\",\n SpotPrice = \"2.793\",\n PlacementTenancy = \"dedicated\",\n IamInstanceProfileArn = example.Arn,\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.4xlarge\",\n Ami = \"ami-5678\",\n KeyName = \"my-key\",\n SpotPrice = \"1.117\",\n IamInstanceProfileArn = example.Arn,\n AvailabilityZone = \"us-west-1a\",\n SubnetId = \"subnet-1234\",\n WeightedCapacity = \"35\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 300,\n VolumeType = \"gp2\",\n },\n },\n Tags = \n {\n { \"Name\", \"spot-fleet-example\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Request a Spot fleet\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"cheap_compute\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tAllocationStrategy: pulumi.String(\"diversified\"),\n\t\t\tTargetCapacity: pulumi.Int(6),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.10xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"2.793\"),\n\t\t\t\t\tPlacementTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(example.Arn),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.4xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-5678\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"1.117\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(example.Arn),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\t\t\tSubnetId: pulumi.String(\"subnet-1234\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"35\"),\n\t\t\t\t\tRootBlockDevices: ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArray{\n\t\t\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs{\n\t\t\t\t\t\t\tVolumeSize: pulumi.Int(300),\n\t\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"Name\": pulumi.String(\"spot-fleet-example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapCompute = new SpotFleetRequest(\"cheapCompute\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.03\")\n .allocationStrategy(\"diversified\")\n .targetCapacity(6)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.10xlarge\")\n .ami(\"ami-1234\")\n .spotPrice(\"2.793\")\n .placementTenancy(\"dedicated\")\n .iamInstanceProfileArn(example.arn())\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.4xlarge\")\n .ami(\"ami-5678\")\n .keyName(\"my-key\")\n .spotPrice(\"1.117\")\n .iamInstanceProfileArn(example.arn())\n .availabilityZone(\"us-west-1a\")\n .subnetId(\"subnet-1234\")\n .weightedCapacity(35)\n .rootBlockDevices(SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs.builder()\n .volumeSize(\"300\")\n .volumeType(\"gp2\")\n .build())\n .tags(Map.of(\"Name\", \"spot-fleet-example\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a Spot fleet\n cheapCompute:\n type: aws:ec2:SpotFleetRequest\n name: cheap_compute\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.03'\n allocationStrategy: diversified\n targetCapacity: 6\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m4.10xlarge\n ami: ami-1234\n spotPrice: '2.793'\n placementTenancy: dedicated\n iamInstanceProfileArn: ${example.arn}\n - instanceType: m4.4xlarge\n ami: ami-5678\n keyName: my-key\n spotPrice: '1.117'\n iamInstanceProfileArn: ${example.arn}\n availabilityZone: us-west-1a\n subnetId: subnet-1234\n weightedCapacity: 35\n rootBlockDevices:\n - volumeSize: '300'\n volumeType: gp2\n tags:\n Name: spot-fleet-example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using launch templates\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.LaunchTemplate(\"foo\", {\n name: \"launch-template\",\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: foo.id,\n version: foo.latestVersion,\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.LaunchTemplate(\"foo\",\n name=\"launch-template\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo.id,\n version=foo.latest_version,\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.LaunchTemplate(\"foo\", new()\n {\n Name = \"launch-template\",\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = foo.Id,\n Version = foo.LatestVersion,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.NewLaunchTemplate(ctx, \"foo\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tName: pulumi.String(\"launch-template\"),\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: foo.ID(),\n\t\t\t\t\t\tVersion: foo.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new LaunchTemplate(\"foo\", LaunchTemplateArgs.builder() \n .name(\"launch-template\")\n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(foo.id())\n .version(foo.latestVersion())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:LaunchTemplate\n properties:\n name: launch-template\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n name: foo\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${foo.id}\n version: ${foo.latestVersion}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **NOTE:** This provider does not support the functionality where multiple `subnet_id` or `availability_zone` parameters can be specified in the same\nlaunch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used or launch template overrides should be configured, one per subnet:\n\n### Using multiple launch specifications\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m1.small\",\n ami: \"ami-d06a90b0\",\n keyName: \"my-key\",\n availabilityZone: \"us-west-2a\",\n },\n {\n instanceType: \"m5.large\",\n ami: \"ami-d06a90b0\",\n keyName: \"my-key\",\n availabilityZone: \"us-west-2a\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m1.small\",\n ami=\"ami-d06a90b0\",\n key_name=\"my-key\",\n availability_zone=\"us-west-2a\",\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m5.large\",\n ami=\"ami-d06a90b0\",\n key_name=\"my-key\",\n availability_zone=\"us-west-2a\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m1.small\",\n Ami = \"ami-d06a90b0\",\n KeyName = \"my-key\",\n AvailabilityZone = \"us-west-2a\",\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m5.large\",\n Ami = \"ami-d06a90b0\",\n KeyName = \"my-key\",\n AvailabilityZone = \"us-west-2a\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new SpotFleetRequest(\"foo\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m1.small\")\n .ami(\"ami-d06a90b0\")\n .keyName(\"my-key\")\n .availabilityZone(\"us-west-2a\")\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m5.large\")\n .ami(\"ami-d06a90b0\")\n .keyName(\"my-key\")\n .availabilityZone(\"us-west-2a\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m1.small\n ami: ami-d06a90b0\n keyName: my-key\n availabilityZone: us-west-2a\n - instanceType: m5.large\n ami: ami-d06a90b0\n keyName: my-key\n availabilityZone: us-west-2a\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e In this example, we use a `dynamic` block to define zero or more `launch_specification` blocks, producing one for each element in the list of subnet ids.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnets = config.requireObject(\"subnets\");\nconst example = new aws.ec2.SpotFleetRequest(\"example\", {\n launchSpecifications: .map(s =\u003e ({\n subnetId: s[1],\n })).map((v, k) =\u003e ({key: k, value: v})).map(entry =\u003e ({\n ami: \"ami-1234\",\n instanceType: \"m4.4xlarge\",\n subnetId: entry.value.subnetId,\n vpcSecurityGroupIds: \"sg-123456\",\n rootBlockDevices: [{\n volumeSize: 8,\n volumeType: \"gp2\",\n deleteOnTermination: true,\n }],\n tags: {\n Name: \"Spot Node\",\n tag_builder: \"builder\",\n },\n })),\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n targetCapacity: 3,\n validUntil: \"2019-11-04T20:44:20Z\",\n allocationStrategy: \"lowestPrice\",\n fleetType: \"request\",\n waitForFulfillment: true,\n terminateInstancesWithExpiration: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnets = config.require_object(\"subnets\")\nexample = aws.ec2.SpotFleetRequest(\"example\",\n launch_specifications=[aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-1234\",\n instance_type=\"m4.4xlarge\",\n subnet_id=entry[\"value\"][\"subnetId\"],\n vpc_security_group_ids=\"sg-123456\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=8,\n volume_type=\"gp2\",\n delete_on_termination=True,\n )],\n tags={\n \"Name\": \"Spot Node\",\n \"tag_builder\": \"builder\",\n },\n ) for entry in [{\"key\": k, \"value\": v} for k, v in [{\n \"subnetId\": s[1],\n } for s in subnets]]],\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n target_capacity=3,\n valid_until=\"2019-11-04T20:44:20Z\",\n allocation_strategy=\"lowestPrice\",\n fleet_type=\"request\",\n wait_for_fulfillment=True,\n terminate_instances_with_expiration=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnets = config.RequireObject\u003cdynamic\u003e(\"subnets\");\n var example = new Aws.Ec2.SpotFleetRequest(\"example\", new()\n {\n LaunchSpecifications = .Select(s =\u003e \n {\n return \n {\n { \"subnetId\", s[1] },\n };\n }).ToList().Select((v, k) =\u003e new { Key = k, Value = v }).Select(entry =\u003e \n {\n return new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-1234\",\n InstanceType = \"m4.4xlarge\",\n SubnetId = entry.Value.SubnetId,\n VpcSecurityGroupIds = \"sg-123456\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 8,\n VolumeType = \"gp2\",\n DeleteOnTermination = true,\n },\n },\n Tags = \n {\n { \"Name\", \"Spot Node\" },\n { \"tag_builder\", \"builder\" },\n },\n };\n }).ToList(),\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n TargetCapacity = 3,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n AllocationStrategy = \"lowestPrice\",\n FleetType = \"request\",\n WaitForFulfillment = true,\n TerminateInstancesWithExpiration = true,\n });\n\n});\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using multiple launch configurations\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [vpcId],\n }],\n});\nconst foo = new aws.ec2.LaunchTemplate(\"foo\", {\n name: \"launch-template\",\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: foo.id,\n version: foo.latestVersion,\n },\n overrides: [\n {\n subnetId: example.then(example =\u003e example.ids?.[0]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[1]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[2]),\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[vpc_id],\n)])\nfoo = aws.ec2.LaunchTemplate(\"foo\",\n name=\"launch-template\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo.id,\n version=foo.latest_version,\n ),\n overrides=[\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[0],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[1],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[2],\n ),\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n vpcId,\n },\n },\n },\n });\n\n var foo = new Aws.Ec2.LaunchTemplate(\"foo\", new()\n {\n Name = \"launch-template\",\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = foo.Id,\n Version = foo.LatestVersion,\n },\n Overrides = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[2]),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nvpcId,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nfoo, err := ec2.NewLaunchTemplate(ctx, \"foo\", \u0026ec2.LaunchTemplateArgs{\nName: pulumi.String(\"launch-template\"),\nImageId: pulumi.String(\"ami-516b9131\"),\nInstanceType: pulumi.String(\"m1.small\"),\nKeyName: pulumi.String(\"some-key\"),\n})\nif err != nil {\nreturn err\n}\n_, err = ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\nIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\nSpotPrice: pulumi.String(\"0.005\"),\nTargetCapacity: pulumi.Int(2),\nValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\nLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\nLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\nId: foo.ID(),\nVersion: foo.LatestVersion,\n},\nOverrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: pulumi.String(example.Ids[0]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: pulumi.String(example.Ids[1]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: pulumi.String(example.Ids[2]),\n},\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(vpcId)\n .build())\n .build());\n\n var foo = new LaunchTemplate(\"foo\", LaunchTemplateArgs.builder() \n .name(\"launch-template\")\n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(foo.id())\n .version(foo.latestVersion())\n .build())\n .overrides( \n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[2]))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:LaunchTemplate\n properties:\n name: launch-template\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n name: foo\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${foo.id}\n version: ${foo.latestVersion}\n overrides:\n - subnetId: ${example.ids[0]}\n - subnetId: ${example.ids[1]}\n - subnetId: ${example.ids[2]}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${vpcId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Spot Fleet Requests using `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/spotFleetRequest:SpotFleetRequest fleet sfr-005e9ec8-5546-4c31-b317-31a62325411e\n```\n", "properties": { "allocationStrategy": { "type": "string", @@ -219795,7 +219795,7 @@ } }, "aws:ec2/volumeAttachment:VolumeAttachment": { - "description": "Provides an AWS EBS Volume Attachment as a top level resource, to attach and\ndetach volumes from AWS Instances.\n\n\u003e **NOTE on EBS block devices:** If you use `ebs_block_device` on an `aws.ec2.Instance`, this provider will assume management over the full set of non-root EBS block devices for the instance, and treats additional block devices as drift. For this reason, `ebs_block_device` cannot be mixed with external `aws.ebs.Volume` + `aws.ec2.VolumeAttachment` resources for a given instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-21f78e11\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"t2.micro\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n size: 1,\n});\nconst ebsAtt = new aws.ec2.VolumeAttachment(\"ebs_att\", {\n deviceName: \"/dev/sdh\",\n volumeId: example.id,\n instanceId: web.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-21f78e11\",\n availability_zone=\"us-west-2a\",\n instance_type=\"t2.micro\",\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n size=1)\nebs_att = aws.ec2.VolumeAttachment(\"ebs_att\",\n device_name=\"/dev/sdh\",\n volume_id=example.id,\n instance_id=web.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-21f78e11\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"t2.micro\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n var example = new Aws.Ebs.Volume(\"example\", new()\n {\n AvailabilityZone = \"us-west-2a\",\n Size = 1,\n });\n\n var ebsAtt = new Aws.Ec2.VolumeAttachment(\"ebs_att\", new()\n {\n DeviceName = \"/dev/sdh\",\n VolumeId = example.Id,\n InstanceId = web.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tweb, err := ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-21f78e11\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ebs.NewVolume(ctx, \"example\", \u0026ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVolumeAttachment(ctx, \"ebs_att\", \u0026ec2.VolumeAttachmentArgs{\n\t\t\tDeviceName: pulumi.String(\"/dev/sdh\"),\n\t\t\tVolumeId: example.ID(),\n\t\t\tInstanceId: web.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ebs.Volume;\nimport com.pulumi.aws.ebs.VolumeArgs;\nimport com.pulumi.aws.ec2.VolumeAttachment;\nimport com.pulumi.aws.ec2.VolumeAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-21f78e11\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"t2.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n var example = new Volume(\"example\", VolumeArgs.builder() \n .availabilityZone(\"us-west-2a\")\n .size(1)\n .build());\n\n var ebsAtt = new VolumeAttachment(\"ebsAtt\", VolumeAttachmentArgs.builder() \n .deviceName(\"/dev/sdh\")\n .volumeId(example.id())\n .instanceId(web.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ebsAtt:\n type: aws:ec2:VolumeAttachment\n name: ebs_att\n properties:\n deviceName: /dev/sdh\n volumeId: ${example.id}\n instanceId: ${web.id}\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-21f78e11\n availabilityZone: us-west-2a\n instanceType: t2.micro\n tags:\n Name: HelloWorld\n example:\n type: aws:ebs:Volume\n properties:\n availabilityZone: us-west-2a\n size: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EBS Volume Attachments using `DEVICE_NAME:VOLUME_ID:INSTANCE_ID`. For example:\n\n```sh\n$ pulumi import aws:ec2/volumeAttachment:VolumeAttachment example /dev/sdh:vol-049df61146c4d7901:i-12345678\n```\n", + "description": "Provides an AWS EBS Volume Attachment as a top level resource, to attach and\ndetach volumes from AWS Instances.\n\n\u003e **NOTE on EBS block devices:** If you use `ebs_block_device` on an `aws.ec2.Instance`, this provider will assume management over the full set of non-root EBS block devices for the instance, and treats additional block devices as drift. For this reason, `ebs_block_device` cannot be mixed with external `aws.ebs.Volume` + `aws.ec2.VolumeAttachment` resources for a given instance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-21f78e11\",\n availabilityZone: \"us-west-2a\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n size: 1,\n});\nconst ebsAtt = new aws.ec2.VolumeAttachment(\"ebs_att\", {\n deviceName: \"/dev/sdh\",\n volumeId: example.id,\n instanceId: web.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-21f78e11\",\n availability_zone=\"us-west-2a\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n size=1)\nebs_att = aws.ec2.VolumeAttachment(\"ebs_att\",\n device_name=\"/dev/sdh\",\n volume_id=example.id,\n instance_id=web.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-21f78e11\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n var example = new Aws.Ebs.Volume(\"example\", new()\n {\n AvailabilityZone = \"us-west-2a\",\n Size = 1,\n });\n\n var ebsAtt = new Aws.Ec2.VolumeAttachment(\"ebs_att\", new()\n {\n DeviceName = \"/dev/sdh\",\n VolumeId = example.Id,\n InstanceId = web.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tweb, err := ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-21f78e11\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ebs.NewVolume(ctx, \"example\", \u0026ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVolumeAttachment(ctx, \"ebs_att\", \u0026ec2.VolumeAttachmentArgs{\n\t\t\tDeviceName: pulumi.String(\"/dev/sdh\"),\n\t\t\tVolumeId: example.ID(),\n\t\t\tInstanceId: web.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ebs.Volume;\nimport com.pulumi.aws.ebs.VolumeArgs;\nimport com.pulumi.aws.ec2.VolumeAttachment;\nimport com.pulumi.aws.ec2.VolumeAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-21f78e11\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"t2.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n var example = new Volume(\"example\", VolumeArgs.builder() \n .availabilityZone(\"us-west-2a\")\n .size(1)\n .build());\n\n var ebsAtt = new VolumeAttachment(\"ebsAtt\", VolumeAttachmentArgs.builder() \n .deviceName(\"/dev/sdh\")\n .volumeId(example.id())\n .instanceId(web.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ebsAtt:\n type: aws:ec2:VolumeAttachment\n name: ebs_att\n properties:\n deviceName: /dev/sdh\n volumeId: ${example.id}\n instanceId: ${web.id}\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-21f78e11\n availabilityZone: us-west-2a\n instanceType: t2.micro\n tags:\n Name: HelloWorld\n example:\n type: aws:ebs:Volume\n properties:\n availabilityZone: us-west-2a\n size: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EBS Volume Attachments using `DEVICE_NAME:VOLUME_ID:INSTANCE_ID`. For example:\n\n```sh\n$ pulumi import aws:ec2/volumeAttachment:VolumeAttachment example /dev/sdh:vol-049df61146c4d7901:i-12345678\n```\n", "properties": { "deviceName": { "type": "string", @@ -219896,7 +219896,7 @@ } }, "aws:ec2/vpc:Vpc": { - "description": "Provides a VPC resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nBasic usage with tags:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n instanceTenancy: \"default\",\n tags: {\n Name: \"main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n instance_tenancy=\"default\",\n tags={\n \"Name\": \"main\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n InstanceTenancy = \"default\",\n Tags = \n {\n { \"Name\", \"main\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tInstanceTenancy: pulumi.String(\"default\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .instanceTenancy(\"default\")\n .tags(Map.of(\"Name\", \"main\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n instanceTenancy: default\n tags:\n Name: main\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nVPC with CIDR from AWS IPAM:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst test = new aws.ec2.VpcIpam(\"test\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst testVpcIpamPool = new aws.ec2.VpcIpamPool(\"test\", {\n addressFamily: \"ipv4\",\n ipamScopeId: test.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst testVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"test\", {\n ipamPoolId: testVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\nconst testVpc = new aws.ec2.Vpc(\"test\", {\n ipv4IpamPoolId: testVpcIpamPool.id,\n ipv4NetmaskLength: 28,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\ntest = aws.ec2.VpcIpam(\"test\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\ntest_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"test\",\n address_family=\"ipv4\",\n ipam_scope_id=test.private_default_scope_id,\n locale=current.name)\ntest_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"test\",\n ipam_pool_id=test_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\ntest_vpc = aws.ec2.Vpc(\"test\",\n ipv4_ipam_pool_id=test_vpc_ipam_pool.id,\n ipv4_netmask_length=28)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var test = new Aws.Ec2.VpcIpam(\"test\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var testVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"test\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = test.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var testVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"test\", new()\n {\n IpamPoolId = testVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n var testVpc = new Aws.Ec2.Vpc(\"test\", new()\n {\n Ipv4IpamPoolId = testVpcIpamPool.Id,\n Ipv4NetmaskLength = 28,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := ec2.NewVpcIpam(ctx, \"test\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"test\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: test.PrivateDefaultScopeId,\n\t\t\tLocale: *pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"test\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: testVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpc(ctx, \"test\", \u0026ec2.VpcArgs{\n\t\t\tIpv4IpamPoolId: testVpcIpamPool.ID(),\n\t\t\tIpv4NetmaskLength: pulumi.Int(28),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var test = new VpcIpam(\"test\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var testVpcIpamPool = new VpcIpamPool(\"testVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(test.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var testVpcIpamPoolCidr = new VpcIpamPoolCidr(\"testVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(testVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n var testVpc = new Vpc(\"testVpc\", VpcArgs.builder() \n .ipv4IpamPoolId(testVpcIpamPool.id())\n .ipv4NetmaskLength(28)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n testVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: test\n properties:\n addressFamily: ipv4\n ipamScopeId: ${test.privateDefaultScopeId}\n locale: ${current.name}\n testVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: test\n properties:\n ipamPoolId: ${testVpcIpamPool.id}\n cidr: 172.20.0.0/16\n testVpc:\n type: aws:ec2:Vpc\n name: test\n properties:\n ipv4IpamPoolId: ${testVpcIpamPool.id}\n ipv4NetmaskLength: 28\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPCs using the VPC `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpc:Vpc test_vpc vpc-a01106c2\n```\n", + "description": "Provides a VPC resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nBasic usage with tags:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n instanceTenancy: \"default\",\n tags: {\n Name: \"main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n instance_tenancy=\"default\",\n tags={\n \"Name\": \"main\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n InstanceTenancy = \"default\",\n Tags = \n {\n { \"Name\", \"main\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tInstanceTenancy: pulumi.String(\"default\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .instanceTenancy(\"default\")\n .tags(Map.of(\"Name\", \"main\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n instanceTenancy: default\n tags:\n Name: main\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nVPC with CIDR from AWS IPAM:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst test = new aws.ec2.VpcIpam(\"test\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst testVpcIpamPool = new aws.ec2.VpcIpamPool(\"test\", {\n addressFamily: \"ipv4\",\n ipamScopeId: test.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst testVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"test\", {\n ipamPoolId: testVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\nconst testVpc = new aws.ec2.Vpc(\"test\", {\n ipv4IpamPoolId: testVpcIpamPool.id,\n ipv4NetmaskLength: 28,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\ntest = aws.ec2.VpcIpam(\"test\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\ntest_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"test\",\n address_family=\"ipv4\",\n ipam_scope_id=test.private_default_scope_id,\n locale=current.name)\ntest_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"test\",\n ipam_pool_id=test_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\ntest_vpc = aws.ec2.Vpc(\"test\",\n ipv4_ipam_pool_id=test_vpc_ipam_pool.id,\n ipv4_netmask_length=28)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var test = new Aws.Ec2.VpcIpam(\"test\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var testVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"test\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = test.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var testVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"test\", new()\n {\n IpamPoolId = testVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n var testVpc = new Aws.Ec2.Vpc(\"test\", new()\n {\n Ipv4IpamPoolId = testVpcIpamPool.Id,\n Ipv4NetmaskLength = 28,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := ec2.NewVpcIpam(ctx, \"test\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"test\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: test.PrivateDefaultScopeId,\n\t\t\tLocale: pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"test\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: testVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpc(ctx, \"test\", \u0026ec2.VpcArgs{\n\t\t\tIpv4IpamPoolId: testVpcIpamPool.ID(),\n\t\t\tIpv4NetmaskLength: pulumi.Int(28),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var test = new VpcIpam(\"test\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var testVpcIpamPool = new VpcIpamPool(\"testVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(test.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var testVpcIpamPoolCidr = new VpcIpamPoolCidr(\"testVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(testVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n var testVpc = new Vpc(\"testVpc\", VpcArgs.builder() \n .ipv4IpamPoolId(testVpcIpamPool.id())\n .ipv4NetmaskLength(28)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n testVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: test\n properties:\n addressFamily: ipv4\n ipamScopeId: ${test.privateDefaultScopeId}\n locale: ${current.name}\n testVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: test\n properties:\n ipamPoolId: ${testVpcIpamPool.id}\n cidr: 172.20.0.0/16\n testVpc:\n type: aws:ec2:Vpc\n name: test\n properties:\n ipv4IpamPoolId: ${testVpcIpamPool.id}\n ipv4NetmaskLength: 28\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPCs using the VPC `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpc:Vpc test_vpc vpc-a01106c2\n```\n", "properties": { "arn": { "type": "string", @@ -220389,7 +220389,7 @@ } }, "aws:ec2/vpcEndpoint:VpcEndpoint": { - "description": "Provides a VPC Endpoint resource.\n\n\u003e **NOTE on VPC Endpoints and VPC Endpoint Associations:** The provider provides both standalone VPC Endpoint Associations for\nRoute Tables - (an association between a VPC endpoint and a single `route_table_id`),\nSecurity Groups - (an association between a VPC endpoint and a single `security_group_id`),\nand Subnets - (an association between a VPC endpoint and a single `subnet_id`) and\na VPC Endpoint resource with `route_table_ids` and `subnet_ids` attributes.\nDo not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource.\nDoing so will cause a conflict of associations and will overwrite the association.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = new aws.ec2.VpcEndpoint(\"s3\", {\n vpcId: main.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.VpcEndpoint(\"s3\",\n vpc_id=main[\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3 = new Aws.Ec2.VpcEndpoint(\"s3\", new()\n {\n VpcId = main.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"s3\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var s3 = new VpcEndpoint(\"s3\", VpcEndpointArgs.builder() \n .vpcId(main.id())\n .serviceName(\"com.amazonaws.us-west-2.s3\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${main.id}\n serviceName: com.amazonaws.us-west-2.s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Basic w/ Tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = new aws.ec2.VpcEndpoint(\"s3\", {\n vpcId: main.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.VpcEndpoint(\"s3\",\n vpc_id=main[\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\",\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3 = new Aws.Ec2.VpcEndpoint(\"s3\", new()\n {\n VpcId = main.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"s3\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var s3 = new VpcEndpoint(\"s3\", VpcEndpointArgs.builder() \n .vpcId(main.id())\n .serviceName(\"com.amazonaws.us-west-2.s3\")\n .tags(Map.of(\"Environment\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${main.id}\n serviceName: com.amazonaws.us-west-2.s3\n tags:\n Environment: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Interface Endpoint Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ec2 = new aws.ec2.VpcEndpoint(\"ec2\", {\n vpcId: main.id,\n serviceName: \"com.amazonaws.us-west-2.ec2\",\n vpcEndpointType: \"Interface\",\n securityGroupIds: [sg1.id],\n privateDnsEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nec2 = aws.ec2.VpcEndpoint(\"ec2\",\n vpc_id=main[\"id\"],\n service_name=\"com.amazonaws.us-west-2.ec2\",\n vpc_endpoint_type=\"Interface\",\n security_group_ids=[sg1[\"id\"]],\n private_dns_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ec2 = new Aws.Ec2.VpcEndpoint(\"ec2\", new()\n {\n VpcId = main.Id,\n ServiceName = \"com.amazonaws.us-west-2.ec2\",\n VpcEndpointType = \"Interface\",\n SecurityGroupIds = new[]\n {\n sg1.Id,\n },\n PrivateDnsEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"ec2\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.ec2\"),\n\t\t\tVpcEndpointType: pulumi.String(\"Interface\"),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tsg1.Id,\n\t\t\t},\n\t\t\tPrivateDnsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ec2 = new VpcEndpoint(\"ec2\", VpcEndpointArgs.builder() \n .vpcId(main.id())\n .serviceName(\"com.amazonaws.us-west-2.ec2\")\n .vpcEndpointType(\"Interface\")\n .securityGroupIds(sg1.id())\n .privateDnsEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ec2:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${main.id}\n serviceName: com.amazonaws.us-west-2.ec2\n vpcEndpointType: Interface\n securityGroupIds:\n - ${sg1.id}\n privateDnsEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Gateway Load Balancer Endpoint Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = new aws.ec2.VpcEndpointService(\"example\", {\n acceptanceRequired: false,\n allowedPrincipals: [current.then(current =\u003e current.arn)],\n gatewayLoadBalancerArns: [exampleAwsLb.arn],\n});\nconst exampleVpcEndpoint = new aws.ec2.VpcEndpoint(\"example\", {\n serviceName: example.serviceName,\n subnetIds: [exampleAwsSubnet.id],\n vpcEndpointType: example.serviceType,\n vpcId: exampleAwsVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.ec2.VpcEndpointService(\"example\",\n acceptance_required=False,\n allowed_principals=[current.arn],\n gateway_load_balancer_arns=[example_aws_lb[\"arn\"]])\nexample_vpc_endpoint = aws.ec2.VpcEndpoint(\"example\",\n service_name=example.service_name,\n subnet_ids=[example_aws_subnet[\"id\"]],\n vpc_endpoint_type=example.service_type,\n vpc_id=example_aws_vpc[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.Ec2.VpcEndpointService(\"example\", new()\n {\n AcceptanceRequired = false,\n AllowedPrincipals = new[]\n {\n current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n },\n GatewayLoadBalancerArns = new[]\n {\n exampleAwsLb.Arn,\n },\n });\n\n var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint(\"example\", new()\n {\n ServiceName = example.ServiceName,\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n VpcEndpointType = example.ServiceType,\n VpcId = exampleAwsVpc.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcEndpointService(ctx, \"example\", \u0026ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tAllowedPrincipals: pulumi.StringArray{\n\t\t\t\t*pulumi.String(current.Arn),\n\t\t\t},\n\t\t\tGatewayLoadBalancerArns: pulumi.StringArray{\n\t\t\t\texampleAwsLb.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"example\", \u0026ec2.VpcEndpointArgs{\n\t\t\tServiceName: example.ServiceName,\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleAwsSubnet.Id,\n\t\t\t},\n\t\t\tVpcEndpointType: example.ServiceType,\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcEndpointService;\nimport com.pulumi.aws.ec2.VpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var example = new VpcEndpointService(\"example\", VpcEndpointServiceArgs.builder() \n .acceptanceRequired(false)\n .allowedPrincipals(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .gatewayLoadBalancerArns(exampleAwsLb.arn())\n .build());\n\n var exampleVpcEndpoint = new VpcEndpoint(\"exampleVpcEndpoint\", VpcEndpointArgs.builder() \n .serviceName(example.serviceName())\n .subnetIds(exampleAwsSubnet.id())\n .vpcEndpointType(example.serviceType())\n .vpcId(exampleAwsVpc.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcEndpointService\n properties:\n acceptanceRequired: false\n allowedPrincipals:\n - ${current.arn}\n gatewayLoadBalancerArns:\n - ${exampleAwsLb.arn}\n exampleVpcEndpoint:\n type: aws:ec2:VpcEndpoint\n name: example\n properties:\n serviceName: ${example.serviceName}\n subnetIds:\n - ${exampleAwsSubnet.id}\n vpcEndpointType: ${example.serviceType}\n vpcId: ${exampleAwsVpc.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Endpoints using the VPC endpoint `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57\n```\n", + "description": "Provides a VPC Endpoint resource.\n\n\u003e **NOTE on VPC Endpoints and VPC Endpoint Associations:** The provider provides both standalone VPC Endpoint Associations for\nRoute Tables - (an association between a VPC endpoint and a single `route_table_id`),\nSecurity Groups - (an association between a VPC endpoint and a single `security_group_id`),\nand Subnets - (an association between a VPC endpoint and a single `subnet_id`) and\na VPC Endpoint resource with `route_table_ids` and `subnet_ids` attributes.\nDo not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource.\nDoing so will cause a conflict of associations and will overwrite the association.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = new aws.ec2.VpcEndpoint(\"s3\", {\n vpcId: main.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.VpcEndpoint(\"s3\",\n vpc_id=main[\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3 = new Aws.Ec2.VpcEndpoint(\"s3\", new()\n {\n VpcId = main.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"s3\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var s3 = new VpcEndpoint(\"s3\", VpcEndpointArgs.builder() \n .vpcId(main.id())\n .serviceName(\"com.amazonaws.us-west-2.s3\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${main.id}\n serviceName: com.amazonaws.us-west-2.s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Basic w/ Tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = new aws.ec2.VpcEndpoint(\"s3\", {\n vpcId: main.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.VpcEndpoint(\"s3\",\n vpc_id=main[\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\",\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3 = new Aws.Ec2.VpcEndpoint(\"s3\", new()\n {\n VpcId = main.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"s3\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var s3 = new VpcEndpoint(\"s3\", VpcEndpointArgs.builder() \n .vpcId(main.id())\n .serviceName(\"com.amazonaws.us-west-2.s3\")\n .tags(Map.of(\"Environment\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${main.id}\n serviceName: com.amazonaws.us-west-2.s3\n tags:\n Environment: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Interface Endpoint Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ec2 = new aws.ec2.VpcEndpoint(\"ec2\", {\n vpcId: main.id,\n serviceName: \"com.amazonaws.us-west-2.ec2\",\n vpcEndpointType: \"Interface\",\n securityGroupIds: [sg1.id],\n privateDnsEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nec2 = aws.ec2.VpcEndpoint(\"ec2\",\n vpc_id=main[\"id\"],\n service_name=\"com.amazonaws.us-west-2.ec2\",\n vpc_endpoint_type=\"Interface\",\n security_group_ids=[sg1[\"id\"]],\n private_dns_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ec2 = new Aws.Ec2.VpcEndpoint(\"ec2\", new()\n {\n VpcId = main.Id,\n ServiceName = \"com.amazonaws.us-west-2.ec2\",\n VpcEndpointType = \"Interface\",\n SecurityGroupIds = new[]\n {\n sg1.Id,\n },\n PrivateDnsEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"ec2\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.ec2\"),\n\t\t\tVpcEndpointType: pulumi.String(\"Interface\"),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tsg1.Id,\n\t\t\t},\n\t\t\tPrivateDnsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ec2 = new VpcEndpoint(\"ec2\", VpcEndpointArgs.builder() \n .vpcId(main.id())\n .serviceName(\"com.amazonaws.us-west-2.ec2\")\n .vpcEndpointType(\"Interface\")\n .securityGroupIds(sg1.id())\n .privateDnsEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ec2:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${main.id}\n serviceName: com.amazonaws.us-west-2.ec2\n vpcEndpointType: Interface\n securityGroupIds:\n - ${sg1.id}\n privateDnsEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Gateway Load Balancer Endpoint Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = new aws.ec2.VpcEndpointService(\"example\", {\n acceptanceRequired: false,\n allowedPrincipals: [current.then(current =\u003e current.arn)],\n gatewayLoadBalancerArns: [exampleAwsLb.arn],\n});\nconst exampleVpcEndpoint = new aws.ec2.VpcEndpoint(\"example\", {\n serviceName: example.serviceName,\n subnetIds: [exampleAwsSubnet.id],\n vpcEndpointType: example.serviceType,\n vpcId: exampleAwsVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.ec2.VpcEndpointService(\"example\",\n acceptance_required=False,\n allowed_principals=[current.arn],\n gateway_load_balancer_arns=[example_aws_lb[\"arn\"]])\nexample_vpc_endpoint = aws.ec2.VpcEndpoint(\"example\",\n service_name=example.service_name,\n subnet_ids=[example_aws_subnet[\"id\"]],\n vpc_endpoint_type=example.service_type,\n vpc_id=example_aws_vpc[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.Ec2.VpcEndpointService(\"example\", new()\n {\n AcceptanceRequired = false,\n AllowedPrincipals = new[]\n {\n current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n },\n GatewayLoadBalancerArns = new[]\n {\n exampleAwsLb.Arn,\n },\n });\n\n var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint(\"example\", new()\n {\n ServiceName = example.ServiceName,\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n VpcEndpointType = example.ServiceType,\n VpcId = exampleAwsVpc.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcEndpointService(ctx, \"example\", \u0026ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tAllowedPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.Arn),\n\t\t\t},\n\t\t\tGatewayLoadBalancerArns: pulumi.StringArray{\n\t\t\t\texampleAwsLb.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"example\", \u0026ec2.VpcEndpointArgs{\n\t\t\tServiceName: example.ServiceName,\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleAwsSubnet.Id,\n\t\t\t},\n\t\t\tVpcEndpointType: example.ServiceType,\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcEndpointService;\nimport com.pulumi.aws.ec2.VpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var example = new VpcEndpointService(\"example\", VpcEndpointServiceArgs.builder() \n .acceptanceRequired(false)\n .allowedPrincipals(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .gatewayLoadBalancerArns(exampleAwsLb.arn())\n .build());\n\n var exampleVpcEndpoint = new VpcEndpoint(\"exampleVpcEndpoint\", VpcEndpointArgs.builder() \n .serviceName(example.serviceName())\n .subnetIds(exampleAwsSubnet.id())\n .vpcEndpointType(example.serviceType())\n .vpcId(exampleAwsVpc.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcEndpointService\n properties:\n acceptanceRequired: false\n allowedPrincipals:\n - ${current.arn}\n gatewayLoadBalancerArns:\n - ${exampleAwsLb.arn}\n exampleVpcEndpoint:\n type: aws:ec2:VpcEndpoint\n name: example\n properties:\n serviceName: ${example.serviceName}\n subnetIds:\n - ${exampleAwsSubnet.id}\n vpcEndpointType: ${example.serviceType}\n vpcId: ${exampleAwsVpc.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Endpoints using the VPC endpoint `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57\n```\n", "properties": { "arn": { "type": "string", @@ -220767,7 +220767,7 @@ } }, "aws:ec2/vpcEndpointConnectionNotification:VpcEndpointConnectionNotification": { - "description": "Provides a VPC Endpoint connection notification resource.\nConnection notifications notify subscribers of VPC Endpoint events.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst topic = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"vpce.amazonaws.com\"],\n }],\n actions: [\"SNS:Publish\"],\n resources: [\"arn:aws:sns:*:*:vpce-notification-topic\"],\n }],\n});\nconst topicTopic = new aws.sns.Topic(\"topic\", {\n name: \"vpce-notification-topic\",\n policy: topic.then(topic =\u003e topic.json),\n});\nconst foo = new aws.ec2.VpcEndpointService(\"foo\", {\n acceptanceRequired: false,\n networkLoadBalancerArns: [test.arn],\n});\nconst fooVpcEndpointConnectionNotification = new aws.ec2.VpcEndpointConnectionNotification(\"foo\", {\n vpcEndpointServiceId: foo.id,\n connectionNotificationArn: topicTopic.arn,\n connectionEvents: [\n \"Accept\",\n \"Reject\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntopic = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"vpce.amazonaws.com\"],\n )],\n actions=[\"SNS:Publish\"],\n resources=[\"arn:aws:sns:*:*:vpce-notification-topic\"],\n)])\ntopic_topic = aws.sns.Topic(\"topic\",\n name=\"vpce-notification-topic\",\n policy=topic.json)\nfoo = aws.ec2.VpcEndpointService(\"foo\",\n acceptance_required=False,\n network_load_balancer_arns=[test[\"arn\"]])\nfoo_vpc_endpoint_connection_notification = aws.ec2.VpcEndpointConnectionNotification(\"foo\",\n vpc_endpoint_service_id=foo.id,\n connection_notification_arn=topic_topic.arn,\n connection_events=[\n \"Accept\",\n \"Reject\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var topic = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"vpce.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Resources = new[]\n {\n \"arn:aws:sns:*:*:vpce-notification-topic\",\n },\n },\n },\n });\n\n var topicTopic = new Aws.Sns.Topic(\"topic\", new()\n {\n Name = \"vpce-notification-topic\",\n Policy = topic.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Ec2.VpcEndpointService(\"foo\", new()\n {\n AcceptanceRequired = false,\n NetworkLoadBalancerArns = new[]\n {\n test.Arn,\n },\n });\n\n var fooVpcEndpointConnectionNotification = new Aws.Ec2.VpcEndpointConnectionNotification(\"foo\", new()\n {\n VpcEndpointServiceId = foo.Id,\n ConnectionNotificationArn = topicTopic.Arn,\n ConnectionEvents = new[]\n {\n \"Accept\",\n \"Reject\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttopic, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"vpce.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"SNS:Publish\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:sns:*:*:vpce-notification-topic\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopicTopic, err := sns.NewTopic(ctx, \"topic\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"vpce-notification-topic\"),\n\t\t\tPolicy: *pulumi.String(topic.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewVpcEndpointService(ctx, \"foo\", \u0026ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tNetworkLoadBalancerArns: pulumi.StringArray{\n\t\t\t\ttest.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointConnectionNotification(ctx, \"foo\", \u0026ec2.VpcEndpointConnectionNotificationArgs{\n\t\t\tVpcEndpointServiceId: foo.ID(),\n\t\t\tConnectionNotificationArn: topicTopic.Arn,\n\t\t\tConnectionEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Accept\"),\n\t\t\t\tpulumi.String(\"Reject\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.ec2.VpcEndpointService;\nimport com.pulumi.aws.ec2.VpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.VpcEndpointConnectionNotification;\nimport com.pulumi.aws.ec2.VpcEndpointConnectionNotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var topic = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"vpce.amazonaws.com\")\n .build())\n .actions(\"SNS:Publish\")\n .resources(\"arn:aws:sns:*:*:vpce-notification-topic\")\n .build())\n .build());\n\n var topicTopic = new Topic(\"topicTopic\", TopicArgs.builder() \n .name(\"vpce-notification-topic\")\n .policy(topic.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new VpcEndpointService(\"foo\", VpcEndpointServiceArgs.builder() \n .acceptanceRequired(false)\n .networkLoadBalancerArns(test.arn())\n .build());\n\n var fooVpcEndpointConnectionNotification = new VpcEndpointConnectionNotification(\"fooVpcEndpointConnectionNotification\", VpcEndpointConnectionNotificationArgs.builder() \n .vpcEndpointServiceId(foo.id())\n .connectionNotificationArn(topicTopic.arn())\n .connectionEvents( \n \"Accept\",\n \"Reject\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topicTopic:\n type: aws:sns:Topic\n name: topic\n properties:\n name: vpce-notification-topic\n policy: ${topic.json}\n foo:\n type: aws:ec2:VpcEndpointService\n properties:\n acceptanceRequired: false\n networkLoadBalancerArns:\n - ${test.arn}\n fooVpcEndpointConnectionNotification:\n type: aws:ec2:VpcEndpointConnectionNotification\n name: foo\n properties:\n vpcEndpointServiceId: ${foo.id}\n connectionNotificationArn: ${topicTopic.arn}\n connectionEvents:\n - Accept\n - Reject\nvariables:\n topic:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - vpce.amazonaws.com\n actions:\n - SNS:Publish\n resources:\n - arn:aws:sns:*:*:vpce-notification-topic\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Endpoint connection notifications using the VPC endpoint connection notification `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcEndpointConnectionNotification:VpcEndpointConnectionNotification foo vpce-nfn-09e6ed3b4efba2263\n```\n", + "description": "Provides a VPC Endpoint connection notification resource.\nConnection notifications notify subscribers of VPC Endpoint events.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst topic = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"vpce.amazonaws.com\"],\n }],\n actions: [\"SNS:Publish\"],\n resources: [\"arn:aws:sns:*:*:vpce-notification-topic\"],\n }],\n});\nconst topicTopic = new aws.sns.Topic(\"topic\", {\n name: \"vpce-notification-topic\",\n policy: topic.then(topic =\u003e topic.json),\n});\nconst foo = new aws.ec2.VpcEndpointService(\"foo\", {\n acceptanceRequired: false,\n networkLoadBalancerArns: [test.arn],\n});\nconst fooVpcEndpointConnectionNotification = new aws.ec2.VpcEndpointConnectionNotification(\"foo\", {\n vpcEndpointServiceId: foo.id,\n connectionNotificationArn: topicTopic.arn,\n connectionEvents: [\n \"Accept\",\n \"Reject\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntopic = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"vpce.amazonaws.com\"],\n )],\n actions=[\"SNS:Publish\"],\n resources=[\"arn:aws:sns:*:*:vpce-notification-topic\"],\n)])\ntopic_topic = aws.sns.Topic(\"topic\",\n name=\"vpce-notification-topic\",\n policy=topic.json)\nfoo = aws.ec2.VpcEndpointService(\"foo\",\n acceptance_required=False,\n network_load_balancer_arns=[test[\"arn\"]])\nfoo_vpc_endpoint_connection_notification = aws.ec2.VpcEndpointConnectionNotification(\"foo\",\n vpc_endpoint_service_id=foo.id,\n connection_notification_arn=topic_topic.arn,\n connection_events=[\n \"Accept\",\n \"Reject\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var topic = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"vpce.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Resources = new[]\n {\n \"arn:aws:sns:*:*:vpce-notification-topic\",\n },\n },\n },\n });\n\n var topicTopic = new Aws.Sns.Topic(\"topic\", new()\n {\n Name = \"vpce-notification-topic\",\n Policy = topic.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Ec2.VpcEndpointService(\"foo\", new()\n {\n AcceptanceRequired = false,\n NetworkLoadBalancerArns = new[]\n {\n test.Arn,\n },\n });\n\n var fooVpcEndpointConnectionNotification = new Aws.Ec2.VpcEndpointConnectionNotification(\"foo\", new()\n {\n VpcEndpointServiceId = foo.Id,\n ConnectionNotificationArn = topicTopic.Arn,\n ConnectionEvents = new[]\n {\n \"Accept\",\n \"Reject\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttopic, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"vpce.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"SNS:Publish\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:sns:*:*:vpce-notification-topic\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopicTopic, err := sns.NewTopic(ctx, \"topic\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"vpce-notification-topic\"),\n\t\t\tPolicy: pulumi.String(topic.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewVpcEndpointService(ctx, \"foo\", \u0026ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tNetworkLoadBalancerArns: pulumi.StringArray{\n\t\t\t\ttest.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointConnectionNotification(ctx, \"foo\", \u0026ec2.VpcEndpointConnectionNotificationArgs{\n\t\t\tVpcEndpointServiceId: foo.ID(),\n\t\t\tConnectionNotificationArn: topicTopic.Arn,\n\t\t\tConnectionEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Accept\"),\n\t\t\t\tpulumi.String(\"Reject\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.ec2.VpcEndpointService;\nimport com.pulumi.aws.ec2.VpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.VpcEndpointConnectionNotification;\nimport com.pulumi.aws.ec2.VpcEndpointConnectionNotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var topic = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"vpce.amazonaws.com\")\n .build())\n .actions(\"SNS:Publish\")\n .resources(\"arn:aws:sns:*:*:vpce-notification-topic\")\n .build())\n .build());\n\n var topicTopic = new Topic(\"topicTopic\", TopicArgs.builder() \n .name(\"vpce-notification-topic\")\n .policy(topic.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new VpcEndpointService(\"foo\", VpcEndpointServiceArgs.builder() \n .acceptanceRequired(false)\n .networkLoadBalancerArns(test.arn())\n .build());\n\n var fooVpcEndpointConnectionNotification = new VpcEndpointConnectionNotification(\"fooVpcEndpointConnectionNotification\", VpcEndpointConnectionNotificationArgs.builder() \n .vpcEndpointServiceId(foo.id())\n .connectionNotificationArn(topicTopic.arn())\n .connectionEvents( \n \"Accept\",\n \"Reject\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topicTopic:\n type: aws:sns:Topic\n name: topic\n properties:\n name: vpce-notification-topic\n policy: ${topic.json}\n foo:\n type: aws:ec2:VpcEndpointService\n properties:\n acceptanceRequired: false\n networkLoadBalancerArns:\n - ${test.arn}\n fooVpcEndpointConnectionNotification:\n type: aws:ec2:VpcEndpointConnectionNotification\n name: foo\n properties:\n vpcEndpointServiceId: ${foo.id}\n connectionNotificationArn: ${topicTopic.arn}\n connectionEvents:\n - Accept\n - Reject\nvariables:\n topic:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - vpce.amazonaws.com\n actions:\n - SNS:Publish\n resources:\n - arn:aws:sns:*:*:vpce-notification-topic\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Endpoint connection notifications using the VPC endpoint connection notification `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcEndpointConnectionNotification:VpcEndpointConnectionNotification foo vpce-nfn-09e6ed3b4efba2263\n```\n", "properties": { "connectionEvents": { "type": "array", @@ -220867,7 +220867,7 @@ } }, "aws:ec2/vpcEndpointPolicy:VpcEndpointPolicy": { - "description": "Provides a VPC Endpoint Policy resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getVpcEndpointService({\n service: \"dynamodb\",\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleVpcEndpoint = new aws.ec2.VpcEndpoint(\"example\", {\n serviceName: example.then(example =\u003e example.serviceName),\n vpcId: exampleVpc.id,\n});\nconst exampleVpcEndpointPolicy = new aws.ec2.VpcEndpointPolicy(\"example\", {\n vpcEndpointId: exampleVpcEndpoint.id,\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Sid: \"AllowAll\",\n Effect: \"Allow\",\n Principal: {\n AWS: \"*\",\n },\n Action: [\"dynamodb:*\"],\n Resource: \"*\",\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_vpc_endpoint_service(service=\"dynamodb\")\nexample_vpc = aws.ec2.Vpc(\"example\", cidr_block=\"10.0.0.0/16\")\nexample_vpc_endpoint = aws.ec2.VpcEndpoint(\"example\",\n service_name=example.service_name,\n vpc_id=example_vpc.id)\nexample_vpc_endpoint_policy = aws.ec2.VpcEndpointPolicy(\"example\",\n vpc_endpoint_id=example_vpc_endpoint.id,\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\": \"AllowAll\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\",\n },\n \"Action\": [\"dynamodb:*\"],\n \"Resource\": \"*\",\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Service = \"dynamodb\",\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint(\"example\", new()\n {\n ServiceName = example.Apply(getVpcEndpointServiceResult =\u003e getVpcEndpointServiceResult.ServiceName),\n VpcId = exampleVpc.Id,\n });\n\n var exampleVpcEndpointPolicy = new Aws.Ec2.VpcEndpointPolicy(\"example\", new()\n {\n VpcEndpointId = exampleVpcEndpoint.Id,\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Sid\"] = \"AllowAll\",\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"AWS\"] = \"*\",\n },\n [\"Action\"] = new[]\n {\n \"dynamodb:*\",\n },\n [\"Resource\"] = \"*\",\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tService: pulumi.StringRef(\"dynamodb\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcEndpoint, err := ec2.NewVpcEndpoint(ctx, \"example\", \u0026ec2.VpcEndpointArgs{\n\t\t\tServiceName: *pulumi.String(example.ServiceName),\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Sid\": \"AllowAll\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": \"*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"dynamodb:*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = ec2.NewVpcEndpointPolicy(ctx, \"example\", \u0026ec2.VpcEndpointPolicyArgs{\n\t\t\tVpcEndpointId: exampleVpcEndpoint.ID(),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport com.pulumi.aws.ec2.VpcEndpointPolicy;\nimport com.pulumi.aws.ec2.VpcEndpointPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .service(\"dynamodb\")\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var exampleVpcEndpoint = new VpcEndpoint(\"exampleVpcEndpoint\", VpcEndpointArgs.builder() \n .serviceName(example.applyValue(getVpcEndpointServiceResult -\u003e getVpcEndpointServiceResult.serviceName()))\n .vpcId(exampleVpc.id())\n .build());\n\n var exampleVpcEndpointPolicy = new VpcEndpointPolicy(\"exampleVpcEndpointPolicy\", VpcEndpointPolicyArgs.builder() \n .vpcEndpointId(exampleVpcEndpoint.id())\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Sid\", \"AllowAll\"),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"AWS\", \"*\")\n )),\n jsonProperty(\"Action\", jsonArray(\"dynamodb:*\")),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleVpc:\n type: aws:ec2:Vpc\n name: example\n properties:\n cidrBlock: 10.0.0.0/16\n exampleVpcEndpoint:\n type: aws:ec2:VpcEndpoint\n name: example\n properties:\n serviceName: ${example.serviceName}\n vpcId: ${exampleVpc.id}\n exampleVpcEndpointPolicy:\n type: aws:ec2:VpcEndpointPolicy\n name: example\n properties:\n vpcEndpointId: ${exampleVpcEndpoint.id}\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Sid: AllowAll\n Effect: Allow\n Principal:\n AWS: '*'\n Action:\n - dynamodb:*\n Resource: '*'\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n service: dynamodb\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Endpoint Policies using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcEndpointPolicy:VpcEndpointPolicy example vpce-3ecf2a57\n```\n", + "description": "Provides a VPC Endpoint Policy resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getVpcEndpointService({\n service: \"dynamodb\",\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleVpcEndpoint = new aws.ec2.VpcEndpoint(\"example\", {\n serviceName: example.then(example =\u003e example.serviceName),\n vpcId: exampleVpc.id,\n});\nconst exampleVpcEndpointPolicy = new aws.ec2.VpcEndpointPolicy(\"example\", {\n vpcEndpointId: exampleVpcEndpoint.id,\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Sid: \"AllowAll\",\n Effect: \"Allow\",\n Principal: {\n AWS: \"*\",\n },\n Action: [\"dynamodb:*\"],\n Resource: \"*\",\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_vpc_endpoint_service(service=\"dynamodb\")\nexample_vpc = aws.ec2.Vpc(\"example\", cidr_block=\"10.0.0.0/16\")\nexample_vpc_endpoint = aws.ec2.VpcEndpoint(\"example\",\n service_name=example.service_name,\n vpc_id=example_vpc.id)\nexample_vpc_endpoint_policy = aws.ec2.VpcEndpointPolicy(\"example\",\n vpc_endpoint_id=example_vpc_endpoint.id,\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\": \"AllowAll\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\",\n },\n \"Action\": [\"dynamodb:*\"],\n \"Resource\": \"*\",\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Service = \"dynamodb\",\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint(\"example\", new()\n {\n ServiceName = example.Apply(getVpcEndpointServiceResult =\u003e getVpcEndpointServiceResult.ServiceName),\n VpcId = exampleVpc.Id,\n });\n\n var exampleVpcEndpointPolicy = new Aws.Ec2.VpcEndpointPolicy(\"example\", new()\n {\n VpcEndpointId = exampleVpcEndpoint.Id,\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Sid\"] = \"AllowAll\",\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"AWS\"] = \"*\",\n },\n [\"Action\"] = new[]\n {\n \"dynamodb:*\",\n },\n [\"Resource\"] = \"*\",\n },\n },\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tService: pulumi.StringRef(\"dynamodb\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcEndpoint, err := ec2.NewVpcEndpoint(ctx, \"example\", \u0026ec2.VpcEndpointArgs{\n\t\t\tServiceName: pulumi.String(example.ServiceName),\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Sid\": \"AllowAll\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": \"*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"dynamodb:*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = ec2.NewVpcEndpointPolicy(ctx, \"example\", \u0026ec2.VpcEndpointPolicyArgs{\n\t\t\tVpcEndpointId: exampleVpcEndpoint.ID(),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport com.pulumi.aws.ec2.VpcEndpointPolicy;\nimport com.pulumi.aws.ec2.VpcEndpointPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .service(\"dynamodb\")\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var exampleVpcEndpoint = new VpcEndpoint(\"exampleVpcEndpoint\", VpcEndpointArgs.builder() \n .serviceName(example.applyValue(getVpcEndpointServiceResult -\u003e getVpcEndpointServiceResult.serviceName()))\n .vpcId(exampleVpc.id())\n .build());\n\n var exampleVpcEndpointPolicy = new VpcEndpointPolicy(\"exampleVpcEndpointPolicy\", VpcEndpointPolicyArgs.builder() \n .vpcEndpointId(exampleVpcEndpoint.id())\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Sid\", \"AllowAll\"),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"AWS\", \"*\")\n )),\n jsonProperty(\"Action\", jsonArray(\"dynamodb:*\")),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleVpc:\n type: aws:ec2:Vpc\n name: example\n properties:\n cidrBlock: 10.0.0.0/16\n exampleVpcEndpoint:\n type: aws:ec2:VpcEndpoint\n name: example\n properties:\n serviceName: ${example.serviceName}\n vpcId: ${exampleVpc.id}\n exampleVpcEndpointPolicy:\n type: aws:ec2:VpcEndpointPolicy\n name: example\n properties:\n vpcEndpointId: ${exampleVpcEndpoint.id}\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Sid: AllowAll\n Effect: Allow\n Principal:\n AWS: '*'\n Action:\n - dynamodb:*\n Resource: '*'\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n service: dynamodb\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Endpoint Policies using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcEndpointPolicy:VpcEndpointPolicy example vpce-3ecf2a57\n```\n", "properties": { "policy": { "type": "string", @@ -221220,7 +221220,7 @@ } }, "aws:ec2/vpcEndpointServiceAllowedPrinciple:VpcEndpointServiceAllowedPrinciple": { - "description": "Provides a resource to allow a principal to discover a VPC endpoint service.\n\n\u003e **NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals:** This provider provides\nboth a standalone VPC Endpoint Service Allowed Principal resource\nand a VPC Endpoint Service resource with an `allowed_principals` attribute. Do not use the same principal ARN in both\na VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict\nand will overwrite the association.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst allowMeToFoo = new aws.ec2.VpcEndpointServiceAllowedPrinciple(\"allow_me_to_foo\", {\n vpcEndpointServiceId: foo.id,\n principalArn: current.then(current =\u003e current.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nallow_me_to_foo = aws.ec2.VpcEndpointServiceAllowedPrinciple(\"allow_me_to_foo\",\n vpc_endpoint_service_id=foo[\"id\"],\n principal_arn=current.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var allowMeToFoo = new Aws.Ec2.VpcEndpointServiceAllowedPrinciple(\"allow_me_to_foo\", new()\n {\n VpcEndpointServiceId = foo.Id,\n PrincipalArn = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointServiceAllowedPrinciple(ctx, \"allow_me_to_foo\", \u0026ec2.VpcEndpointServiceAllowedPrincipleArgs{\n\t\t\tVpcEndpointServiceId: pulumi.Any(foo.Id),\n\t\t\tPrincipalArn: *pulumi.String(current.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcEndpointServiceAllowedPrinciple;\nimport com.pulumi.aws.ec2.VpcEndpointServiceAllowedPrincipleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var allowMeToFoo = new VpcEndpointServiceAllowedPrinciple(\"allowMeToFoo\", VpcEndpointServiceAllowedPrincipleArgs.builder() \n .vpcEndpointServiceId(foo.id())\n .principalArn(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowMeToFoo:\n type: aws:ec2:VpcEndpointServiceAllowedPrinciple\n name: allow_me_to_foo\n properties:\n vpcEndpointServiceId: ${foo.id}\n principalArn: ${current.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides a resource to allow a principal to discover a VPC endpoint service.\n\n\u003e **NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals:** This provider provides\nboth a standalone VPC Endpoint Service Allowed Principal resource\nand a VPC Endpoint Service resource with an `allowed_principals` attribute. Do not use the same principal ARN in both\na VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict\nand will overwrite the association.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst allowMeToFoo = new aws.ec2.VpcEndpointServiceAllowedPrinciple(\"allow_me_to_foo\", {\n vpcEndpointServiceId: foo.id,\n principalArn: current.then(current =\u003e current.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nallow_me_to_foo = aws.ec2.VpcEndpointServiceAllowedPrinciple(\"allow_me_to_foo\",\n vpc_endpoint_service_id=foo[\"id\"],\n principal_arn=current.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var allowMeToFoo = new Aws.Ec2.VpcEndpointServiceAllowedPrinciple(\"allow_me_to_foo\", new()\n {\n VpcEndpointServiceId = foo.Id,\n PrincipalArn = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointServiceAllowedPrinciple(ctx, \"allow_me_to_foo\", \u0026ec2.VpcEndpointServiceAllowedPrincipleArgs{\n\t\t\tVpcEndpointServiceId: pulumi.Any(foo.Id),\n\t\t\tPrincipalArn: pulumi.String(current.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcEndpointServiceAllowedPrinciple;\nimport com.pulumi.aws.ec2.VpcEndpointServiceAllowedPrincipleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var allowMeToFoo = new VpcEndpointServiceAllowedPrinciple(\"allowMeToFoo\", VpcEndpointServiceAllowedPrincipleArgs.builder() \n .vpcEndpointServiceId(foo.id())\n .principalArn(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowMeToFoo:\n type: aws:ec2:VpcEndpointServiceAllowedPrinciple\n name: allow_me_to_foo\n properties:\n vpcEndpointServiceId: ${foo.id}\n principalArn: ${current.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "principalArn": { "type": "string", @@ -221318,7 +221318,7 @@ } }, "aws:ec2/vpcIpam:VpcIpam": { - "description": "Provides an IPAM resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst main = new aws.ec2.VpcIpam(\"main\", {\n description: \"My IPAM\",\n operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n }],\n tags: {\n Test: \"Main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nmain = aws.ec2.VpcIpam(\"main\",\n description=\"My IPAM\",\n operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n )],\n tags={\n \"Test\": \"Main\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var main = new Aws.Ec2.VpcIpam(\"main\", new()\n {\n Description = \"My IPAM\",\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n Tags = \n {\n { \"Test\", \"Main\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpam(ctx, \"main\", \u0026ec2.VpcIpamArgs{\n\t\t\tDescription: pulumi.String(\"My IPAM\"),\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Test\": pulumi.String(\"Main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var main = new VpcIpam(\"main\", VpcIpamArgs.builder() \n .description(\"My IPAM\")\n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .tags(Map.of(\"Test\", \"Main\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:VpcIpam\n properties:\n description: My IPAM\n operatingRegions:\n - regionName: ${current.name}\n tags:\n Test: Main\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nShared with multiple operating_regions:\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the IPAM `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpam:VpcIpam example ipam-0178368ad2146a492\n```\n", + "description": "Provides an IPAM resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst main = new aws.ec2.VpcIpam(\"main\", {\n description: \"My IPAM\",\n operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n }],\n tags: {\n Test: \"Main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nmain = aws.ec2.VpcIpam(\"main\",\n description=\"My IPAM\",\n operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n )],\n tags={\n \"Test\": \"Main\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var main = new Aws.Ec2.VpcIpam(\"main\", new()\n {\n Description = \"My IPAM\",\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n Tags = \n {\n { \"Test\", \"Main\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpam(ctx, \"main\", \u0026ec2.VpcIpamArgs{\n\t\t\tDescription: pulumi.String(\"My IPAM\"),\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Test\": pulumi.String(\"Main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var main = new VpcIpam(\"main\", VpcIpamArgs.builder() \n .description(\"My IPAM\")\n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .tags(Map.of(\"Test\", \"Main\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:VpcIpam\n properties:\n description: My IPAM\n operatingRegions:\n - regionName: ${current.name}\n tags:\n Test: Main\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nShared with multiple operating_regions:\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the IPAM `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpam:VpcIpam example ipam-0178368ad2146a492\n```\n", "properties": { "arn": { "type": "string", @@ -221474,7 +221474,7 @@ } }, "aws:ec2/vpcIpamOrganizationAdminAccount:VpcIpamOrganizationAdminAccount": { - "description": "Enables the IPAM Service and promotes a delegated administrator.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst delegated = aws.getCallerIdentity({});\nconst example = new aws.ec2.VpcIpamOrganizationAdminAccount(\"example\", {delegatedAdminAccountId: delegated.then(delegated =\u003e delegated.accountId)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndelegated = aws.get_caller_identity()\nexample = aws.ec2.VpcIpamOrganizationAdminAccount(\"example\", delegated_admin_account_id=delegated.account_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var delegated = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.Ec2.VpcIpamOrganizationAdminAccount(\"example\", new()\n {\n DelegatedAdminAccountId = delegated.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdelegated, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamOrganizationAdminAccount(ctx, \"example\", \u0026ec2.VpcIpamOrganizationAdminAccountArgs{\n\t\t\tDelegatedAdminAccountId: *pulumi.String(delegated.AccountId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcIpamOrganizationAdminAccount;\nimport com.pulumi.aws.ec2.VpcIpamOrganizationAdminAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var delegated = AwsFunctions.getCallerIdentity();\n\n var example = new VpcIpamOrganizationAdminAccount(\"example\", VpcIpamOrganizationAdminAccountArgs.builder() \n .delegatedAdminAccountId(delegated.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamOrganizationAdminAccount\n properties:\n delegatedAdminAccountId: ${delegated.accountId}\nvariables:\n delegated:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the delegate account `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamOrganizationAdminAccount:VpcIpamOrganizationAdminAccount example 12345678901\n```\n", + "description": "Enables the IPAM Service and promotes a delegated administrator.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst delegated = aws.getCallerIdentity({});\nconst example = new aws.ec2.VpcIpamOrganizationAdminAccount(\"example\", {delegatedAdminAccountId: delegated.then(delegated =\u003e delegated.accountId)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndelegated = aws.get_caller_identity()\nexample = aws.ec2.VpcIpamOrganizationAdminAccount(\"example\", delegated_admin_account_id=delegated.account_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var delegated = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.Ec2.VpcIpamOrganizationAdminAccount(\"example\", new()\n {\n DelegatedAdminAccountId = delegated.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdelegated, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamOrganizationAdminAccount(ctx, \"example\", \u0026ec2.VpcIpamOrganizationAdminAccountArgs{\n\t\t\tDelegatedAdminAccountId: pulumi.String(delegated.AccountId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcIpamOrganizationAdminAccount;\nimport com.pulumi.aws.ec2.VpcIpamOrganizationAdminAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var delegated = AwsFunctions.getCallerIdentity();\n\n var example = new VpcIpamOrganizationAdminAccount(\"example\", VpcIpamOrganizationAdminAccountArgs.builder() \n .delegatedAdminAccountId(delegated.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamOrganizationAdminAccount\n properties:\n delegatedAdminAccountId: ${delegated.accountId}\nvariables:\n delegated:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the delegate account `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamOrganizationAdminAccount:VpcIpamOrganizationAdminAccount example 12345678901\n```\n", "properties": { "arn": { "type": "string", @@ -221540,7 +221540,7 @@ } }, "aws:ec2/vpcIpamPool:VpcIpamPool": { - "description": "Provides an IP address pool resource for IPAM.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id,\n locale=current.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t\tLocale: *pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n locale: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNested Pools:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst parent = new aws.ec2.VpcIpamPool(\"parent\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n});\nconst parentTest = new aws.ec2.VpcIpamPoolCidr(\"parent_test\", {\n ipamPoolId: parent.id,\n cidr: \"172.20.0.0/16\",\n});\nconst child = new aws.ec2.VpcIpamPool(\"child\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n sourceIpamPoolId: parent.id,\n});\nconst childTest = new aws.ec2.VpcIpamPoolCidr(\"child_test\", {\n ipamPoolId: child.id,\n cidr: \"172.20.0.0/24\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nparent = aws.ec2.VpcIpamPool(\"parent\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id)\nparent_test = aws.ec2.VpcIpamPoolCidr(\"parent_test\",\n ipam_pool_id=parent.id,\n cidr=\"172.20.0.0/16\")\nchild = aws.ec2.VpcIpamPool(\"child\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id,\n locale=current.name,\n source_ipam_pool_id=parent.id)\nchild_test = aws.ec2.VpcIpamPoolCidr(\"child_test\",\n ipam_pool_id=child.id,\n cidr=\"172.20.0.0/24\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var parent = new Aws.Ec2.VpcIpamPool(\"parent\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n });\n\n var parentTest = new Aws.Ec2.VpcIpamPoolCidr(\"parent_test\", new()\n {\n IpamPoolId = parent.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n var child = new Aws.Ec2.VpcIpamPool(\"child\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n SourceIpamPoolId = parent.Id,\n });\n\n var childTest = new Aws.Ec2.VpcIpamPoolCidr(\"child_test\", new()\n {\n IpamPoolId = child.Id,\n Cidr = \"172.20.0.0/24\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparent, err := ec2.NewVpcIpamPool(ctx, \"parent\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"parent_test\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: parent.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tchild, err := ec2.NewVpcIpamPool(ctx, \"child\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t\tLocale: *pulumi.String(current.Name),\n\t\t\tSourceIpamPoolId: parent.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"child_test\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: child.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var parent = new VpcIpamPool(\"parent\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .build());\n\n var parentTest = new VpcIpamPoolCidr(\"parentTest\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(parent.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n var child = new VpcIpamPool(\"child\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .sourceIpamPoolId(parent.id())\n .build());\n\n var childTest = new VpcIpamPoolCidr(\"childTest\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(child.id())\n .cidr(\"172.20.0.0/24\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n parent:\n type: aws:ec2:VpcIpamPool\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n parentTest:\n type: aws:ec2:VpcIpamPoolCidr\n name: parent_test\n properties:\n ipamPoolId: ${parent.id}\n cidr: 172.20.0.0/16\n child:\n type: aws:ec2:VpcIpamPool\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n locale: ${current.name}\n sourceIpamPoolId: ${parent.id}\n childTest:\n type: aws:ec2:VpcIpamPoolCidr\n name: child_test\n properties:\n ipamPoolId: ${child.id}\n cidr: 172.20.0.0/24\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the IPAM pool `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamPool:VpcIpamPool example ipam-pool-0958f95207d978e1e\n```\n", + "description": "Provides an IP address pool resource for IPAM.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id,\n locale=current.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t\tLocale: pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n locale: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nNested Pools:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst parent = new aws.ec2.VpcIpamPool(\"parent\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n});\nconst parentTest = new aws.ec2.VpcIpamPoolCidr(\"parent_test\", {\n ipamPoolId: parent.id,\n cidr: \"172.20.0.0/16\",\n});\nconst child = new aws.ec2.VpcIpamPool(\"child\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n sourceIpamPoolId: parent.id,\n});\nconst childTest = new aws.ec2.VpcIpamPoolCidr(\"child_test\", {\n ipamPoolId: child.id,\n cidr: \"172.20.0.0/24\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nparent = aws.ec2.VpcIpamPool(\"parent\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id)\nparent_test = aws.ec2.VpcIpamPoolCidr(\"parent_test\",\n ipam_pool_id=parent.id,\n cidr=\"172.20.0.0/16\")\nchild = aws.ec2.VpcIpamPool(\"child\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id,\n locale=current.name,\n source_ipam_pool_id=parent.id)\nchild_test = aws.ec2.VpcIpamPoolCidr(\"child_test\",\n ipam_pool_id=child.id,\n cidr=\"172.20.0.0/24\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var parent = new Aws.Ec2.VpcIpamPool(\"parent\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n });\n\n var parentTest = new Aws.Ec2.VpcIpamPoolCidr(\"parent_test\", new()\n {\n IpamPoolId = parent.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n var child = new Aws.Ec2.VpcIpamPool(\"child\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n SourceIpamPoolId = parent.Id,\n });\n\n var childTest = new Aws.Ec2.VpcIpamPoolCidr(\"child_test\", new()\n {\n IpamPoolId = child.Id,\n Cidr = \"172.20.0.0/24\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparent, err := ec2.NewVpcIpamPool(ctx, \"parent\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"parent_test\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: parent.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tchild, err := ec2.NewVpcIpamPool(ctx, \"child\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t\tLocale: pulumi.String(current.Name),\n\t\t\tSourceIpamPoolId: parent.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"child_test\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: child.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var parent = new VpcIpamPool(\"parent\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .build());\n\n var parentTest = new VpcIpamPoolCidr(\"parentTest\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(parent.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n var child = new VpcIpamPool(\"child\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .sourceIpamPoolId(parent.id())\n .build());\n\n var childTest = new VpcIpamPoolCidr(\"childTest\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(child.id())\n .cidr(\"172.20.0.0/24\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n parent:\n type: aws:ec2:VpcIpamPool\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n parentTest:\n type: aws:ec2:VpcIpamPoolCidr\n name: parent_test\n properties:\n ipamPoolId: ${parent.id}\n cidr: 172.20.0.0/16\n child:\n type: aws:ec2:VpcIpamPool\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n locale: ${current.name}\n sourceIpamPoolId: ${parent.id}\n childTest:\n type: aws:ec2:VpcIpamPoolCidr\n name: child_test\n properties:\n ipamPoolId: ${child.id}\n cidr: 172.20.0.0/24\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the IPAM pool `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamPool:VpcIpamPool example ipam-pool-0958f95207d978e1e\n```\n", "properties": { "addressFamily": { "type": "string", @@ -221808,7 +221808,7 @@ } }, "aws:ec2/vpcIpamPoolCidr:VpcIpamPoolCidr": { - "description": "Provisions a CIDR from an IPAM address pool.\n\n\u003e **NOTE:** Provisioning Public IPv4 or Public IPv6 require [steps outside the scope of this resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#prepare-for-byoip). The resource accepts `message` and `signature` as part of the `cidr_authorization_context` attribute but those must be generated ahead of time. Public IPv6 CIDRs that are provisioned into a Pool with `publicly_advertisable = true` and all public IPv4 CIDRs also require creating a Route Origin Authorization (ROA) object in your Regional Internet Registry (RIR).\n\n\u003e **NOTE:** In order to deprovision CIDRs all Allocations must be released. Allocations created by a VPC take up to 30 minutes to be released. However, for IPAM to properly manage the removal of allocation records created by VPCs and other resources, you must [grant it permissions](https://docs.aws.amazon.com/vpc/latest/ipam/choose-single-user-or-orgs-ipam.html) in\neither a single account or organizationally. If you are unable to deprovision a cidr after waiting over 30 minutes, you may be missing the Service Linked Role.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id,\n locale=current.name)\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t\tLocale: *pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nProvision Public IPv6 Pool CIDRs:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst ipv6TestPublic = new aws.ec2.VpcIpamPool(\"ipv6_test_public\", {\n addressFamily: \"ipv6\",\n ipamScopeId: example.publicDefaultScopeId,\n locale: \"us-east-1\",\n description: \"public ipv6\",\n publiclyAdvertisable: false,\n publicIpSource: \"amazon\",\n awsService: \"ec2\",\n});\nconst ipv6TestPublicVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"ipv6_test_public\", {\n ipamPoolId: ipv6TestPublic.id,\n netmaskLength: 52,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nipv6_test_public = aws.ec2.VpcIpamPool(\"ipv6_test_public\",\n address_family=\"ipv6\",\n ipam_scope_id=example.public_default_scope_id,\n locale=\"us-east-1\",\n description=\"public ipv6\",\n publicly_advertisable=False,\n public_ip_source=\"amazon\",\n aws_service=\"ec2\")\nipv6_test_public_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"ipv6_test_public\",\n ipam_pool_id=ipv6_test_public.id,\n netmask_length=52)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var ipv6TestPublic = new Aws.Ec2.VpcIpamPool(\"ipv6_test_public\", new()\n {\n AddressFamily = \"ipv6\",\n IpamScopeId = example.PublicDefaultScopeId,\n Locale = \"us-east-1\",\n Description = \"public ipv6\",\n PubliclyAdvertisable = false,\n PublicIpSource = \"amazon\",\n AwsService = \"ec2\",\n });\n\n var ipv6TestPublicVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"ipv6_test_public\", new()\n {\n IpamPoolId = ipv6TestPublic.Id,\n NetmaskLength = 52,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tipv6TestPublic, err := ec2.NewVpcIpamPool(ctx, \"ipv6_test_public\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv6\"),\n\t\t\tIpamScopeId: example.PublicDefaultScopeId,\n\t\t\tLocale: pulumi.String(\"us-east-1\"),\n\t\t\tDescription: pulumi.String(\"public ipv6\"),\n\t\t\tPubliclyAdvertisable: pulumi.Bool(false),\n\t\t\tPublicIpSource: pulumi.String(\"amazon\"),\n\t\t\tAwsService: pulumi.String(\"ec2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"ipv6_test_public\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: ipv6TestPublic.ID(),\n\t\t\tNetmaskLength: pulumi.Int(52),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var ipv6TestPublic = new VpcIpamPool(\"ipv6TestPublic\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv6\")\n .ipamScopeId(example.publicDefaultScopeId())\n .locale(\"us-east-1\")\n .description(\"public ipv6\")\n .publiclyAdvertisable(false)\n .publicIpSource(\"amazon\")\n .awsService(\"ec2\")\n .build());\n\n var ipv6TestPublicVpcIpamPoolCidr = new VpcIpamPoolCidr(\"ipv6TestPublicVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(ipv6TestPublic.id())\n .netmaskLength(52)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n ipv6TestPublic:\n type: aws:ec2:VpcIpamPool\n name: ipv6_test_public\n properties:\n addressFamily: ipv6\n ipamScopeId: ${example.publicDefaultScopeId}\n locale: us-east-1\n description: public ipv6\n publiclyAdvertisable: false\n publicIpSource: amazon\n awsService: ec2\n ipv6TestPublicVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: ipv6_test_public\n properties:\n ipamPoolId: ${ipv6TestPublic.id}\n netmaskLength: 52\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the `\u003ccidr\u003e_\u003cipam-pool-id\u003e`. For example:\n\n__NOTE:__ Do not use the IPAM Pool Cidr ID as this was introduced after the resource already existed.\n\n```sh\n$ pulumi import aws:ec2/vpcIpamPoolCidr:VpcIpamPoolCidr example 172.20.0.0/24_ipam-pool-0e634f5a1517cccdc\n```\n", + "description": "Provisions a CIDR from an IPAM address pool.\n\n\u003e **NOTE:** Provisioning Public IPv4 or Public IPv6 require [steps outside the scope of this resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#prepare-for-byoip). The resource accepts `message` and `signature` as part of the `cidr_authorization_context` attribute but those must be generated ahead of time. Public IPv6 CIDRs that are provisioned into a Pool with `publicly_advertisable = true` and all public IPv4 CIDRs also require creating a Route Origin Authorization (ROA) object in your Regional Internet Registry (RIR).\n\n\u003e **NOTE:** In order to deprovision CIDRs all Allocations must be released. Allocations created by a VPC take up to 30 minutes to be released. However, for IPAM to properly manage the removal of allocation records created by VPCs and other resources, you must [grant it permissions](https://docs.aws.amazon.com/vpc/latest/ipam/choose-single-user-or-orgs-ipam.html) in\neither a single account or organizationally. If you are unable to deprovision a cidr after waiting over 30 minutes, you may be missing the Service Linked Role.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: example.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example.private_default_scope_id,\n locale=current.name)\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = example.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: example.PrivateDefaultScopeId,\n\t\t\tLocale: pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(example.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${example.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nProvision Public IPv6 Pool CIDRs:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst ipv6TestPublic = new aws.ec2.VpcIpamPool(\"ipv6_test_public\", {\n addressFamily: \"ipv6\",\n ipamScopeId: example.publicDefaultScopeId,\n locale: \"us-east-1\",\n description: \"public ipv6\",\n publiclyAdvertisable: false,\n publicIpSource: \"amazon\",\n awsService: \"ec2\",\n});\nconst ipv6TestPublicVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"ipv6_test_public\", {\n ipamPoolId: ipv6TestPublic.id,\n netmaskLength: 52,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nipv6_test_public = aws.ec2.VpcIpamPool(\"ipv6_test_public\",\n address_family=\"ipv6\",\n ipam_scope_id=example.public_default_scope_id,\n locale=\"us-east-1\",\n description=\"public ipv6\",\n publicly_advertisable=False,\n public_ip_source=\"amazon\",\n aws_service=\"ec2\")\nipv6_test_public_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"ipv6_test_public\",\n ipam_pool_id=ipv6_test_public.id,\n netmask_length=52)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var ipv6TestPublic = new Aws.Ec2.VpcIpamPool(\"ipv6_test_public\", new()\n {\n AddressFamily = \"ipv6\",\n IpamScopeId = example.PublicDefaultScopeId,\n Locale = \"us-east-1\",\n Description = \"public ipv6\",\n PubliclyAdvertisable = false,\n PublicIpSource = \"amazon\",\n AwsService = \"ec2\",\n });\n\n var ipv6TestPublicVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"ipv6_test_public\", new()\n {\n IpamPoolId = ipv6TestPublic.Id,\n NetmaskLength = 52,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tipv6TestPublic, err := ec2.NewVpcIpamPool(ctx, \"ipv6_test_public\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv6\"),\n\t\t\tIpamScopeId: example.PublicDefaultScopeId,\n\t\t\tLocale: pulumi.String(\"us-east-1\"),\n\t\t\tDescription: pulumi.String(\"public ipv6\"),\n\t\t\tPubliclyAdvertisable: pulumi.Bool(false),\n\t\t\tPublicIpSource: pulumi.String(\"amazon\"),\n\t\t\tAwsService: pulumi.String(\"ec2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"ipv6_test_public\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: ipv6TestPublic.ID(),\n\t\t\tNetmaskLength: pulumi.Int(52),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var ipv6TestPublic = new VpcIpamPool(\"ipv6TestPublic\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv6\")\n .ipamScopeId(example.publicDefaultScopeId())\n .locale(\"us-east-1\")\n .description(\"public ipv6\")\n .publiclyAdvertisable(false)\n .publicIpSource(\"amazon\")\n .awsService(\"ec2\")\n .build());\n\n var ipv6TestPublicVpcIpamPoolCidr = new VpcIpamPoolCidr(\"ipv6TestPublicVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(ipv6TestPublic.id())\n .netmaskLength(52)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n ipv6TestPublic:\n type: aws:ec2:VpcIpamPool\n name: ipv6_test_public\n properties:\n addressFamily: ipv6\n ipamScopeId: ${example.publicDefaultScopeId}\n locale: us-east-1\n description: public ipv6\n publiclyAdvertisable: false\n publicIpSource: amazon\n awsService: ec2\n ipv6TestPublicVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: ipv6_test_public\n properties:\n ipamPoolId: ${ipv6TestPublic.id}\n netmaskLength: 52\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the `\u003ccidr\u003e_\u003cipam-pool-id\u003e`. For example:\n\n__NOTE:__ Do not use the IPAM Pool Cidr ID as this was introduced after the resource already existed.\n\n```sh\n$ pulumi import aws:ec2/vpcIpamPoolCidr:VpcIpamPoolCidr example 172.20.0.0/24_ipam-pool-0e634f5a1517cccdc\n```\n", "properties": { "cidr": { "type": "string", @@ -221893,7 +221893,7 @@ } }, "aws:ec2/vpcIpamPoolCidrAllocation:VpcIpamPoolCidrAllocation": { - "description": "Allocates (reserves) a CIDR from an IPAM address pool, preventing usage by IPAM. Only works for private IPv4.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst exampleVpcIpam = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: exampleVpcIpam.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst example = new aws.ec2.VpcIpamPoolCidrAllocation(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/24\",\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample_vpc_ipam = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example_vpc_ipam.private_default_scope_id,\n locale=current.name)\nexample = aws.ec2.VpcIpamPoolCidrAllocation(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/24\")\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var exampleVpcIpam = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = exampleVpcIpam.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var example = new Aws.Ec2.VpcIpamPoolCidrAllocation(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/24\",\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpam, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: exampleVpcIpam.PrivateDefaultScopeId,\n\t\t\tLocale: *pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidrAllocation(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrAllocationArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocation;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocationArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var exampleVpcIpam = new VpcIpam(\"exampleVpcIpam\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(exampleVpcIpam.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var example = new VpcIpamPoolCidrAllocation(\"example\", VpcIpamPoolCidrAllocationArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/24\")\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamPoolCidrAllocation\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/24\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${exampleVpcIpam.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpam:\n type: aws:ec2:VpcIpam\n name: example\n properties:\n operatingRegions:\n - regionName: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith the `disallowed_cidrs` attribute:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst exampleVpcIpam = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: exampleVpcIpam.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst example = new aws.ec2.VpcIpamPoolCidrAllocation(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n netmaskLength: 28,\n disallowedCidrs: [\"172.20.0.0/28\"],\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample_vpc_ipam = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example_vpc_ipam.private_default_scope_id,\n locale=current.name)\nexample = aws.ec2.VpcIpamPoolCidrAllocation(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n netmask_length=28,\n disallowed_cidrs=[\"172.20.0.0/28\"])\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var exampleVpcIpam = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = exampleVpcIpam.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var example = new Aws.Ec2.VpcIpamPoolCidrAllocation(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n NetmaskLength = 28,\n DisallowedCidrs = new[]\n {\n \"172.20.0.0/28\",\n },\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpam, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: exampleVpcIpam.PrivateDefaultScopeId,\n\t\t\tLocale: *pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidrAllocation(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrAllocationArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tNetmaskLength: pulumi.Int(28),\n\t\t\tDisallowedCidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.20.0.0/28\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocation;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocationArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var exampleVpcIpam = new VpcIpam(\"exampleVpcIpam\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(exampleVpcIpam.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var example = new VpcIpamPoolCidrAllocation(\"example\", VpcIpamPoolCidrAllocationArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .netmaskLength(28)\n .disallowedCidrs(\"172.20.0.0/28\")\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamPoolCidrAllocation\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n netmaskLength: 28\n disallowedCidrs:\n - 172.20.0.0/28\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${exampleVpcIpam.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpam:\n type: aws:ec2:VpcIpam\n name: example\n properties:\n operatingRegions:\n - regionName: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAM allocations using the allocation `id` and `pool id`, separated by `_`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamPoolCidrAllocation:VpcIpamPoolCidrAllocation example ipam-pool-alloc-0dc6d196509c049ba8b549ff99f639736_ipam-pool-07cfb559e0921fcbe\n```\n", + "description": "Allocates (reserves) a CIDR from an IPAM address pool, preventing usage by IPAM. Only works for private IPv4.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst exampleVpcIpam = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: exampleVpcIpam.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst example = new aws.ec2.VpcIpamPoolCidrAllocation(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/24\",\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample_vpc_ipam = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example_vpc_ipam.private_default_scope_id,\n locale=current.name)\nexample = aws.ec2.VpcIpamPoolCidrAllocation(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/24\")\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var exampleVpcIpam = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = exampleVpcIpam.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var example = new Aws.Ec2.VpcIpamPoolCidrAllocation(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/24\",\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpam, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: exampleVpcIpam.PrivateDefaultScopeId,\n\t\t\tLocale: pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidrAllocation(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrAllocationArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocation;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocationArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var exampleVpcIpam = new VpcIpam(\"exampleVpcIpam\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(exampleVpcIpam.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var example = new VpcIpamPoolCidrAllocation(\"example\", VpcIpamPoolCidrAllocationArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/24\")\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamPoolCidrAllocation\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/24\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${exampleVpcIpam.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpam:\n type: aws:ec2:VpcIpam\n name: example\n properties:\n operatingRegions:\n - regionName: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith the `disallowed_cidrs` attribute:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst exampleVpcIpam = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: exampleVpcIpam.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst example = new aws.ec2.VpcIpamPoolCidrAllocation(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n netmaskLength: 28,\n disallowedCidrs: [\"172.20.0.0/28\"],\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample_vpc_ipam = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example_vpc_ipam.private_default_scope_id,\n locale=current.name)\nexample = aws.ec2.VpcIpamPoolCidrAllocation(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n netmask_length=28,\n disallowed_cidrs=[\"172.20.0.0/28\"])\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var exampleVpcIpam = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = exampleVpcIpam.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var example = new Aws.Ec2.VpcIpamPoolCidrAllocation(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n NetmaskLength = 28,\n DisallowedCidrs = new[]\n {\n \"172.20.0.0/28\",\n },\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpam, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: exampleVpcIpam.PrivateDefaultScopeId,\n\t\t\tLocale: pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidrAllocation(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrAllocationArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tNetmaskLength: pulumi.Int(28),\n\t\t\tDisallowedCidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.20.0.0/28\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocation;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocationArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var exampleVpcIpam = new VpcIpam(\"exampleVpcIpam\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(exampleVpcIpam.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var example = new VpcIpamPoolCidrAllocation(\"example\", VpcIpamPoolCidrAllocationArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .netmaskLength(28)\n .disallowedCidrs(\"172.20.0.0/28\")\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamPoolCidrAllocation\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n netmaskLength: 28\n disallowedCidrs:\n - 172.20.0.0/28\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${exampleVpcIpam.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpam:\n type: aws:ec2:VpcIpam\n name: example\n properties:\n operatingRegions:\n - regionName: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAM allocations using the allocation `id` and `pool id`, separated by `_`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamPoolCidrAllocation:VpcIpamPoolCidrAllocation example ipam-pool-alloc-0dc6d196509c049ba8b549ff99f639736_ipam-pool-07cfb559e0921fcbe\n```\n", "properties": { "cidr": { "type": "string", @@ -222026,7 +222026,7 @@ } }, "aws:ec2/vpcIpamPreviewNextCidr:VpcIpamPreviewNextCidr": { - "description": "Previews a CIDR from an IPAM address pool. Only works for private IPv4.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst exampleVpcIpam = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: exampleVpcIpam.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst example = new aws.ec2.VpcIpamPreviewNextCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n netmaskLength: 28,\n disallowedCidrs: [\"172.2.0.0/32\"],\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample_vpc_ipam = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example_vpc_ipam.private_default_scope_id,\n locale=current.name)\nexample = aws.ec2.VpcIpamPreviewNextCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n netmask_length=28,\n disallowed_cidrs=[\"172.2.0.0/32\"])\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var exampleVpcIpam = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = exampleVpcIpam.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var example = new Aws.Ec2.VpcIpamPreviewNextCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n NetmaskLength = 28,\n DisallowedCidrs = new[]\n {\n \"172.2.0.0/32\",\n },\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpam, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: exampleVpcIpam.PrivateDefaultScopeId,\n\t\t\tLocale: *pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPreviewNextCidr(ctx, \"example\", \u0026ec2.VpcIpamPreviewNextCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tNetmaskLength: pulumi.Int(28),\n\t\t\tDisallowedCidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.2.0.0/32\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPreviewNextCidr;\nimport com.pulumi.aws.ec2.VpcIpamPreviewNextCidrArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var exampleVpcIpam = new VpcIpam(\"exampleVpcIpam\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(exampleVpcIpam.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var example = new VpcIpamPreviewNextCidr(\"example\", VpcIpamPreviewNextCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .netmaskLength(28)\n .disallowedCidrs(\"172.2.0.0/32\")\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamPreviewNextCidr\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n netmaskLength: 28\n disallowedCidrs:\n - 172.2.0.0/32\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${exampleVpcIpam.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpam:\n type: aws:ec2:VpcIpam\n name: example\n properties:\n operatingRegions:\n - regionName: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Previews a CIDR from an IPAM address pool. Only works for private IPv4.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst exampleVpcIpam = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamPool = new aws.ec2.VpcIpamPool(\"example\", {\n addressFamily: \"ipv4\",\n ipamScopeId: exampleVpcIpam.privateDefaultScopeId,\n locale: current.then(current =\u003e current.name),\n});\nconst example = new aws.ec2.VpcIpamPreviewNextCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n netmaskLength: 28,\n disallowedCidrs: [\"172.2.0.0/32\"],\n});\nconst exampleVpcIpamPoolCidr = new aws.ec2.VpcIpamPoolCidr(\"example\", {\n ipamPoolId: exampleVpcIpamPool.id,\n cidr: \"172.20.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample_vpc_ipam = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_pool = aws.ec2.VpcIpamPool(\"example\",\n address_family=\"ipv4\",\n ipam_scope_id=example_vpc_ipam.private_default_scope_id,\n locale=current.name)\nexample = aws.ec2.VpcIpamPreviewNextCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n netmask_length=28,\n disallowed_cidrs=[\"172.2.0.0/32\"])\nexample_vpc_ipam_pool_cidr = aws.ec2.VpcIpamPoolCidr(\"example\",\n ipam_pool_id=example_vpc_ipam_pool.id,\n cidr=\"172.20.0.0/16\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var exampleVpcIpam = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamPool = new Aws.Ec2.VpcIpamPool(\"example\", new()\n {\n AddressFamily = \"ipv4\",\n IpamScopeId = exampleVpcIpam.PrivateDefaultScopeId,\n Locale = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n });\n\n var example = new Aws.Ec2.VpcIpamPreviewNextCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n NetmaskLength = 28,\n DisallowedCidrs = new[]\n {\n \"172.2.0.0/32\",\n },\n });\n\n var exampleVpcIpamPoolCidr = new Aws.Ec2.VpcIpamPoolCidr(\"example\", new()\n {\n IpamPoolId = exampleVpcIpamPool.Id,\n Cidr = \"172.20.0.0/16\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpam, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, \"example\", \u0026ec2.VpcIpamPoolArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tIpamScopeId: exampleVpcIpam.PrivateDefaultScopeId,\n\t\t\tLocale: pulumi.String(current.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPreviewNextCidr(ctx, \"example\", \u0026ec2.VpcIpamPreviewNextCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tNetmaskLength: pulumi.Int(28),\n\t\t\tDisallowedCidrs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.2.0.0/32\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidr(ctx, \"example\", \u0026ec2.VpcIpamPoolCidrArgs{\n\t\t\tIpamPoolId: exampleVpcIpamPool.ID(),\n\t\t\tCidr: pulumi.String(\"172.20.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamPool;\nimport com.pulumi.aws.ec2.VpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.VpcIpamPreviewNextCidr;\nimport com.pulumi.aws.ec2.VpcIpamPreviewNextCidrArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidr;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var exampleVpcIpam = new VpcIpam(\"exampleVpcIpam\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamPool = new VpcIpamPool(\"exampleVpcIpamPool\", VpcIpamPoolArgs.builder() \n .addressFamily(\"ipv4\")\n .ipamScopeId(exampleVpcIpam.privateDefaultScopeId())\n .locale(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build());\n\n var example = new VpcIpamPreviewNextCidr(\"example\", VpcIpamPreviewNextCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .netmaskLength(28)\n .disallowedCidrs(\"172.2.0.0/32\")\n .build());\n\n var exampleVpcIpamPoolCidr = new VpcIpamPoolCidr(\"exampleVpcIpamPoolCidr\", VpcIpamPoolCidrArgs.builder() \n .ipamPoolId(exampleVpcIpamPool.id())\n .cidr(\"172.20.0.0/16\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpamPreviewNextCidr\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n netmaskLength: 28\n disallowedCidrs:\n - 172.2.0.0/32\n exampleVpcIpamPoolCidr:\n type: aws:ec2:VpcIpamPoolCidr\n name: example\n properties:\n ipamPoolId: ${exampleVpcIpamPool.id}\n cidr: 172.20.0.0/16\n exampleVpcIpamPool:\n type: aws:ec2:VpcIpamPool\n name: example\n properties:\n addressFamily: ipv4\n ipamScopeId: ${exampleVpcIpam.privateDefaultScopeId}\n locale: ${current.name}\n exampleVpcIpam:\n type: aws:ec2:VpcIpam\n name: example\n properties:\n operatingRegions:\n - regionName: ${current.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "cidr": { "type": "string", @@ -222105,7 +222105,7 @@ } }, "aws:ec2/vpcIpamResourceDiscovery:VpcIpamResourceDiscovery": { - "description": "Provides an IPAM Resource Discovery resource. IPAM Resource Discoveries are resources meant for multi-organization customers. If you wish to use a single IPAM across multiple orgs, a resource discovery can be created and shared from a subordinate organization to the management organizations IPAM delegated admin account. For a full deployment example, see `aws.ec2.VpcIpamResourceDiscoveryAssociation` resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst main = new aws.ec2.VpcIpamResourceDiscovery(\"main\", {\n description: \"My IPAM Resource Discovery\",\n operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n }],\n tags: {\n Test: \"Main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nmain = aws.ec2.VpcIpamResourceDiscovery(\"main\",\n description=\"My IPAM Resource Discovery\",\n operating_regions=[aws.ec2.VpcIpamResourceDiscoveryOperatingRegionArgs(\n region_name=current.name,\n )],\n tags={\n \"Test\": \"Main\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var main = new Aws.Ec2.VpcIpamResourceDiscovery(\"main\", new()\n {\n Description = \"My IPAM Resource Discovery\",\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamResourceDiscoveryOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n Tags = \n {\n { \"Test\", \"Main\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamResourceDiscovery(ctx, \"main\", \u0026ec2.VpcIpamResourceDiscoveryArgs{\n\t\t\tDescription: pulumi.String(\"My IPAM Resource Discovery\"),\n\t\t\tOperatingRegions: ec2.VpcIpamResourceDiscoveryOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamResourceDiscoveryOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Test\": pulumi.String(\"Main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamResourceDiscovery;\nimport com.pulumi.aws.ec2.VpcIpamResourceDiscoveryArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamResourceDiscoveryOperatingRegionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var main = new VpcIpamResourceDiscovery(\"main\", VpcIpamResourceDiscoveryArgs.builder() \n .description(\"My IPAM Resource Discovery\")\n .operatingRegions(VpcIpamResourceDiscoveryOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .tags(Map.of(\"Test\", \"Main\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:VpcIpamResourceDiscovery\n properties:\n description: My IPAM Resource Discovery\n operatingRegions:\n - regionName: ${current.name}\n tags:\n Test: Main\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the IPAM resource discovery `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamResourceDiscovery:VpcIpamResourceDiscovery example ipam-res-disco-0178368ad2146a492\n```\n", + "description": "Provides an IPAM Resource Discovery resource. IPAM Resource Discoveries are resources meant for multi-organization customers. If you wish to use a single IPAM across multiple orgs, a resource discovery can be created and shared from a subordinate organization to the management organizations IPAM delegated admin account. For a full deployment example, see `aws.ec2.VpcIpamResourceDiscoveryAssociation` resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst main = new aws.ec2.VpcIpamResourceDiscovery(\"main\", {\n description: \"My IPAM Resource Discovery\",\n operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n }],\n tags: {\n Test: \"Main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nmain = aws.ec2.VpcIpamResourceDiscovery(\"main\",\n description=\"My IPAM Resource Discovery\",\n operating_regions=[aws.ec2.VpcIpamResourceDiscoveryOperatingRegionArgs(\n region_name=current.name,\n )],\n tags={\n \"Test\": \"Main\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var main = new Aws.Ec2.VpcIpamResourceDiscovery(\"main\", new()\n {\n Description = \"My IPAM Resource Discovery\",\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamResourceDiscoveryOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n Tags = \n {\n { \"Test\", \"Main\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamResourceDiscovery(ctx, \"main\", \u0026ec2.VpcIpamResourceDiscoveryArgs{\n\t\t\tDescription: pulumi.String(\"My IPAM Resource Discovery\"),\n\t\t\tOperatingRegions: ec2.VpcIpamResourceDiscoveryOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamResourceDiscoveryOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Test\": pulumi.String(\"Main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamResourceDiscovery;\nimport com.pulumi.aws.ec2.VpcIpamResourceDiscoveryArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamResourceDiscoveryOperatingRegionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var main = new VpcIpamResourceDiscovery(\"main\", VpcIpamResourceDiscoveryArgs.builder() \n .description(\"My IPAM Resource Discovery\")\n .operatingRegions(VpcIpamResourceDiscoveryOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .tags(Map.of(\"Test\", \"Main\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:VpcIpamResourceDiscovery\n properties:\n description: My IPAM Resource Discovery\n operatingRegions:\n - regionName: ${current.name}\n tags:\n Test: Main\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the IPAM resource discovery `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamResourceDiscovery:VpcIpamResourceDiscovery example ipam-res-disco-0178368ad2146a492\n```\n", "properties": { "arn": { "type": "string", @@ -222368,7 +222368,7 @@ } }, "aws:ec2/vpcIpamScope:VpcIpamScope": { - "description": "Creates a scope for AWS IPAM.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamScope = new aws.ec2.VpcIpamScope(\"example\", {\n ipamId: example.id,\n description: \"Another Scope\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_scope = aws.ec2.VpcIpamScope(\"example\",\n ipam_id=example.id,\n description=\"Another Scope\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamScope = new Aws.Ec2.VpcIpamScope(\"example\", new()\n {\n IpamId = example.Id,\n Description = \"Another Scope\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: *pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamScope(ctx, \"example\", \u0026ec2.VpcIpamScopeArgs{\n\t\t\tIpamId: example.ID(),\n\t\t\tDescription: pulumi.String(\"Another Scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamScope;\nimport com.pulumi.aws.ec2.VpcIpamScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamScope = new VpcIpamScope(\"exampleVpcIpamScope\", VpcIpamScopeArgs.builder() \n .ipamId(example.id())\n .description(\"Another Scope\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n exampleVpcIpamScope:\n type: aws:ec2:VpcIpamScope\n name: example\n properties:\n ipamId: ${example.id}\n description: Another Scope\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the `scope_id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamScope:VpcIpamScope example ipam-scope-0513c69f283d11dfb\n```\n", + "description": "Creates a scope for AWS IPAM.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = new aws.ec2.VpcIpam(\"example\", {operatingRegions: [{\n regionName: current.then(current =\u003e current.name),\n}]});\nconst exampleVpcIpamScope = new aws.ec2.VpcIpamScope(\"example\", {\n ipamId: example.id,\n description: \"Another Scope\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.VpcIpam(\"example\", operating_regions=[aws.ec2.VpcIpamOperatingRegionArgs(\n region_name=current.name,\n)])\nexample_vpc_ipam_scope = aws.ec2.VpcIpamScope(\"example\",\n ipam_id=example.id,\n description=\"Another Scope\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = new Aws.Ec2.VpcIpam(\"example\", new()\n {\n OperatingRegions = new[]\n {\n new Aws.Ec2.Inputs.VpcIpamOperatingRegionArgs\n {\n RegionName = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n },\n },\n });\n\n var exampleVpcIpamScope = new Aws.Ec2.VpcIpamScope(\"example\", new()\n {\n IpamId = example.Id,\n Description = \"Another Scope\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewVpcIpam(ctx, \"example\", \u0026ec2.VpcIpamArgs{\n\t\t\tOperatingRegions: ec2.VpcIpamOperatingRegionArray{\n\t\t\t\t\u0026ec2.VpcIpamOperatingRegionArgs{\n\t\t\t\t\tRegionName: pulumi.String(current.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamScope(ctx, \"example\", \u0026ec2.VpcIpamScopeArgs{\n\t\t\tIpamId: example.ID(),\n\t\t\tDescription: pulumi.String(\"Another Scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpam;\nimport com.pulumi.aws.ec2.VpcIpamArgs;\nimport com.pulumi.aws.ec2.inputs.VpcIpamOperatingRegionArgs;\nimport com.pulumi.aws.ec2.VpcIpamScope;\nimport com.pulumi.aws.ec2.VpcIpamScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n var example = new VpcIpam(\"example\", VpcIpamArgs.builder() \n .operatingRegions(VpcIpamOperatingRegionArgs.builder()\n .regionName(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .build())\n .build());\n\n var exampleVpcIpamScope = new VpcIpamScope(\"exampleVpcIpamScope\", VpcIpamScopeArgs.builder() \n .ipamId(example.id())\n .description(\"Another Scope\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:VpcIpam\n properties:\n operatingRegions:\n - regionName: ${current.name}\n exampleVpcIpamScope:\n type: aws:ec2:VpcIpamScope\n name: example\n properties:\n ipamId: ${example.id}\n description: Another Scope\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IPAMs using the `scope_id`. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcIpamScope:VpcIpamScope example ipam-scope-0513c69f283d11dfb\n```\n", "properties": { "arn": { "type": "string", @@ -222894,7 +222894,7 @@ } }, "aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter": { - "description": "Provides a resource to manage the accepter's side of a VPC Peering Connection.\n\nWhen a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region\nVPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the\naccepter's account.\nThe requester can use the `aws.ec2.VpcPeeringConnection` resource to manage its side of the connection\nand the accepter can use the `aws.ec2.VpcPeeringConnectionAccepter` resource to \"adopt\" its side of the\nconnection into management.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst peerVpc = new aws.ec2.Vpc(\"peer\", {cidrBlock: \"10.1.0.0/16\"});\nconst peer = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peer\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peer.then(peer =\u003e peer.accountId),\n peerRegion: \"us-west-2\",\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peer\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\npeer_vpc = aws.ec2.Vpc(\"peer\", cidr_block=\"10.1.0.0/16\")\npeer = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peer\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer.account_id,\n peer_region=\"us-west-2\",\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n })\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peer\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peer\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var peer = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peer\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peer.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n PeerRegion = \"us-west-2\",\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peer\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peer\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeer, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Requester's side of the connection.\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: *pulumi.String(peer.AccountId),\n\t\t\tPeerRegion: pulumi.String(\"us-west-2\"),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the connection.\n\t\t_, err = ec2.NewVpcPeeringConnectionAccepter(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n final var peer = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peer.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .peerRegion(\"us-west-2\")\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n peerVpc:\n type: aws:ec2:Vpc\n name: peer\n properties:\n cidrBlock: 10.1.0.0/16\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n name: peer\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peer.accountId}\n peerRegion: us-west-2\n autoAccept: false\n tags:\n Side: Requester\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n name: peer\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\nvariables:\n peer:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Accepters using the Peering Connection ID. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter example pcx-12345678\n```\nCertain resource arguments, like `auto_accept`, do not have an EC2 API method for reading the information after peering connection creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", + "description": "Provides a resource to manage the accepter's side of a VPC Peering Connection.\n\nWhen a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region\nVPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the\naccepter's account.\nThe requester can use the `aws.ec2.VpcPeeringConnection` resource to manage its side of the connection\nand the accepter can use the `aws.ec2.VpcPeeringConnectionAccepter` resource to \"adopt\" its side of the\nconnection into management.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst peerVpc = new aws.ec2.Vpc(\"peer\", {cidrBlock: \"10.1.0.0/16\"});\nconst peer = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peer\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peer.then(peer =\u003e peer.accountId),\n peerRegion: \"us-west-2\",\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peer\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\npeer_vpc = aws.ec2.Vpc(\"peer\", cidr_block=\"10.1.0.0/16\")\npeer = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peer\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer.account_id,\n peer_region=\"us-west-2\",\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n })\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peer\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peer\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var peer = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peer\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peer.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n PeerRegion = \"us-west-2\",\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peer\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peer\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeer, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Requester's side of the connection.\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: pulumi.String(peer.AccountId),\n\t\t\tPeerRegion: pulumi.String(\"us-west-2\"),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the connection.\n\t\t_, err = ec2.NewVpcPeeringConnectionAccepter(ctx, \"peer\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n final var peer = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peer.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .peerRegion(\"us-west-2\")\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n peerVpc:\n type: aws:ec2:Vpc\n name: peer\n properties:\n cidrBlock: 10.1.0.0/16\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n name: peer\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peer.accountId}\n peerRegion: us-west-2\n autoAccept: false\n tags:\n Side: Requester\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n name: peer\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\nvariables:\n peer:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Accepters using the Peering Connection ID. For example:\n\n```sh\n$ pulumi import aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter example pcx-12345678\n```\nCertain resource arguments, like `auto_accept`, do not have an EC2 API method for reading the information after peering connection creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", "properties": { "acceptStatus": { "type": "string", @@ -225369,7 +225369,7 @@ } }, "aws:ec2transitgateway/instanceState:InstanceState": { - "description": "Provides an EC2 instance state resource. This allows managing an instance power state.\n\n\u003e **NOTE on Instance State Management:** AWS does not currently have an EC2 API operation to determine an instance has finished processing user data. As a result, this resource can interfere with user data processing. For example, this resource may stop an instance while the user data script is in mid run.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst test = new aws.ec2.Instance(\"test\", {\n ami: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: \"t3.micro\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst testInstanceState = new aws.ec2transitgateway.InstanceState(\"test\", {\n instanceId: test.id,\n state: \"stopped\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\ntest = aws.ec2.Instance(\"test\",\n ami=ubuntu.id,\n instance_type=\"t3.micro\",\n tags={\n \"Name\": \"HelloWorld\",\n })\ntest_instance_state = aws.ec2transitgateway.InstanceState(\"test\",\n instance_id=test.id,\n state=\"stopped\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var test = new Aws.Ec2.Instance(\"test\", new()\n {\n Ami = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t3.micro\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n var testInstanceState = new Aws.Ec2TransitGateway.InstanceState(\"test\", new()\n {\n InstanceId = test.Id,\n State = \"stopped\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := ec2.NewInstance(ctx, \"test\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t3.micro\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewInstanceState(ctx, \"test\", \u0026ec2transitgateway.InstanceStateArgs{\n\t\t\tInstanceId: test.ID(),\n\t\t\tState: pulumi.String(\"stopped\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2transitgateway.InstanceState;\nimport com.pulumi.aws.ec2transitgateway.InstanceStateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var test = new Instance(\"test\", InstanceArgs.builder() \n .ami(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n var testInstanceState = new InstanceState(\"testInstanceState\", InstanceStateArgs.builder() \n .instanceId(test.id())\n .state(\"stopped\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:Instance\n properties:\n ami: ${ubuntu.id}\n instanceType: t3.micro\n tags:\n Name: HelloWorld\n testInstanceState:\n type: aws:ec2transitgateway:InstanceState\n name: test\n properties:\n instanceId: ${test.id}\n state: stopped\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_instance_state` using the `instance_id` attribute. For example:\n\n```sh\n$ pulumi import aws:ec2transitgateway/instanceState:InstanceState test i-02cae6557dfcf2f96\n```\n", + "description": "Provides an EC2 instance state resource. This allows managing an instance power state.\n\n\u003e **NOTE on Instance State Management:** AWS does not currently have an EC2 API operation to determine an instance has finished processing user data. As a result, this resource can interfere with user data processing. For example, this resource may stop an instance while the user data script is in mid run.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst test = new aws.ec2.Instance(\"test\", {\n ami: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: aws.ec2.InstanceType.T3_Micro,\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst testInstanceState = new aws.ec2transitgateway.InstanceState(\"test\", {\n instanceId: test.id,\n state: \"stopped\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\ntest = aws.ec2.Instance(\"test\",\n ami=ubuntu.id,\n instance_type=aws.ec2.InstanceType.T3_MICRO,\n tags={\n \"Name\": \"HelloWorld\",\n })\ntest_instance_state = aws.ec2transitgateway.InstanceState(\"test\",\n instance_id=test.id,\n state=\"stopped\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var test = new Aws.Ec2.Instance(\"test\", new()\n {\n Ami = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T3_Micro,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n var testInstanceState = new Aws.Ec2TransitGateway.InstanceState(\"test\", new()\n {\n InstanceId = test.Id,\n State = \"stopped\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := ec2.NewInstance(ctx, \"test\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T3_Micro),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewInstanceState(ctx, \"test\", \u0026ec2transitgateway.InstanceStateArgs{\n\t\t\tInstanceId: test.ID(),\n\t\t\tState: pulumi.String(\"stopped\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2transitgateway.InstanceState;\nimport com.pulumi.aws.ec2transitgateway.InstanceStateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var test = new Instance(\"test\", InstanceArgs.builder() \n .ami(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n var testInstanceState = new InstanceState(\"testInstanceState\", InstanceStateArgs.builder() \n .instanceId(test.id())\n .state(\"stopped\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:Instance\n properties:\n ami: ${ubuntu.id}\n instanceType: t3.micro\n tags:\n Name: HelloWorld\n testInstanceState:\n type: aws:ec2transitgateway:InstanceState\n name: test\n properties:\n instanceId: ${test.id}\n state: stopped\nvariables:\n ubuntu:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_instance_state` using the `instance_id` attribute. For example:\n\n```sh\n$ pulumi import aws:ec2transitgateway/instanceState:InstanceState test i-02cae6557dfcf2f96\n```\n", "properties": { "force": { "type": "boolean", @@ -225428,7 +225428,7 @@ } }, "aws:ec2transitgateway/multicastDomain:MulticastDomain": { - "description": "Manages an EC2 Transit Gateway Multicast Domain.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst amazonLinux = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [\n {\n name: \"name\",\n values: [\"amzn-ami-hvm-*-x86_64-gp2\"],\n },\n {\n name: \"owner-alias\",\n values: [\"amazon\"],\n },\n ],\n});\nconst vpc1 = new aws.ec2.Vpc(\"vpc1\", {cidrBlock: \"10.0.0.0/16\"});\nconst vpc2 = new aws.ec2.Vpc(\"vpc2\", {cidrBlock: \"10.1.0.0/16\"});\nconst subnet1 = new aws.ec2.Subnet(\"subnet1\", {\n vpcId: vpc1.id,\n cidrBlock: \"10.0.1.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst subnet2 = new aws.ec2.Subnet(\"subnet2\", {\n vpcId: vpc1.id,\n cidrBlock: \"10.0.2.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[1]),\n});\nconst subnet3 = new aws.ec2.Subnet(\"subnet3\", {\n vpcId: vpc2.id,\n cidrBlock: \"10.1.1.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst instance1 = new aws.ec2.Instance(\"instance1\", {\n ami: amazonLinux.then(amazonLinux =\u003e amazonLinux.id),\n instanceType: \"t2.micro\",\n subnetId: subnet1.id,\n});\nconst instance2 = new aws.ec2.Instance(\"instance2\", {\n ami: amazonLinux.then(amazonLinux =\u003e amazonLinux.id),\n instanceType: \"t2.micro\",\n subnetId: subnet2.id,\n});\nconst instance3 = new aws.ec2.Instance(\"instance3\", {\n ami: amazonLinux.then(amazonLinux =\u003e amazonLinux.id),\n instanceType: \"t2.micro\",\n subnetId: subnet3.id,\n});\nconst tgw = new aws.ec2transitgateway.TransitGateway(\"tgw\", {multicastSupport: \"enable\"});\nconst attachment1 = new aws.ec2transitgateway.VpcAttachment(\"attachment1\", {\n subnetIds: [\n subnet1.id,\n subnet2.id,\n ],\n transitGatewayId: tgw.id,\n vpcId: vpc1.id,\n});\nconst attachment2 = new aws.ec2transitgateway.VpcAttachment(\"attachment2\", {\n subnetIds: [subnet3.id],\n transitGatewayId: tgw.id,\n vpcId: vpc2.id,\n});\nconst domain = new aws.ec2transitgateway.MulticastDomain(\"domain\", {\n transitGatewayId: tgw.id,\n staticSourcesSupport: \"enable\",\n tags: {\n Name: \"Transit_Gateway_Multicast_Domain_Example\",\n },\n});\nconst association3 = new aws.ec2transitgateway.MulticastDomainAssociation(\"association3\", {\n subnetId: subnet3.id,\n transitGatewayAttachmentId: attachment2.id,\n transitGatewayMulticastDomainId: domain.id,\n});\nconst source = new aws.ec2transitgateway.MulticastGroupSource(\"source\", {\n groupIpAddress: \"224.0.0.1\",\n networkInterfaceId: instance3.primaryNetworkInterfaceId,\n transitGatewayMulticastDomainId: association3.transitGatewayMulticastDomainId,\n});\nconst association1 = new aws.ec2transitgateway.MulticastDomainAssociation(\"association1\", {\n subnetId: subnet1.id,\n transitGatewayAttachmentId: attachment1.id,\n transitGatewayMulticastDomainId: domain.id,\n});\nconst association2 = new aws.ec2transitgateway.MulticastDomainAssociation(\"association2\", {\n subnetId: subnet2.id,\n transitGatewayAttachmentId: attachment2.id,\n transitGatewayMulticastDomainId: domain.id,\n});\nconst member1 = new aws.ec2transitgateway.MulticastGroupMember(\"member1\", {\n groupIpAddress: \"224.0.0.1\",\n networkInterfaceId: instance1.primaryNetworkInterfaceId,\n transitGatewayMulticastDomainId: association1.transitGatewayMulticastDomainId,\n});\nconst member2 = new aws.ec2transitgateway.MulticastGroupMember(\"member2\", {\n groupIpAddress: \"224.0.0.1\",\n networkInterfaceId: instance2.primaryNetworkInterfaceId,\n transitGatewayMulticastDomainId: association1.transitGatewayMulticastDomainId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\")\namazon_linux = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*-x86_64-gp2\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"owner-alias\",\n values=[\"amazon\"],\n ),\n ])\nvpc1 = aws.ec2.Vpc(\"vpc1\", cidr_block=\"10.0.0.0/16\")\nvpc2 = aws.ec2.Vpc(\"vpc2\", cidr_block=\"10.1.0.0/16\")\nsubnet1 = aws.ec2.Subnet(\"subnet1\",\n vpc_id=vpc1.id,\n cidr_block=\"10.0.1.0/24\",\n availability_zone=available.names[0])\nsubnet2 = aws.ec2.Subnet(\"subnet2\",\n vpc_id=vpc1.id,\n cidr_block=\"10.0.2.0/24\",\n availability_zone=available.names[1])\nsubnet3 = aws.ec2.Subnet(\"subnet3\",\n vpc_id=vpc2.id,\n cidr_block=\"10.1.1.0/24\",\n availability_zone=available.names[0])\ninstance1 = aws.ec2.Instance(\"instance1\",\n ami=amazon_linux.id,\n instance_type=\"t2.micro\",\n subnet_id=subnet1.id)\ninstance2 = aws.ec2.Instance(\"instance2\",\n ami=amazon_linux.id,\n instance_type=\"t2.micro\",\n subnet_id=subnet2.id)\ninstance3 = aws.ec2.Instance(\"instance3\",\n ami=amazon_linux.id,\n instance_type=\"t2.micro\",\n subnet_id=subnet3.id)\ntgw = aws.ec2transitgateway.TransitGateway(\"tgw\", multicast_support=\"enable\")\nattachment1 = aws.ec2transitgateway.VpcAttachment(\"attachment1\",\n subnet_ids=[\n subnet1.id,\n subnet2.id,\n ],\n transit_gateway_id=tgw.id,\n vpc_id=vpc1.id)\nattachment2 = aws.ec2transitgateway.VpcAttachment(\"attachment2\",\n subnet_ids=[subnet3.id],\n transit_gateway_id=tgw.id,\n vpc_id=vpc2.id)\ndomain = aws.ec2transitgateway.MulticastDomain(\"domain\",\n transit_gateway_id=tgw.id,\n static_sources_support=\"enable\",\n tags={\n \"Name\": \"Transit_Gateway_Multicast_Domain_Example\",\n })\nassociation3 = aws.ec2transitgateway.MulticastDomainAssociation(\"association3\",\n subnet_id=subnet3.id,\n transit_gateway_attachment_id=attachment2.id,\n transit_gateway_multicast_domain_id=domain.id)\nsource = aws.ec2transitgateway.MulticastGroupSource(\"source\",\n group_ip_address=\"224.0.0.1\",\n network_interface_id=instance3.primary_network_interface_id,\n transit_gateway_multicast_domain_id=association3.transit_gateway_multicast_domain_id)\nassociation1 = aws.ec2transitgateway.MulticastDomainAssociation(\"association1\",\n subnet_id=subnet1.id,\n transit_gateway_attachment_id=attachment1.id,\n transit_gateway_multicast_domain_id=domain.id)\nassociation2 = aws.ec2transitgateway.MulticastDomainAssociation(\"association2\",\n subnet_id=subnet2.id,\n transit_gateway_attachment_id=attachment2.id,\n transit_gateway_multicast_domain_id=domain.id)\nmember1 = aws.ec2transitgateway.MulticastGroupMember(\"member1\",\n group_ip_address=\"224.0.0.1\",\n network_interface_id=instance1.primary_network_interface_id,\n transit_gateway_multicast_domain_id=association1.transit_gateway_multicast_domain_id)\nmember2 = aws.ec2transitgateway.MulticastGroupMember(\"member2\",\n group_ip_address=\"224.0.0.1\",\n network_interface_id=instance2.primary_network_interface_id,\n transit_gateway_multicast_domain_id=association1.transit_gateway_multicast_domain_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var amazonLinux = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-hvm-*-x86_64-gp2\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"owner-alias\",\n Values = new[]\n {\n \"amazon\",\n },\n },\n },\n });\n\n var vpc1 = new Aws.Ec2.Vpc(\"vpc1\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var vpc2 = new Aws.Ec2.Vpc(\"vpc2\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var subnet1 = new Aws.Ec2.Subnet(\"subnet1\", new()\n {\n VpcId = vpc1.Id,\n CidrBlock = \"10.0.1.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var subnet2 = new Aws.Ec2.Subnet(\"subnet2\", new()\n {\n VpcId = vpc1.Id,\n CidrBlock = \"10.0.2.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n });\n\n var subnet3 = new Aws.Ec2.Subnet(\"subnet3\", new()\n {\n VpcId = vpc2.Id,\n CidrBlock = \"10.1.1.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var instance1 = new Aws.Ec2.Instance(\"instance1\", new()\n {\n Ami = amazonLinux.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n SubnetId = subnet1.Id,\n });\n\n var instance2 = new Aws.Ec2.Instance(\"instance2\", new()\n {\n Ami = amazonLinux.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n SubnetId = subnet2.Id,\n });\n\n var instance3 = new Aws.Ec2.Instance(\"instance3\", new()\n {\n Ami = amazonLinux.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n SubnetId = subnet3.Id,\n });\n\n var tgw = new Aws.Ec2TransitGateway.TransitGateway(\"tgw\", new()\n {\n MulticastSupport = \"enable\",\n });\n\n var attachment1 = new Aws.Ec2TransitGateway.VpcAttachment(\"attachment1\", new()\n {\n SubnetIds = new[]\n {\n subnet1.Id,\n subnet2.Id,\n },\n TransitGatewayId = tgw.Id,\n VpcId = vpc1.Id,\n });\n\n var attachment2 = new Aws.Ec2TransitGateway.VpcAttachment(\"attachment2\", new()\n {\n SubnetIds = new[]\n {\n subnet3.Id,\n },\n TransitGatewayId = tgw.Id,\n VpcId = vpc2.Id,\n });\n\n var domain = new Aws.Ec2TransitGateway.MulticastDomain(\"domain\", new()\n {\n TransitGatewayId = tgw.Id,\n StaticSourcesSupport = \"enable\",\n Tags = \n {\n { \"Name\", \"Transit_Gateway_Multicast_Domain_Example\" },\n },\n });\n\n var association3 = new Aws.Ec2TransitGateway.MulticastDomainAssociation(\"association3\", new()\n {\n SubnetId = subnet3.Id,\n TransitGatewayAttachmentId = attachment2.Id,\n TransitGatewayMulticastDomainId = domain.Id,\n });\n\n var source = new Aws.Ec2TransitGateway.MulticastGroupSource(\"source\", new()\n {\n GroupIpAddress = \"224.0.0.1\",\n NetworkInterfaceId = instance3.PrimaryNetworkInterfaceId,\n TransitGatewayMulticastDomainId = association3.TransitGatewayMulticastDomainId,\n });\n\n var association1 = new Aws.Ec2TransitGateway.MulticastDomainAssociation(\"association1\", new()\n {\n SubnetId = subnet1.Id,\n TransitGatewayAttachmentId = attachment1.Id,\n TransitGatewayMulticastDomainId = domain.Id,\n });\n\n var association2 = new Aws.Ec2TransitGateway.MulticastDomainAssociation(\"association2\", new()\n {\n SubnetId = subnet2.Id,\n TransitGatewayAttachmentId = attachment2.Id,\n TransitGatewayMulticastDomainId = domain.Id,\n });\n\n var member1 = new Aws.Ec2TransitGateway.MulticastGroupMember(\"member1\", new()\n {\n GroupIpAddress = \"224.0.0.1\",\n NetworkInterfaceId = instance1.PrimaryNetworkInterfaceId,\n TransitGatewayMulticastDomainId = association1.TransitGatewayMulticastDomainId,\n });\n\n var member2 = new Aws.Ec2TransitGateway.MulticastGroupMember(\"member2\", new()\n {\n GroupIpAddress = \"224.0.0.1\",\n NetworkInterfaceId = instance2.PrimaryNetworkInterfaceId,\n TransitGatewayMulticastDomainId = association1.TransitGatewayMulticastDomainId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tamazonLinux, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*-x86_64-gp2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"owner-alias\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amazon\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpc1, err := ec2.NewVpc(ctx, \"vpc1\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpc2, err := ec2.NewVpc(ctx, \"vpc2\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet1, err := ec2.NewSubnet(ctx, \"subnet1\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: vpc1.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet2, err := ec2.NewSubnet(ctx, \"subnet2\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: vpc1.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet3, err := ec2.NewSubnet(ctx, \"subnet3\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: vpc2.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance1, err := ec2.NewInstance(ctx, \"instance1\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(amazonLinux.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tSubnetId: subnet1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := ec2.NewInstance(ctx, \"instance2\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(amazonLinux.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tSubnetId: subnet2.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance3, err := ec2.NewInstance(ctx, \"instance3\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(amazonLinux.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tSubnetId: subnet3.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttgw, err := ec2transitgateway.NewTransitGateway(ctx, \"tgw\", \u0026ec2transitgateway.TransitGatewayArgs{\n\t\t\tMulticastSupport: pulumi.String(\"enable\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment1, err := ec2transitgateway.NewVpcAttachment(ctx, \"attachment1\", \u0026ec2transitgateway.VpcAttachmentArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tsubnet1.ID(),\n\t\t\t\tsubnet2.ID(),\n\t\t\t},\n\t\t\tTransitGatewayId: tgw.ID(),\n\t\t\tVpcId: vpc1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment2, err := ec2transitgateway.NewVpcAttachment(ctx, \"attachment2\", \u0026ec2transitgateway.VpcAttachmentArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tsubnet3.ID(),\n\t\t\t},\n\t\t\tTransitGatewayId: tgw.ID(),\n\t\t\tVpcId: vpc2.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := ec2transitgateway.NewMulticastDomain(ctx, \"domain\", \u0026ec2transitgateway.MulticastDomainArgs{\n\t\t\tTransitGatewayId: tgw.ID(),\n\t\t\tStaticSourcesSupport: pulumi.String(\"enable\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Transit_Gateway_Multicast_Domain_Example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassociation3, err := ec2transitgateway.NewMulticastDomainAssociation(ctx, \"association3\", \u0026ec2transitgateway.MulticastDomainAssociationArgs{\n\t\t\tSubnetId: subnet3.ID(),\n\t\t\tTransitGatewayAttachmentId: attachment2.ID(),\n\t\t\tTransitGatewayMulticastDomainId: domain.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastGroupSource(ctx, \"source\", \u0026ec2transitgateway.MulticastGroupSourceArgs{\n\t\t\tGroupIpAddress: pulumi.String(\"224.0.0.1\"),\n\t\t\tNetworkInterfaceId: instance3.PrimaryNetworkInterfaceId,\n\t\t\tTransitGatewayMulticastDomainId: association3.TransitGatewayMulticastDomainId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassociation1, err := ec2transitgateway.NewMulticastDomainAssociation(ctx, \"association1\", \u0026ec2transitgateway.MulticastDomainAssociationArgs{\n\t\t\tSubnetId: subnet1.ID(),\n\t\t\tTransitGatewayAttachmentId: attachment1.ID(),\n\t\t\tTransitGatewayMulticastDomainId: domain.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastDomainAssociation(ctx, \"association2\", \u0026ec2transitgateway.MulticastDomainAssociationArgs{\n\t\t\tSubnetId: subnet2.ID(),\n\t\t\tTransitGatewayAttachmentId: attachment2.ID(),\n\t\t\tTransitGatewayMulticastDomainId: domain.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastGroupMember(ctx, \"member1\", \u0026ec2transitgateway.MulticastGroupMemberArgs{\n\t\t\tGroupIpAddress: pulumi.String(\"224.0.0.1\"),\n\t\t\tNetworkInterfaceId: instance1.PrimaryNetworkInterfaceId,\n\t\t\tTransitGatewayMulticastDomainId: association1.TransitGatewayMulticastDomainId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastGroupMember(ctx, \"member2\", \u0026ec2transitgateway.MulticastGroupMemberArgs{\n\t\t\tGroupIpAddress: pulumi.String(\"224.0.0.1\"),\n\t\t\tNetworkInterfaceId: instance2.PrimaryNetworkInterfaceId,\n\t\t\tTransitGatewayMulticastDomainId: association1.TransitGatewayMulticastDomainId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2transitgateway.TransitGateway;\nimport com.pulumi.aws.ec2transitgateway.TransitGatewayArgs;\nimport com.pulumi.aws.ec2transitgateway.VpcAttachment;\nimport com.pulumi.aws.ec2transitgateway.VpcAttachmentArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomain;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomainArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomainAssociation;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomainAssociationArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupSource;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupSourceArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupMember;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n final var amazonLinux = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-hvm-*-x86_64-gp2\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"owner-alias\")\n .values(\"amazon\")\n .build())\n .build());\n\n var vpc1 = new Vpc(\"vpc1\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var vpc2 = new Vpc(\"vpc2\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var subnet1 = new Subnet(\"subnet1\", SubnetArgs.builder() \n .vpcId(vpc1.id())\n .cidrBlock(\"10.0.1.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var subnet2 = new Subnet(\"subnet2\", SubnetArgs.builder() \n .vpcId(vpc1.id())\n .cidrBlock(\"10.0.2.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .build());\n\n var subnet3 = new Subnet(\"subnet3\", SubnetArgs.builder() \n .vpcId(vpc2.id())\n .cidrBlock(\"10.1.1.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var instance1 = new Instance(\"instance1\", InstanceArgs.builder() \n .ami(amazonLinux.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .subnetId(subnet1.id())\n .build());\n\n var instance2 = new Instance(\"instance2\", InstanceArgs.builder() \n .ami(amazonLinux.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .subnetId(subnet2.id())\n .build());\n\n var instance3 = new Instance(\"instance3\", InstanceArgs.builder() \n .ami(amazonLinux.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .subnetId(subnet3.id())\n .build());\n\n var tgw = new TransitGateway(\"tgw\", TransitGatewayArgs.builder() \n .multicastSupport(\"enable\")\n .build());\n\n var attachment1 = new VpcAttachment(\"attachment1\", VpcAttachmentArgs.builder() \n .subnetIds( \n subnet1.id(),\n subnet2.id())\n .transitGatewayId(tgw.id())\n .vpcId(vpc1.id())\n .build());\n\n var attachment2 = new VpcAttachment(\"attachment2\", VpcAttachmentArgs.builder() \n .subnetIds(subnet3.id())\n .transitGatewayId(tgw.id())\n .vpcId(vpc2.id())\n .build());\n\n var domain = new MulticastDomain(\"domain\", MulticastDomainArgs.builder() \n .transitGatewayId(tgw.id())\n .staticSourcesSupport(\"enable\")\n .tags(Map.of(\"Name\", \"Transit_Gateway_Multicast_Domain_Example\"))\n .build());\n\n var association3 = new MulticastDomainAssociation(\"association3\", MulticastDomainAssociationArgs.builder() \n .subnetId(subnet3.id())\n .transitGatewayAttachmentId(attachment2.id())\n .transitGatewayMulticastDomainId(domain.id())\n .build());\n\n var source = new MulticastGroupSource(\"source\", MulticastGroupSourceArgs.builder() \n .groupIpAddress(\"224.0.0.1\")\n .networkInterfaceId(instance3.primaryNetworkInterfaceId())\n .transitGatewayMulticastDomainId(association3.transitGatewayMulticastDomainId())\n .build());\n\n var association1 = new MulticastDomainAssociation(\"association1\", MulticastDomainAssociationArgs.builder() \n .subnetId(subnet1.id())\n .transitGatewayAttachmentId(attachment1.id())\n .transitGatewayMulticastDomainId(domain.id())\n .build());\n\n var association2 = new MulticastDomainAssociation(\"association2\", MulticastDomainAssociationArgs.builder() \n .subnetId(subnet2.id())\n .transitGatewayAttachmentId(attachment2.id())\n .transitGatewayMulticastDomainId(domain.id())\n .build());\n\n var member1 = new MulticastGroupMember(\"member1\", MulticastGroupMemberArgs.builder() \n .groupIpAddress(\"224.0.0.1\")\n .networkInterfaceId(instance1.primaryNetworkInterfaceId())\n .transitGatewayMulticastDomainId(association1.transitGatewayMulticastDomainId())\n .build());\n\n var member2 = new MulticastGroupMember(\"member2\", MulticastGroupMemberArgs.builder() \n .groupIpAddress(\"224.0.0.1\")\n .networkInterfaceId(instance2.primaryNetworkInterfaceId())\n .transitGatewayMulticastDomainId(association1.transitGatewayMulticastDomainId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vpc1:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n vpc2:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n subnet1:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${vpc1.id}\n cidrBlock: 10.0.1.0/24\n availabilityZone: ${available.names[0]}\n subnet2:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${vpc1.id}\n cidrBlock: 10.0.2.0/24\n availabilityZone: ${available.names[1]}\n subnet3:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${vpc2.id}\n cidrBlock: 10.1.1.0/24\n availabilityZone: ${available.names[0]}\n instance1:\n type: aws:ec2:Instance\n properties:\n ami: ${amazonLinux.id}\n instanceType: t2.micro\n subnetId: ${subnet1.id}\n instance2:\n type: aws:ec2:Instance\n properties:\n ami: ${amazonLinux.id}\n instanceType: t2.micro\n subnetId: ${subnet2.id}\n instance3:\n type: aws:ec2:Instance\n properties:\n ami: ${amazonLinux.id}\n instanceType: t2.micro\n subnetId: ${subnet3.id}\n tgw:\n type: aws:ec2transitgateway:TransitGateway\n properties:\n multicastSupport: enable\n attachment1:\n type: aws:ec2transitgateway:VpcAttachment\n properties:\n subnetIds:\n - ${subnet1.id}\n - ${subnet2.id}\n transitGatewayId: ${tgw.id}\n vpcId: ${vpc1.id}\n attachment2:\n type: aws:ec2transitgateway:VpcAttachment\n properties:\n subnetIds:\n - ${subnet3.id}\n transitGatewayId: ${tgw.id}\n vpcId: ${vpc2.id}\n domain:\n type: aws:ec2transitgateway:MulticastDomain\n properties:\n transitGatewayId: ${tgw.id}\n staticSourcesSupport: enable\n tags:\n Name: Transit_Gateway_Multicast_Domain_Example\n association3:\n type: aws:ec2transitgateway:MulticastDomainAssociation\n properties:\n subnetId: ${subnet3.id}\n transitGatewayAttachmentId: ${attachment2.id}\n transitGatewayMulticastDomainId: ${domain.id}\n source:\n type: aws:ec2transitgateway:MulticastGroupSource\n properties:\n groupIpAddress: 224.0.0.1\n networkInterfaceId: ${instance3.primaryNetworkInterfaceId}\n transitGatewayMulticastDomainId: ${association3.transitGatewayMulticastDomainId}\n association1:\n type: aws:ec2transitgateway:MulticastDomainAssociation\n properties:\n subnetId: ${subnet1.id}\n transitGatewayAttachmentId: ${attachment1.id}\n transitGatewayMulticastDomainId: ${domain.id}\n association2:\n type: aws:ec2transitgateway:MulticastDomainAssociation\n properties:\n subnetId: ${subnet2.id}\n transitGatewayAttachmentId: ${attachment2.id}\n transitGatewayMulticastDomainId: ${domain.id}\n member1:\n type: aws:ec2transitgateway:MulticastGroupMember\n properties:\n groupIpAddress: 224.0.0.1\n networkInterfaceId: ${instance1.primaryNetworkInterfaceId}\n transitGatewayMulticastDomainId: ${association1.transitGatewayMulticastDomainId}\n member2:\n type: aws:ec2transitgateway:MulticastGroupMember\n properties:\n groupIpAddress: 224.0.0.1\n networkInterfaceId: ${instance2.primaryNetworkInterfaceId}\n transitGatewayMulticastDomainId: ${association1.transitGatewayMulticastDomainId}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n amazonLinux:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - amzn-ami-hvm-*-x86_64-gp2\n - name: owner-alias\n values:\n - amazon\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_transit_gateway_multicast_domain` using the EC2 Transit Gateway Multicast Domain identifier. For example:\n\n```sh\n$ pulumi import aws:ec2transitgateway/multicastDomain:MulticastDomain example tgw-mcast-domain-12345\n```\n", + "description": "Manages an EC2 Transit Gateway Multicast Domain.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst amazonLinux = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [\n {\n name: \"name\",\n values: [\"amzn-ami-hvm-*-x86_64-gp2\"],\n },\n {\n name: \"owner-alias\",\n values: [\"amazon\"],\n },\n ],\n});\nconst vpc1 = new aws.ec2.Vpc(\"vpc1\", {cidrBlock: \"10.0.0.0/16\"});\nconst vpc2 = new aws.ec2.Vpc(\"vpc2\", {cidrBlock: \"10.1.0.0/16\"});\nconst subnet1 = new aws.ec2.Subnet(\"subnet1\", {\n vpcId: vpc1.id,\n cidrBlock: \"10.0.1.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst subnet2 = new aws.ec2.Subnet(\"subnet2\", {\n vpcId: vpc1.id,\n cidrBlock: \"10.0.2.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[1]),\n});\nconst subnet3 = new aws.ec2.Subnet(\"subnet3\", {\n vpcId: vpc2.id,\n cidrBlock: \"10.1.1.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst instance1 = new aws.ec2.Instance(\"instance1\", {\n ami: amazonLinux.then(amazonLinux =\u003e amazonLinux.id),\n instanceType: aws.ec2.InstanceType.T2_Micro,\n subnetId: subnet1.id,\n});\nconst instance2 = new aws.ec2.Instance(\"instance2\", {\n ami: amazonLinux.then(amazonLinux =\u003e amazonLinux.id),\n instanceType: aws.ec2.InstanceType.T2_Micro,\n subnetId: subnet2.id,\n});\nconst instance3 = new aws.ec2.Instance(\"instance3\", {\n ami: amazonLinux.then(amazonLinux =\u003e amazonLinux.id),\n instanceType: aws.ec2.InstanceType.T2_Micro,\n subnetId: subnet3.id,\n});\nconst tgw = new aws.ec2transitgateway.TransitGateway(\"tgw\", {multicastSupport: \"enable\"});\nconst attachment1 = new aws.ec2transitgateway.VpcAttachment(\"attachment1\", {\n subnetIds: [\n subnet1.id,\n subnet2.id,\n ],\n transitGatewayId: tgw.id,\n vpcId: vpc1.id,\n});\nconst attachment2 = new aws.ec2transitgateway.VpcAttachment(\"attachment2\", {\n subnetIds: [subnet3.id],\n transitGatewayId: tgw.id,\n vpcId: vpc2.id,\n});\nconst domain = new aws.ec2transitgateway.MulticastDomain(\"domain\", {\n transitGatewayId: tgw.id,\n staticSourcesSupport: \"enable\",\n tags: {\n Name: \"Transit_Gateway_Multicast_Domain_Example\",\n },\n});\nconst association3 = new aws.ec2transitgateway.MulticastDomainAssociation(\"association3\", {\n subnetId: subnet3.id,\n transitGatewayAttachmentId: attachment2.id,\n transitGatewayMulticastDomainId: domain.id,\n});\nconst source = new aws.ec2transitgateway.MulticastGroupSource(\"source\", {\n groupIpAddress: \"224.0.0.1\",\n networkInterfaceId: instance3.primaryNetworkInterfaceId,\n transitGatewayMulticastDomainId: association3.transitGatewayMulticastDomainId,\n});\nconst association1 = new aws.ec2transitgateway.MulticastDomainAssociation(\"association1\", {\n subnetId: subnet1.id,\n transitGatewayAttachmentId: attachment1.id,\n transitGatewayMulticastDomainId: domain.id,\n});\nconst association2 = new aws.ec2transitgateway.MulticastDomainAssociation(\"association2\", {\n subnetId: subnet2.id,\n transitGatewayAttachmentId: attachment2.id,\n transitGatewayMulticastDomainId: domain.id,\n});\nconst member1 = new aws.ec2transitgateway.MulticastGroupMember(\"member1\", {\n groupIpAddress: \"224.0.0.1\",\n networkInterfaceId: instance1.primaryNetworkInterfaceId,\n transitGatewayMulticastDomainId: association1.transitGatewayMulticastDomainId,\n});\nconst member2 = new aws.ec2transitgateway.MulticastGroupMember(\"member2\", {\n groupIpAddress: \"224.0.0.1\",\n networkInterfaceId: instance2.primaryNetworkInterfaceId,\n transitGatewayMulticastDomainId: association1.transitGatewayMulticastDomainId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\")\namazon_linux = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*-x86_64-gp2\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"owner-alias\",\n values=[\"amazon\"],\n ),\n ])\nvpc1 = aws.ec2.Vpc(\"vpc1\", cidr_block=\"10.0.0.0/16\")\nvpc2 = aws.ec2.Vpc(\"vpc2\", cidr_block=\"10.1.0.0/16\")\nsubnet1 = aws.ec2.Subnet(\"subnet1\",\n vpc_id=vpc1.id,\n cidr_block=\"10.0.1.0/24\",\n availability_zone=available.names[0])\nsubnet2 = aws.ec2.Subnet(\"subnet2\",\n vpc_id=vpc1.id,\n cidr_block=\"10.0.2.0/24\",\n availability_zone=available.names[1])\nsubnet3 = aws.ec2.Subnet(\"subnet3\",\n vpc_id=vpc2.id,\n cidr_block=\"10.1.1.0/24\",\n availability_zone=available.names[0])\ninstance1 = aws.ec2.Instance(\"instance1\",\n ami=amazon_linux.id,\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n subnet_id=subnet1.id)\ninstance2 = aws.ec2.Instance(\"instance2\",\n ami=amazon_linux.id,\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n subnet_id=subnet2.id)\ninstance3 = aws.ec2.Instance(\"instance3\",\n ami=amazon_linux.id,\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n subnet_id=subnet3.id)\ntgw = aws.ec2transitgateway.TransitGateway(\"tgw\", multicast_support=\"enable\")\nattachment1 = aws.ec2transitgateway.VpcAttachment(\"attachment1\",\n subnet_ids=[\n subnet1.id,\n subnet2.id,\n ],\n transit_gateway_id=tgw.id,\n vpc_id=vpc1.id)\nattachment2 = aws.ec2transitgateway.VpcAttachment(\"attachment2\",\n subnet_ids=[subnet3.id],\n transit_gateway_id=tgw.id,\n vpc_id=vpc2.id)\ndomain = aws.ec2transitgateway.MulticastDomain(\"domain\",\n transit_gateway_id=tgw.id,\n static_sources_support=\"enable\",\n tags={\n \"Name\": \"Transit_Gateway_Multicast_Domain_Example\",\n })\nassociation3 = aws.ec2transitgateway.MulticastDomainAssociation(\"association3\",\n subnet_id=subnet3.id,\n transit_gateway_attachment_id=attachment2.id,\n transit_gateway_multicast_domain_id=domain.id)\nsource = aws.ec2transitgateway.MulticastGroupSource(\"source\",\n group_ip_address=\"224.0.0.1\",\n network_interface_id=instance3.primary_network_interface_id,\n transit_gateway_multicast_domain_id=association3.transit_gateway_multicast_domain_id)\nassociation1 = aws.ec2transitgateway.MulticastDomainAssociation(\"association1\",\n subnet_id=subnet1.id,\n transit_gateway_attachment_id=attachment1.id,\n transit_gateway_multicast_domain_id=domain.id)\nassociation2 = aws.ec2transitgateway.MulticastDomainAssociation(\"association2\",\n subnet_id=subnet2.id,\n transit_gateway_attachment_id=attachment2.id,\n transit_gateway_multicast_domain_id=domain.id)\nmember1 = aws.ec2transitgateway.MulticastGroupMember(\"member1\",\n group_ip_address=\"224.0.0.1\",\n network_interface_id=instance1.primary_network_interface_id,\n transit_gateway_multicast_domain_id=association1.transit_gateway_multicast_domain_id)\nmember2 = aws.ec2transitgateway.MulticastGroupMember(\"member2\",\n group_ip_address=\"224.0.0.1\",\n network_interface_id=instance2.primary_network_interface_id,\n transit_gateway_multicast_domain_id=association1.transit_gateway_multicast_domain_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var amazonLinux = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-hvm-*-x86_64-gp2\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"owner-alias\",\n Values = new[]\n {\n \"amazon\",\n },\n },\n },\n });\n\n var vpc1 = new Aws.Ec2.Vpc(\"vpc1\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var vpc2 = new Aws.Ec2.Vpc(\"vpc2\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var subnet1 = new Aws.Ec2.Subnet(\"subnet1\", new()\n {\n VpcId = vpc1.Id,\n CidrBlock = \"10.0.1.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var subnet2 = new Aws.Ec2.Subnet(\"subnet2\", new()\n {\n VpcId = vpc1.Id,\n CidrBlock = \"10.0.2.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n });\n\n var subnet3 = new Aws.Ec2.Subnet(\"subnet3\", new()\n {\n VpcId = vpc2.Id,\n CidrBlock = \"10.1.1.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var instance1 = new Aws.Ec2.Instance(\"instance1\", new()\n {\n Ami = amazonLinux.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n SubnetId = subnet1.Id,\n });\n\n var instance2 = new Aws.Ec2.Instance(\"instance2\", new()\n {\n Ami = amazonLinux.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n SubnetId = subnet2.Id,\n });\n\n var instance3 = new Aws.Ec2.Instance(\"instance3\", new()\n {\n Ami = amazonLinux.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n SubnetId = subnet3.Id,\n });\n\n var tgw = new Aws.Ec2TransitGateway.TransitGateway(\"tgw\", new()\n {\n MulticastSupport = \"enable\",\n });\n\n var attachment1 = new Aws.Ec2TransitGateway.VpcAttachment(\"attachment1\", new()\n {\n SubnetIds = new[]\n {\n subnet1.Id,\n subnet2.Id,\n },\n TransitGatewayId = tgw.Id,\n VpcId = vpc1.Id,\n });\n\n var attachment2 = new Aws.Ec2TransitGateway.VpcAttachment(\"attachment2\", new()\n {\n SubnetIds = new[]\n {\n subnet3.Id,\n },\n TransitGatewayId = tgw.Id,\n VpcId = vpc2.Id,\n });\n\n var domain = new Aws.Ec2TransitGateway.MulticastDomain(\"domain\", new()\n {\n TransitGatewayId = tgw.Id,\n StaticSourcesSupport = \"enable\",\n Tags = \n {\n { \"Name\", \"Transit_Gateway_Multicast_Domain_Example\" },\n },\n });\n\n var association3 = new Aws.Ec2TransitGateway.MulticastDomainAssociation(\"association3\", new()\n {\n SubnetId = subnet3.Id,\n TransitGatewayAttachmentId = attachment2.Id,\n TransitGatewayMulticastDomainId = domain.Id,\n });\n\n var source = new Aws.Ec2TransitGateway.MulticastGroupSource(\"source\", new()\n {\n GroupIpAddress = \"224.0.0.1\",\n NetworkInterfaceId = instance3.PrimaryNetworkInterfaceId,\n TransitGatewayMulticastDomainId = association3.TransitGatewayMulticastDomainId,\n });\n\n var association1 = new Aws.Ec2TransitGateway.MulticastDomainAssociation(\"association1\", new()\n {\n SubnetId = subnet1.Id,\n TransitGatewayAttachmentId = attachment1.Id,\n TransitGatewayMulticastDomainId = domain.Id,\n });\n\n var association2 = new Aws.Ec2TransitGateway.MulticastDomainAssociation(\"association2\", new()\n {\n SubnetId = subnet2.Id,\n TransitGatewayAttachmentId = attachment2.Id,\n TransitGatewayMulticastDomainId = domain.Id,\n });\n\n var member1 = new Aws.Ec2TransitGateway.MulticastGroupMember(\"member1\", new()\n {\n GroupIpAddress = \"224.0.0.1\",\n NetworkInterfaceId = instance1.PrimaryNetworkInterfaceId,\n TransitGatewayMulticastDomainId = association1.TransitGatewayMulticastDomainId,\n });\n\n var member2 = new Aws.Ec2TransitGateway.MulticastGroupMember(\"member2\", new()\n {\n GroupIpAddress = \"224.0.0.1\",\n NetworkInterfaceId = instance2.PrimaryNetworkInterfaceId,\n TransitGatewayMulticastDomainId = association1.TransitGatewayMulticastDomainId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tamazonLinux, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*-x86_64-gp2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"owner-alias\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amazon\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpc1, err := ec2.NewVpc(ctx, \"vpc1\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpc2, err := ec2.NewVpc(ctx, \"vpc2\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet1, err := ec2.NewSubnet(ctx, \"subnet1\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: vpc1.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet2, err := ec2.NewSubnet(ctx, \"subnet2\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: vpc1.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet3, err := ec2.NewSubnet(ctx, \"subnet3\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: vpc2.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance1, err := ec2.NewInstance(ctx, \"instance1\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(amazonLinux.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tSubnetId: subnet1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance2, err := ec2.NewInstance(ctx, \"instance2\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(amazonLinux.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tSubnetId: subnet2.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance3, err := ec2.NewInstance(ctx, \"instance3\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(amazonLinux.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tSubnetId: subnet3.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttgw, err := ec2transitgateway.NewTransitGateway(ctx, \"tgw\", \u0026ec2transitgateway.TransitGatewayArgs{\n\t\t\tMulticastSupport: pulumi.String(\"enable\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment1, err := ec2transitgateway.NewVpcAttachment(ctx, \"attachment1\", \u0026ec2transitgateway.VpcAttachmentArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tsubnet1.ID(),\n\t\t\t\tsubnet2.ID(),\n\t\t\t},\n\t\t\tTransitGatewayId: tgw.ID(),\n\t\t\tVpcId: vpc1.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tattachment2, err := ec2transitgateway.NewVpcAttachment(ctx, \"attachment2\", \u0026ec2transitgateway.VpcAttachmentArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tsubnet3.ID(),\n\t\t\t},\n\t\t\tTransitGatewayId: tgw.ID(),\n\t\t\tVpcId: vpc2.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := ec2transitgateway.NewMulticastDomain(ctx, \"domain\", \u0026ec2transitgateway.MulticastDomainArgs{\n\t\t\tTransitGatewayId: tgw.ID(),\n\t\t\tStaticSourcesSupport: pulumi.String(\"enable\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Transit_Gateway_Multicast_Domain_Example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassociation3, err := ec2transitgateway.NewMulticastDomainAssociation(ctx, \"association3\", \u0026ec2transitgateway.MulticastDomainAssociationArgs{\n\t\t\tSubnetId: subnet3.ID(),\n\t\t\tTransitGatewayAttachmentId: attachment2.ID(),\n\t\t\tTransitGatewayMulticastDomainId: domain.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastGroupSource(ctx, \"source\", \u0026ec2transitgateway.MulticastGroupSourceArgs{\n\t\t\tGroupIpAddress: pulumi.String(\"224.0.0.1\"),\n\t\t\tNetworkInterfaceId: instance3.PrimaryNetworkInterfaceId,\n\t\t\tTransitGatewayMulticastDomainId: association3.TransitGatewayMulticastDomainId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassociation1, err := ec2transitgateway.NewMulticastDomainAssociation(ctx, \"association1\", \u0026ec2transitgateway.MulticastDomainAssociationArgs{\n\t\t\tSubnetId: subnet1.ID(),\n\t\t\tTransitGatewayAttachmentId: attachment1.ID(),\n\t\t\tTransitGatewayMulticastDomainId: domain.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastDomainAssociation(ctx, \"association2\", \u0026ec2transitgateway.MulticastDomainAssociationArgs{\n\t\t\tSubnetId: subnet2.ID(),\n\t\t\tTransitGatewayAttachmentId: attachment2.ID(),\n\t\t\tTransitGatewayMulticastDomainId: domain.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastGroupMember(ctx, \"member1\", \u0026ec2transitgateway.MulticastGroupMemberArgs{\n\t\t\tGroupIpAddress: pulumi.String(\"224.0.0.1\"),\n\t\t\tNetworkInterfaceId: instance1.PrimaryNetworkInterfaceId,\n\t\t\tTransitGatewayMulticastDomainId: association1.TransitGatewayMulticastDomainId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewMulticastGroupMember(ctx, \"member2\", \u0026ec2transitgateway.MulticastGroupMemberArgs{\n\t\t\tGroupIpAddress: pulumi.String(\"224.0.0.1\"),\n\t\t\tNetworkInterfaceId: instance2.PrimaryNetworkInterfaceId,\n\t\t\tTransitGatewayMulticastDomainId: association1.TransitGatewayMulticastDomainId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2transitgateway.TransitGateway;\nimport com.pulumi.aws.ec2transitgateway.TransitGatewayArgs;\nimport com.pulumi.aws.ec2transitgateway.VpcAttachment;\nimport com.pulumi.aws.ec2transitgateway.VpcAttachmentArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomain;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomainArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomainAssociation;\nimport com.pulumi.aws.ec2transitgateway.MulticastDomainAssociationArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupSource;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupSourceArgs;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupMember;\nimport com.pulumi.aws.ec2transitgateway.MulticastGroupMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n final var amazonLinux = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-hvm-*-x86_64-gp2\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"owner-alias\")\n .values(\"amazon\")\n .build())\n .build());\n\n var vpc1 = new Vpc(\"vpc1\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var vpc2 = new Vpc(\"vpc2\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var subnet1 = new Subnet(\"subnet1\", SubnetArgs.builder() \n .vpcId(vpc1.id())\n .cidrBlock(\"10.0.1.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var subnet2 = new Subnet(\"subnet2\", SubnetArgs.builder() \n .vpcId(vpc1.id())\n .cidrBlock(\"10.0.2.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .build());\n\n var subnet3 = new Subnet(\"subnet3\", SubnetArgs.builder() \n .vpcId(vpc2.id())\n .cidrBlock(\"10.1.1.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var instance1 = new Instance(\"instance1\", InstanceArgs.builder() \n .ami(amazonLinux.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .subnetId(subnet1.id())\n .build());\n\n var instance2 = new Instance(\"instance2\", InstanceArgs.builder() \n .ami(amazonLinux.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .subnetId(subnet2.id())\n .build());\n\n var instance3 = new Instance(\"instance3\", InstanceArgs.builder() \n .ami(amazonLinux.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .subnetId(subnet3.id())\n .build());\n\n var tgw = new TransitGateway(\"tgw\", TransitGatewayArgs.builder() \n .multicastSupport(\"enable\")\n .build());\n\n var attachment1 = new VpcAttachment(\"attachment1\", VpcAttachmentArgs.builder() \n .subnetIds( \n subnet1.id(),\n subnet2.id())\n .transitGatewayId(tgw.id())\n .vpcId(vpc1.id())\n .build());\n\n var attachment2 = new VpcAttachment(\"attachment2\", VpcAttachmentArgs.builder() \n .subnetIds(subnet3.id())\n .transitGatewayId(tgw.id())\n .vpcId(vpc2.id())\n .build());\n\n var domain = new MulticastDomain(\"domain\", MulticastDomainArgs.builder() \n .transitGatewayId(tgw.id())\n .staticSourcesSupport(\"enable\")\n .tags(Map.of(\"Name\", \"Transit_Gateway_Multicast_Domain_Example\"))\n .build());\n\n var association3 = new MulticastDomainAssociation(\"association3\", MulticastDomainAssociationArgs.builder() \n .subnetId(subnet3.id())\n .transitGatewayAttachmentId(attachment2.id())\n .transitGatewayMulticastDomainId(domain.id())\n .build());\n\n var source = new MulticastGroupSource(\"source\", MulticastGroupSourceArgs.builder() \n .groupIpAddress(\"224.0.0.1\")\n .networkInterfaceId(instance3.primaryNetworkInterfaceId())\n .transitGatewayMulticastDomainId(association3.transitGatewayMulticastDomainId())\n .build());\n\n var association1 = new MulticastDomainAssociation(\"association1\", MulticastDomainAssociationArgs.builder() \n .subnetId(subnet1.id())\n .transitGatewayAttachmentId(attachment1.id())\n .transitGatewayMulticastDomainId(domain.id())\n .build());\n\n var association2 = new MulticastDomainAssociation(\"association2\", MulticastDomainAssociationArgs.builder() \n .subnetId(subnet2.id())\n .transitGatewayAttachmentId(attachment2.id())\n .transitGatewayMulticastDomainId(domain.id())\n .build());\n\n var member1 = new MulticastGroupMember(\"member1\", MulticastGroupMemberArgs.builder() \n .groupIpAddress(\"224.0.0.1\")\n .networkInterfaceId(instance1.primaryNetworkInterfaceId())\n .transitGatewayMulticastDomainId(association1.transitGatewayMulticastDomainId())\n .build());\n\n var member2 = new MulticastGroupMember(\"member2\", MulticastGroupMemberArgs.builder() \n .groupIpAddress(\"224.0.0.1\")\n .networkInterfaceId(instance2.primaryNetworkInterfaceId())\n .transitGatewayMulticastDomainId(association1.transitGatewayMulticastDomainId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vpc1:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n vpc2:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n subnet1:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${vpc1.id}\n cidrBlock: 10.0.1.0/24\n availabilityZone: ${available.names[0]}\n subnet2:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${vpc1.id}\n cidrBlock: 10.0.2.0/24\n availabilityZone: ${available.names[1]}\n subnet3:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${vpc2.id}\n cidrBlock: 10.1.1.0/24\n availabilityZone: ${available.names[0]}\n instance1:\n type: aws:ec2:Instance\n properties:\n ami: ${amazonLinux.id}\n instanceType: t2.micro\n subnetId: ${subnet1.id}\n instance2:\n type: aws:ec2:Instance\n properties:\n ami: ${amazonLinux.id}\n instanceType: t2.micro\n subnetId: ${subnet2.id}\n instance3:\n type: aws:ec2:Instance\n properties:\n ami: ${amazonLinux.id}\n instanceType: t2.micro\n subnetId: ${subnet3.id}\n tgw:\n type: aws:ec2transitgateway:TransitGateway\n properties:\n multicastSupport: enable\n attachment1:\n type: aws:ec2transitgateway:VpcAttachment\n properties:\n subnetIds:\n - ${subnet1.id}\n - ${subnet2.id}\n transitGatewayId: ${tgw.id}\n vpcId: ${vpc1.id}\n attachment2:\n type: aws:ec2transitgateway:VpcAttachment\n properties:\n subnetIds:\n - ${subnet3.id}\n transitGatewayId: ${tgw.id}\n vpcId: ${vpc2.id}\n domain:\n type: aws:ec2transitgateway:MulticastDomain\n properties:\n transitGatewayId: ${tgw.id}\n staticSourcesSupport: enable\n tags:\n Name: Transit_Gateway_Multicast_Domain_Example\n association3:\n type: aws:ec2transitgateway:MulticastDomainAssociation\n properties:\n subnetId: ${subnet3.id}\n transitGatewayAttachmentId: ${attachment2.id}\n transitGatewayMulticastDomainId: ${domain.id}\n source:\n type: aws:ec2transitgateway:MulticastGroupSource\n properties:\n groupIpAddress: 224.0.0.1\n networkInterfaceId: ${instance3.primaryNetworkInterfaceId}\n transitGatewayMulticastDomainId: ${association3.transitGatewayMulticastDomainId}\n association1:\n type: aws:ec2transitgateway:MulticastDomainAssociation\n properties:\n subnetId: ${subnet1.id}\n transitGatewayAttachmentId: ${attachment1.id}\n transitGatewayMulticastDomainId: ${domain.id}\n association2:\n type: aws:ec2transitgateway:MulticastDomainAssociation\n properties:\n subnetId: ${subnet2.id}\n transitGatewayAttachmentId: ${attachment2.id}\n transitGatewayMulticastDomainId: ${domain.id}\n member1:\n type: aws:ec2transitgateway:MulticastGroupMember\n properties:\n groupIpAddress: 224.0.0.1\n networkInterfaceId: ${instance1.primaryNetworkInterfaceId}\n transitGatewayMulticastDomainId: ${association1.transitGatewayMulticastDomainId}\n member2:\n type: aws:ec2transitgateway:MulticastGroupMember\n properties:\n groupIpAddress: 224.0.0.1\n networkInterfaceId: ${instance2.primaryNetworkInterfaceId}\n transitGatewayMulticastDomainId: ${association1.transitGatewayMulticastDomainId}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n amazonLinux:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - amzn-ami-hvm-*-x86_64-gp2\n - name: owner-alias\n values:\n - amazon\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_transit_gateway_multicast_domain` using the EC2 Transit Gateway Multicast Domain identifier. For example:\n\n```sh\n$ pulumi import aws:ec2transitgateway/multicastDomain:MulticastDomain example tgw-mcast-domain-12345\n```\n", "properties": { "arn": { "type": "string", @@ -225754,7 +225754,7 @@ } }, "aws:ec2transitgateway/peeringAttachment:PeeringAttachment": { - "description": "Manages an EC2 Transit Gateway Peering Attachment.\nFor examples of custom route table association and propagation, see the [EC2 Transit Gateway Networking Examples Guide](https://docs.aws.amazon.com/vpc/latest/tgw/TGW_Scenarios.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst peer = aws.getRegion({});\nconst local = new aws.ec2transitgateway.TransitGateway(\"local\", {tags: {\n Name: \"Local TGW\",\n}});\nconst peerTransitGateway = new aws.ec2transitgateway.TransitGateway(\"peer\", {tags: {\n Name: \"Peer TGW\",\n}});\nconst example = new aws.ec2transitgateway.PeeringAttachment(\"example\", {\n peerAccountId: peerTransitGateway.ownerId,\n peerRegion: peer.then(peer =\u003e peer.name),\n peerTransitGatewayId: peerTransitGateway.id,\n transitGatewayId: local.id,\n tags: {\n Name: \"TGW Peering Requestor\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npeer = aws.get_region()\nlocal = aws.ec2transitgateway.TransitGateway(\"local\", tags={\n \"Name\": \"Local TGW\",\n})\npeer_transit_gateway = aws.ec2transitgateway.TransitGateway(\"peer\", tags={\n \"Name\": \"Peer TGW\",\n})\nexample = aws.ec2transitgateway.PeeringAttachment(\"example\",\n peer_account_id=peer_transit_gateway.owner_id,\n peer_region=peer.name,\n peer_transit_gateway_id=peer_transit_gateway.id,\n transit_gateway_id=local.id,\n tags={\n \"Name\": \"TGW Peering Requestor\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = Aws.GetRegion.Invoke();\n\n var local = new Aws.Ec2TransitGateway.TransitGateway(\"local\", new()\n {\n Tags = \n {\n { \"Name\", \"Local TGW\" },\n },\n });\n\n var peerTransitGateway = new Aws.Ec2TransitGateway.TransitGateway(\"peer\", new()\n {\n Tags = \n {\n { \"Name\", \"Peer TGW\" },\n },\n });\n\n var example = new Aws.Ec2TransitGateway.PeeringAttachment(\"example\", new()\n {\n PeerAccountId = peerTransitGateway.OwnerId,\n PeerRegion = peer.Apply(getRegionResult =\u003e getRegionResult.Name),\n PeerTransitGatewayId = peerTransitGateway.Id,\n TransitGatewayId = local.Id,\n Tags = \n {\n { \"Name\", \"TGW Peering Requestor\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpeer, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlocal, err := ec2transitgateway.NewTransitGateway(ctx, \"local\", \u0026ec2transitgateway.TransitGatewayArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Local TGW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, \"peer\", \u0026ec2transitgateway.TransitGatewayArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Peer TGW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewPeeringAttachment(ctx, \"example\", \u0026ec2transitgateway.PeeringAttachmentArgs{\n\t\t\tPeerAccountId: peerTransitGateway.OwnerId,\n\t\t\tPeerRegion: *pulumi.String(peer.Name),\n\t\t\tPeerTransitGatewayId: peerTransitGateway.ID(),\n\t\t\tTransitGatewayId: local.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"TGW Peering Requestor\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2transitgateway.TransitGateway;\nimport com.pulumi.aws.ec2transitgateway.TransitGatewayArgs;\nimport com.pulumi.aws.ec2transitgateway.PeeringAttachment;\nimport com.pulumi.aws.ec2transitgateway.PeeringAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var peer = AwsFunctions.getRegion();\n\n var local = new TransitGateway(\"local\", TransitGatewayArgs.builder() \n .tags(Map.of(\"Name\", \"Local TGW\"))\n .build());\n\n var peerTransitGateway = new TransitGateway(\"peerTransitGateway\", TransitGatewayArgs.builder() \n .tags(Map.of(\"Name\", \"Peer TGW\"))\n .build());\n\n var example = new PeeringAttachment(\"example\", PeeringAttachmentArgs.builder() \n .peerAccountId(peerTransitGateway.ownerId())\n .peerRegion(peer.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .peerTransitGatewayId(peerTransitGateway.id())\n .transitGatewayId(local.id())\n .tags(Map.of(\"Name\", \"TGW Peering Requestor\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n local:\n type: aws:ec2transitgateway:TransitGateway\n properties:\n tags:\n Name: Local TGW\n peerTransitGateway:\n type: aws:ec2transitgateway:TransitGateway\n name: peer\n properties:\n tags:\n Name: Peer TGW\n example:\n type: aws:ec2transitgateway:PeeringAttachment\n properties:\n peerAccountId: ${peerTransitGateway.ownerId}\n peerRegion: ${peer.name}\n peerTransitGatewayId: ${peerTransitGateway.id}\n transitGatewayId: ${local.id}\n tags:\n Name: TGW Peering Requestor\nvariables:\n peer:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_transit_gateway_peering_attachment` using the EC2 Transit Gateway Attachment identifier. For example:\n\n```sh\n$ pulumi import aws:ec2transitgateway/peeringAttachment:PeeringAttachment example tgw-attach-12345678\n```\n", + "description": "Manages an EC2 Transit Gateway Peering Attachment.\nFor examples of custom route table association and propagation, see the [EC2 Transit Gateway Networking Examples Guide](https://docs.aws.amazon.com/vpc/latest/tgw/TGW_Scenarios.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst peer = aws.getRegion({});\nconst local = new aws.ec2transitgateway.TransitGateway(\"local\", {tags: {\n Name: \"Local TGW\",\n}});\nconst peerTransitGateway = new aws.ec2transitgateway.TransitGateway(\"peer\", {tags: {\n Name: \"Peer TGW\",\n}});\nconst example = new aws.ec2transitgateway.PeeringAttachment(\"example\", {\n peerAccountId: peerTransitGateway.ownerId,\n peerRegion: peer.then(peer =\u003e peer.name),\n peerTransitGatewayId: peerTransitGateway.id,\n transitGatewayId: local.id,\n tags: {\n Name: \"TGW Peering Requestor\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npeer = aws.get_region()\nlocal = aws.ec2transitgateway.TransitGateway(\"local\", tags={\n \"Name\": \"Local TGW\",\n})\npeer_transit_gateway = aws.ec2transitgateway.TransitGateway(\"peer\", tags={\n \"Name\": \"Peer TGW\",\n})\nexample = aws.ec2transitgateway.PeeringAttachment(\"example\",\n peer_account_id=peer_transit_gateway.owner_id,\n peer_region=peer.name,\n peer_transit_gateway_id=peer_transit_gateway.id,\n transit_gateway_id=local.id,\n tags={\n \"Name\": \"TGW Peering Requestor\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = Aws.GetRegion.Invoke();\n\n var local = new Aws.Ec2TransitGateway.TransitGateway(\"local\", new()\n {\n Tags = \n {\n { \"Name\", \"Local TGW\" },\n },\n });\n\n var peerTransitGateway = new Aws.Ec2TransitGateway.TransitGateway(\"peer\", new()\n {\n Tags = \n {\n { \"Name\", \"Peer TGW\" },\n },\n });\n\n var example = new Aws.Ec2TransitGateway.PeeringAttachment(\"example\", new()\n {\n PeerAccountId = peerTransitGateway.OwnerId,\n PeerRegion = peer.Apply(getRegionResult =\u003e getRegionResult.Name),\n PeerTransitGatewayId = peerTransitGateway.Id,\n TransitGatewayId = local.Id,\n Tags = \n {\n { \"Name\", \"TGW Peering Requestor\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpeer, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlocal, err := ec2transitgateway.NewTransitGateway(ctx, \"local\", \u0026ec2transitgateway.TransitGatewayArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Local TGW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, \"peer\", \u0026ec2transitgateway.TransitGatewayArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Peer TGW\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewPeeringAttachment(ctx, \"example\", \u0026ec2transitgateway.PeeringAttachmentArgs{\n\t\t\tPeerAccountId: peerTransitGateway.OwnerId,\n\t\t\tPeerRegion: pulumi.String(peer.Name),\n\t\t\tPeerTransitGatewayId: peerTransitGateway.ID(),\n\t\t\tTransitGatewayId: local.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"TGW Peering Requestor\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2transitgateway.TransitGateway;\nimport com.pulumi.aws.ec2transitgateway.TransitGatewayArgs;\nimport com.pulumi.aws.ec2transitgateway.PeeringAttachment;\nimport com.pulumi.aws.ec2transitgateway.PeeringAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var peer = AwsFunctions.getRegion();\n\n var local = new TransitGateway(\"local\", TransitGatewayArgs.builder() \n .tags(Map.of(\"Name\", \"Local TGW\"))\n .build());\n\n var peerTransitGateway = new TransitGateway(\"peerTransitGateway\", TransitGatewayArgs.builder() \n .tags(Map.of(\"Name\", \"Peer TGW\"))\n .build());\n\n var example = new PeeringAttachment(\"example\", PeeringAttachmentArgs.builder() \n .peerAccountId(peerTransitGateway.ownerId())\n .peerRegion(peer.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .peerTransitGatewayId(peerTransitGateway.id())\n .transitGatewayId(local.id())\n .tags(Map.of(\"Name\", \"TGW Peering Requestor\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n local:\n type: aws:ec2transitgateway:TransitGateway\n properties:\n tags:\n Name: Local TGW\n peerTransitGateway:\n type: aws:ec2transitgateway:TransitGateway\n name: peer\n properties:\n tags:\n Name: Peer TGW\n example:\n type: aws:ec2transitgateway:PeeringAttachment\n properties:\n peerAccountId: ${peerTransitGateway.ownerId}\n peerRegion: ${peer.name}\n peerTransitGatewayId: ${peerTransitGateway.id}\n transitGatewayId: ${local.id}\n tags:\n Name: TGW Peering Requestor\nvariables:\n peer:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_ec2_transit_gateway_peering_attachment` using the EC2 Transit Gateway Attachment identifier. For example:\n\n```sh\n$ pulumi import aws:ec2transitgateway/peeringAttachment:PeeringAttachment example tgw-attach-12345678\n```\n", "properties": { "peerAccountId": { "type": "string", @@ -227341,7 +227341,7 @@ } }, "aws:ecr/replicationConfiguration:ReplicationConfiguration": { - "description": "Provides an Elastic Container Registry Replication Configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"example\", {replicationConfiguration: {\n rules: [{\n destinations: [{\n region: example.then(example =\u003e example.names?.[0]),\n registryId: current.then(current =\u003e current.accountId),\n }],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"example\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rules=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[0],\n registry_id=current.account_id,\n )],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.GetRegions.Invoke();\n\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"example\", new()\n {\n ReplicationConfigurationDetails = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rules = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[0]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"example\", \u0026ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: \u0026ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRules: ecr.ReplicationConfigurationReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: *pulumi.String(example.Names[0]),\n\t\t\t\t\t\t\t\tRegistryId: *pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionsArgs;\nimport com.pulumi.aws.ecr.ReplicationConfiguration;\nimport com.pulumi.aws.ecr.ReplicationConfigurationArgs;\nimport com.pulumi.aws.ecr.inputs.ReplicationConfigurationReplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = AwsFunctions.getRegions();\n\n var exampleReplicationConfiguration = new ReplicationConfiguration(\"exampleReplicationConfiguration\", ReplicationConfigurationArgs.builder() \n .replicationConfiguration(ReplicationConfigurationReplicationConfigurationArgs.builder()\n .rules(ReplicationConfigurationReplicationConfigurationRuleArgs.builder()\n .destinations(ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[0]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleReplicationConfiguration:\n type: aws:ecr:ReplicationConfiguration\n name: example\n properties:\n replicationConfiguration:\n rules:\n - destinations:\n - region: ${example.names[0]}\n registryId: ${current.accountId}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:getRegions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Multiple Region Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"example\", {replicationConfiguration: {\n rules: [{\n destinations: [\n {\n region: example.then(example =\u003e example.names?.[0]),\n registryId: current.then(current =\u003e current.accountId),\n },\n {\n region: example.then(example =\u003e example.names?.[1]),\n registryId: current.then(current =\u003e current.accountId),\n },\n ],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"example\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rules=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[\n aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[0],\n registry_id=current.account_id,\n ),\n aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[1],\n registry_id=current.account_id,\n ),\n ],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.GetRegions.Invoke();\n\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"example\", new()\n {\n ReplicationConfigurationDetails = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rules = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[0]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[1]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"example\", \u0026ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: \u0026ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRules: ecr.ReplicationConfigurationReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: *pulumi.String(example.Names[0]),\n\t\t\t\t\t\t\t\tRegistryId: *pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: *pulumi.String(example.Names[1]),\n\t\t\t\t\t\t\t\tRegistryId: *pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionsArgs;\nimport com.pulumi.aws.ecr.ReplicationConfiguration;\nimport com.pulumi.aws.ecr.ReplicationConfigurationArgs;\nimport com.pulumi.aws.ecr.inputs.ReplicationConfigurationReplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = AwsFunctions.getRegions();\n\n var exampleReplicationConfiguration = new ReplicationConfiguration(\"exampleReplicationConfiguration\", ReplicationConfigurationArgs.builder() \n .replicationConfiguration(ReplicationConfigurationReplicationConfigurationArgs.builder()\n .rules(ReplicationConfigurationReplicationConfigurationRuleArgs.builder()\n .destinations( \n ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[0]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build(),\n ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[1]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleReplicationConfiguration:\n type: aws:ecr:ReplicationConfiguration\n name: example\n properties:\n replicationConfiguration:\n rules:\n - destinations:\n - region: ${example.names[0]}\n registryId: ${current.accountId}\n - region: ${example.names[1]}\n registryId: ${current.accountId}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:getRegions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Repository Filter Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"example\", {replicationConfiguration: {\n rules: [{\n destinations: [{\n region: example.then(example =\u003e example.names?.[0]),\n registryId: current.then(current =\u003e current.accountId),\n }],\n repositoryFilters: [{\n filter: \"prod-microservice\",\n filterType: \"PREFIX_MATCH\",\n }],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"example\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rules=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[0],\n registry_id=current.account_id,\n )],\n repository_filters=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs(\n filter=\"prod-microservice\",\n filter_type=\"PREFIX_MATCH\",\n )],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.GetRegions.Invoke();\n\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"example\", new()\n {\n ReplicationConfigurationDetails = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rules = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[0]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n RepositoryFilters = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs\n {\n Filter = \"prod-microservice\",\n FilterType = \"PREFIX_MATCH\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"example\", \u0026ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: \u0026ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRules: ecr.ReplicationConfigurationReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: *pulumi.String(example.Names[0]),\n\t\t\t\t\t\t\t\tRegistryId: *pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRepositoryFilters: ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs{\n\t\t\t\t\t\t\t\tFilter: pulumi.String(\"prod-microservice\"),\n\t\t\t\t\t\t\t\tFilterType: pulumi.String(\"PREFIX_MATCH\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionsArgs;\nimport com.pulumi.aws.ecr.ReplicationConfiguration;\nimport com.pulumi.aws.ecr.ReplicationConfigurationArgs;\nimport com.pulumi.aws.ecr.inputs.ReplicationConfigurationReplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = AwsFunctions.getRegions();\n\n var exampleReplicationConfiguration = new ReplicationConfiguration(\"exampleReplicationConfiguration\", ReplicationConfigurationArgs.builder() \n .replicationConfiguration(ReplicationConfigurationReplicationConfigurationArgs.builder()\n .rules(ReplicationConfigurationReplicationConfigurationRuleArgs.builder()\n .destinations(ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[0]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .repositoryFilters(ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs.builder()\n .filter(\"prod-microservice\")\n .filterType(\"PREFIX_MATCH\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleReplicationConfiguration:\n type: aws:ecr:ReplicationConfiguration\n name: example\n properties:\n replicationConfiguration:\n rules:\n - destinations:\n - region: ${example.names[0]}\n registryId: ${current.accountId}\n repositoryFilters:\n - filter: prod-microservice\n filterType: PREFIX_MATCH\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:getRegions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import ECR Replication Configuration using the `registry_id`. For example:\n\n```sh\n$ pulumi import aws:ecr/replicationConfiguration:ReplicationConfiguration service 012345678912\n```\n", + "description": "Provides an Elastic Container Registry Replication Configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"example\", {replicationConfiguration: {\n rules: [{\n destinations: [{\n region: example.then(example =\u003e example.names?.[0]),\n registryId: current.then(current =\u003e current.accountId),\n }],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"example\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rules=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[0],\n registry_id=current.account_id,\n )],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.GetRegions.Invoke();\n\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"example\", new()\n {\n ReplicationConfigurationDetails = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rules = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[0]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"example\", \u0026ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: \u0026ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRules: ecr.ReplicationConfigurationReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: pulumi.String(example.Names[0]),\n\t\t\t\t\t\t\t\tRegistryId: pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionsArgs;\nimport com.pulumi.aws.ecr.ReplicationConfiguration;\nimport com.pulumi.aws.ecr.ReplicationConfigurationArgs;\nimport com.pulumi.aws.ecr.inputs.ReplicationConfigurationReplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = AwsFunctions.getRegions();\n\n var exampleReplicationConfiguration = new ReplicationConfiguration(\"exampleReplicationConfiguration\", ReplicationConfigurationArgs.builder() \n .replicationConfiguration(ReplicationConfigurationReplicationConfigurationArgs.builder()\n .rules(ReplicationConfigurationReplicationConfigurationRuleArgs.builder()\n .destinations(ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[0]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleReplicationConfiguration:\n type: aws:ecr:ReplicationConfiguration\n name: example\n properties:\n replicationConfiguration:\n rules:\n - destinations:\n - region: ${example.names[0]}\n registryId: ${current.accountId}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:getRegions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Multiple Region Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"example\", {replicationConfiguration: {\n rules: [{\n destinations: [\n {\n region: example.then(example =\u003e example.names?.[0]),\n registryId: current.then(current =\u003e current.accountId),\n },\n {\n region: example.then(example =\u003e example.names?.[1]),\n registryId: current.then(current =\u003e current.accountId),\n },\n ],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"example\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rules=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[\n aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[0],\n registry_id=current.account_id,\n ),\n aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[1],\n registry_id=current.account_id,\n ),\n ],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.GetRegions.Invoke();\n\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"example\", new()\n {\n ReplicationConfigurationDetails = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rules = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[0]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[1]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"example\", \u0026ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: \u0026ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRules: ecr.ReplicationConfigurationReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: pulumi.String(example.Names[0]),\n\t\t\t\t\t\t\t\tRegistryId: pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: pulumi.String(example.Names[1]),\n\t\t\t\t\t\t\t\tRegistryId: pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionsArgs;\nimport com.pulumi.aws.ecr.ReplicationConfiguration;\nimport com.pulumi.aws.ecr.ReplicationConfigurationArgs;\nimport com.pulumi.aws.ecr.inputs.ReplicationConfigurationReplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = AwsFunctions.getRegions();\n\n var exampleReplicationConfiguration = new ReplicationConfiguration(\"exampleReplicationConfiguration\", ReplicationConfigurationArgs.builder() \n .replicationConfiguration(ReplicationConfigurationReplicationConfigurationArgs.builder()\n .rules(ReplicationConfigurationReplicationConfigurationRuleArgs.builder()\n .destinations( \n ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[0]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build(),\n ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[1]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleReplicationConfiguration:\n type: aws:ecr:ReplicationConfiguration\n name: example\n properties:\n replicationConfiguration:\n rules:\n - destinations:\n - region: ${example.names[0]}\n registryId: ${current.accountId}\n - region: ${example.names[1]}\n registryId: ${current.accountId}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:getRegions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Repository Filter Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"example\", {replicationConfiguration: {\n rules: [{\n destinations: [{\n region: example.then(example =\u003e example.names?.[0]),\n registryId: current.then(current =\u003e current.accountId),\n }],\n repositoryFilters: [{\n filter: \"prod-microservice\",\n filterType: \"PREFIX_MATCH\",\n }],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"example\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rules=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example.names[0],\n registry_id=current.account_id,\n )],\n repository_filters=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs(\n filter=\"prod-microservice\",\n filter_type=\"PREFIX_MATCH\",\n )],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.GetRegions.Invoke();\n\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"example\", new()\n {\n ReplicationConfigurationDetails = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rules = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = example.Apply(getRegionsResult =\u003e getRegionsResult.Names[0]),\n RegistryId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n },\n RepositoryFilters = new[]\n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs\n {\n Filter = \"prod-microservice\",\n FilterType = \"PREFIX_MATCH\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"example\", \u0026ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: \u0026ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRules: ecr.ReplicationConfigurationReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\t\tRegion: pulumi.String(example.Names[0]),\n\t\t\t\t\t\t\t\tRegistryId: pulumi.String(current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRepositoryFilters: ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArray{\n\t\t\t\t\t\t\t\u0026ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs{\n\t\t\t\t\t\t\t\tFilter: pulumi.String(\"prod-microservice\"),\n\t\t\t\t\t\t\t\tFilterType: pulumi.String(\"PREFIX_MATCH\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionsArgs;\nimport com.pulumi.aws.ecr.ReplicationConfiguration;\nimport com.pulumi.aws.ecr.ReplicationConfigurationArgs;\nimport com.pulumi.aws.ecr.inputs.ReplicationConfigurationReplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = AwsFunctions.getRegions();\n\n var exampleReplicationConfiguration = new ReplicationConfiguration(\"exampleReplicationConfiguration\", ReplicationConfigurationArgs.builder() \n .replicationConfiguration(ReplicationConfigurationReplicationConfigurationArgs.builder()\n .rules(ReplicationConfigurationReplicationConfigurationRuleArgs.builder()\n .destinations(ReplicationConfigurationReplicationConfigurationRuleDestinationArgs.builder()\n .region(example.applyValue(getRegionsResult -\u003e getRegionsResult.names()[0]))\n .registryId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build())\n .repositoryFilters(ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArgs.builder()\n .filter(\"prod-microservice\")\n .filterType(\"PREFIX_MATCH\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleReplicationConfiguration:\n type: aws:ecr:ReplicationConfiguration\n name: example\n properties:\n replicationConfiguration:\n rules:\n - destinations:\n - region: ${example.names[0]}\n registryId: ${current.accountId}\n repositoryFilters:\n - filter: prod-microservice\n filterType: PREFIX_MATCH\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:getRegions\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import ECR Replication Configuration using the `registry_id`. For example:\n\n```sh\n$ pulumi import aws:ecr/replicationConfiguration:ReplicationConfiguration service 012345678912\n```\n", "properties": { "registryId": { "type": "string", @@ -227546,7 +227546,7 @@ } }, "aws:ecr/repositoryPolicy:RepositoryPolicy": { - "description": "Provides an Elastic Container Registry Repository Policy.\n\nNote that currently only one policy may be applied to a repository.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ecr.Repository(\"foo\", {name: \"bar\"});\nconst foopolicy = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"new policy\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n actions: [\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n }],\n});\nconst foopolicyRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"foopolicy\", {\n repository: foo.name,\n policy: foopolicy.then(foopolicy =\u003e foopolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ecr.Repository(\"foo\", name=\"bar\")\nfoopolicy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"new policy\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n actions=[\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n)])\nfoopolicy_repository_policy = aws.ecr.RepositoryPolicy(\"foopolicy\",\n repository=foo.name,\n policy=foopolicy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ecr.Repository(\"foo\", new()\n {\n Name = \"bar\",\n });\n\n var foopolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"new policy\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n Actions = new[]\n {\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n },\n },\n },\n });\n\n var foopolicyRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"foopolicy\", new()\n {\n Repository = foo.Name,\n Policy = foopolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ecr.NewRepository(ctx, \"foo\", \u0026ecr.RepositoryArgs{\n\t\t\tName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoopolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"new policy\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ecr:GetDownloadUrlForLayer\",\n\t\t\t\t\t\t\"ecr:BatchGetImage\",\n\t\t\t\t\t\t\"ecr:BatchCheckLayerAvailability\",\n\t\t\t\t\t\t\"ecr:PutImage\",\n\t\t\t\t\t\t\"ecr:InitiateLayerUpload\",\n\t\t\t\t\t\t\"ecr:UploadLayerPart\",\n\t\t\t\t\t\t\"ecr:CompleteLayerUpload\",\n\t\t\t\t\t\t\"ecr:DescribeRepositories\",\n\t\t\t\t\t\t\"ecr:GetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:ListImages\",\n\t\t\t\t\t\t\"ecr:DeleteRepository\",\n\t\t\t\t\t\t\"ecr:BatchDeleteImage\",\n\t\t\t\t\t\t\"ecr:SetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:DeleteRepositoryPolicy\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewRepositoryPolicy(ctx, \"foopolicy\", \u0026ecr.RepositoryPolicyArgs{\n\t\t\tRepository: foo.Name,\n\t\t\tPolicy: *pulumi.String(foopolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecr.Repository;\nimport com.pulumi.aws.ecr.RepositoryArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Repository(\"foo\", RepositoryArgs.builder() \n .name(\"bar\")\n .build());\n\n final var foopolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"new policy\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .actions( \n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\")\n .build())\n .build());\n\n var foopolicyRepositoryPolicy = new RepositoryPolicy(\"foopolicyRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repository(foo.name())\n .policy(foopolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ecr:Repository\n properties:\n name: bar\n foopolicyRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n name: foopolicy\n properties:\n repository: ${foo.name}\n policy: ${foopolicy.json}\nvariables:\n foopolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: new policy\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n actions:\n - ecr:GetDownloadUrlForLayer\n - ecr:BatchGetImage\n - ecr:BatchCheckLayerAvailability\n - ecr:PutImage\n - ecr:InitiateLayerUpload\n - ecr:UploadLayerPart\n - ecr:CompleteLayerUpload\n - ecr:DescribeRepositories\n - ecr:GetRepositoryPolicy\n - ecr:ListImages\n - ecr:DeleteRepository\n - ecr:BatchDeleteImage\n - ecr:SetRepositoryPolicy\n - ecr:DeleteRepositoryPolicy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import ECR Repository Policy using the repository name. For example:\n\n```sh\n$ pulumi import aws:ecr/repositoryPolicy:RepositoryPolicy example example\n```\n", + "description": "Provides an Elastic Container Registry Repository Policy.\n\nNote that currently only one policy may be applied to a repository.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ecr.Repository(\"foo\", {name: \"bar\"});\nconst foopolicy = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"new policy\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n actions: [\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n }],\n});\nconst foopolicyRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"foopolicy\", {\n repository: foo.name,\n policy: foopolicy.then(foopolicy =\u003e foopolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ecr.Repository(\"foo\", name=\"bar\")\nfoopolicy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"new policy\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n actions=[\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n)])\nfoopolicy_repository_policy = aws.ecr.RepositoryPolicy(\"foopolicy\",\n repository=foo.name,\n policy=foopolicy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ecr.Repository(\"foo\", new()\n {\n Name = \"bar\",\n });\n\n var foopolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"new policy\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n Actions = new[]\n {\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n },\n },\n },\n });\n\n var foopolicyRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"foopolicy\", new()\n {\n Repository = foo.Name,\n Policy = foopolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ecr.NewRepository(ctx, \"foo\", \u0026ecr.RepositoryArgs{\n\t\t\tName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoopolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"new policy\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ecr:GetDownloadUrlForLayer\",\n\t\t\t\t\t\t\"ecr:BatchGetImage\",\n\t\t\t\t\t\t\"ecr:BatchCheckLayerAvailability\",\n\t\t\t\t\t\t\"ecr:PutImage\",\n\t\t\t\t\t\t\"ecr:InitiateLayerUpload\",\n\t\t\t\t\t\t\"ecr:UploadLayerPart\",\n\t\t\t\t\t\t\"ecr:CompleteLayerUpload\",\n\t\t\t\t\t\t\"ecr:DescribeRepositories\",\n\t\t\t\t\t\t\"ecr:GetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:ListImages\",\n\t\t\t\t\t\t\"ecr:DeleteRepository\",\n\t\t\t\t\t\t\"ecr:BatchDeleteImage\",\n\t\t\t\t\t\t\"ecr:SetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:DeleteRepositoryPolicy\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewRepositoryPolicy(ctx, \"foopolicy\", \u0026ecr.RepositoryPolicyArgs{\n\t\t\tRepository: foo.Name,\n\t\t\tPolicy: pulumi.String(foopolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecr.Repository;\nimport com.pulumi.aws.ecr.RepositoryArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Repository(\"foo\", RepositoryArgs.builder() \n .name(\"bar\")\n .build());\n\n final var foopolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"new policy\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .actions( \n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\")\n .build())\n .build());\n\n var foopolicyRepositoryPolicy = new RepositoryPolicy(\"foopolicyRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repository(foo.name())\n .policy(foopolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ecr:Repository\n properties:\n name: bar\n foopolicyRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n name: foopolicy\n properties:\n repository: ${foo.name}\n policy: ${foopolicy.json}\nvariables:\n foopolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: new policy\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n actions:\n - ecr:GetDownloadUrlForLayer\n - ecr:BatchGetImage\n - ecr:BatchCheckLayerAvailability\n - ecr:PutImage\n - ecr:InitiateLayerUpload\n - ecr:UploadLayerPart\n - ecr:CompleteLayerUpload\n - ecr:DescribeRepositories\n - ecr:GetRepositoryPolicy\n - ecr:ListImages\n - ecr:DeleteRepository\n - ecr:BatchDeleteImage\n - ecr:SetRepositoryPolicy\n - ecr:DeleteRepositoryPolicy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import ECR Repository Policy using the repository name. For example:\n\n```sh\n$ pulumi import aws:ecr/repositoryPolicy:RepositoryPolicy example example\n```\n", "properties": { "policy": { "type": "string", @@ -227739,7 +227739,7 @@ } }, "aws:ecrpublic/repositoryPolicy:RepositoryPolicy": { - "description": "Provides an Elastic Container Registry Public Repository Policy.\n\nNote that currently only one policy may be applied to a repository.\n\n\u003e **NOTE:** This resource can only be used in the `us-east-1` region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRepository = new aws.ecrpublic.Repository(\"example\", {repositoryName: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"new policy\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n actions: [\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n }],\n});\nconst exampleRepositoryPolicy = new aws.ecrpublic.RepositoryPolicy(\"example\", {\n repositoryName: exampleRepository.repositoryName,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_repository = aws.ecrpublic.Repository(\"example\", repository_name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"new policy\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n actions=[\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n)])\nexample_repository_policy = aws.ecrpublic.RepositoryPolicy(\"example\",\n repository_name=example_repository.repository_name,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRepository = new Aws.EcrPublic.Repository(\"example\", new()\n {\n RepositoryName = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"new policy\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n Actions = new[]\n {\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n },\n },\n },\n });\n\n var exampleRepositoryPolicy = new Aws.EcrPublic.RepositoryPolicy(\"example\", new()\n {\n RepositoryName = exampleRepository.RepositoryName,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecrpublic\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRepository, err := ecrpublic.NewRepository(ctx, \"example\", \u0026ecrpublic.RepositoryArgs{\n\t\t\tRepositoryName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"new policy\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ecr:GetDownloadUrlForLayer\",\n\t\t\t\t\t\t\"ecr:BatchGetImage\",\n\t\t\t\t\t\t\"ecr:BatchCheckLayerAvailability\",\n\t\t\t\t\t\t\"ecr:PutImage\",\n\t\t\t\t\t\t\"ecr:InitiateLayerUpload\",\n\t\t\t\t\t\t\"ecr:UploadLayerPart\",\n\t\t\t\t\t\t\"ecr:CompleteLayerUpload\",\n\t\t\t\t\t\t\"ecr:DescribeRepositories\",\n\t\t\t\t\t\t\"ecr:GetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:ListImages\",\n\t\t\t\t\t\t\"ecr:DeleteRepository\",\n\t\t\t\t\t\t\"ecr:BatchDeleteImage\",\n\t\t\t\t\t\t\"ecr:SetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:DeleteRepositoryPolicy\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecrpublic.NewRepositoryPolicy(ctx, \"example\", \u0026ecrpublic.RepositoryPolicyArgs{\n\t\t\tRepositoryName: exampleRepository.RepositoryName,\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecrpublic.Repository;\nimport com.pulumi.aws.ecrpublic.RepositoryArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecrpublic.RepositoryPolicy;\nimport com.pulumi.aws.ecrpublic.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRepository = new Repository(\"exampleRepository\", RepositoryArgs.builder() \n .repositoryName(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"new policy\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .actions( \n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\")\n .build())\n .build());\n\n var exampleRepositoryPolicy = new RepositoryPolicy(\"exampleRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repositoryName(exampleRepository.repositoryName())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRepository:\n type: aws:ecrpublic:Repository\n name: example\n properties:\n repositoryName: example\n exampleRepositoryPolicy:\n type: aws:ecrpublic:RepositoryPolicy\n name: example\n properties:\n repositoryName: ${exampleRepository.repositoryName}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: new policy\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n actions:\n - ecr:GetDownloadUrlForLayer\n - ecr:BatchGetImage\n - ecr:BatchCheckLayerAvailability\n - ecr:PutImage\n - ecr:InitiateLayerUpload\n - ecr:UploadLayerPart\n - ecr:CompleteLayerUpload\n - ecr:DescribeRepositories\n - ecr:GetRepositoryPolicy\n - ecr:ListImages\n - ecr:DeleteRepository\n - ecr:BatchDeleteImage\n - ecr:SetRepositoryPolicy\n - ecr:DeleteRepositoryPolicy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import ECR Public Repository Policy using the repository name. For example:\n\n```sh\n$ pulumi import aws:ecrpublic/repositoryPolicy:RepositoryPolicy example example\n```\n", + "description": "Provides an Elastic Container Registry Public Repository Policy.\n\nNote that currently only one policy may be applied to a repository.\n\n\u003e **NOTE:** This resource can only be used in the `us-east-1` region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRepository = new aws.ecrpublic.Repository(\"example\", {repositoryName: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"new policy\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n actions: [\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n }],\n});\nconst exampleRepositoryPolicy = new aws.ecrpublic.RepositoryPolicy(\"example\", {\n repositoryName: exampleRepository.repositoryName,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_repository = aws.ecrpublic.Repository(\"example\", repository_name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"new policy\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n actions=[\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n ],\n)])\nexample_repository_policy = aws.ecrpublic.RepositoryPolicy(\"example\",\n repository_name=example_repository.repository_name,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRepository = new Aws.EcrPublic.Repository(\"example\", new()\n {\n RepositoryName = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"new policy\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"123456789012\",\n },\n },\n },\n Actions = new[]\n {\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\",\n },\n },\n },\n });\n\n var exampleRepositoryPolicy = new Aws.EcrPublic.RepositoryPolicy(\"example\", new()\n {\n RepositoryName = exampleRepository.RepositoryName,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecrpublic\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRepository, err := ecrpublic.NewRepository(ctx, \"example\", \u0026ecrpublic.RepositoryArgs{\n\t\t\tRepositoryName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"new policy\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ecr:GetDownloadUrlForLayer\",\n\t\t\t\t\t\t\"ecr:BatchGetImage\",\n\t\t\t\t\t\t\"ecr:BatchCheckLayerAvailability\",\n\t\t\t\t\t\t\"ecr:PutImage\",\n\t\t\t\t\t\t\"ecr:InitiateLayerUpload\",\n\t\t\t\t\t\t\"ecr:UploadLayerPart\",\n\t\t\t\t\t\t\"ecr:CompleteLayerUpload\",\n\t\t\t\t\t\t\"ecr:DescribeRepositories\",\n\t\t\t\t\t\t\"ecr:GetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:ListImages\",\n\t\t\t\t\t\t\"ecr:DeleteRepository\",\n\t\t\t\t\t\t\"ecr:BatchDeleteImage\",\n\t\t\t\t\t\t\"ecr:SetRepositoryPolicy\",\n\t\t\t\t\t\t\"ecr:DeleteRepositoryPolicy\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecrpublic.NewRepositoryPolicy(ctx, \"example\", \u0026ecrpublic.RepositoryPolicyArgs{\n\t\t\tRepositoryName: exampleRepository.RepositoryName,\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecrpublic.Repository;\nimport com.pulumi.aws.ecrpublic.RepositoryArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecrpublic.RepositoryPolicy;\nimport com.pulumi.aws.ecrpublic.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRepository = new Repository(\"exampleRepository\", RepositoryArgs.builder() \n .repositoryName(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"new policy\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"123456789012\")\n .build())\n .actions( \n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\")\n .build())\n .build());\n\n var exampleRepositoryPolicy = new RepositoryPolicy(\"exampleRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repositoryName(exampleRepository.repositoryName())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRepository:\n type: aws:ecrpublic:Repository\n name: example\n properties:\n repositoryName: example\n exampleRepositoryPolicy:\n type: aws:ecrpublic:RepositoryPolicy\n name: example\n properties:\n repositoryName: ${exampleRepository.repositoryName}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: new policy\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '123456789012'\n actions:\n - ecr:GetDownloadUrlForLayer\n - ecr:BatchGetImage\n - ecr:BatchCheckLayerAvailability\n - ecr:PutImage\n - ecr:InitiateLayerUpload\n - ecr:UploadLayerPart\n - ecr:CompleteLayerUpload\n - ecr:DescribeRepositories\n - ecr:GetRepositoryPolicy\n - ecr:ListImages\n - ecr:DeleteRepository\n - ecr:BatchDeleteImage\n - ecr:SetRepositoryPolicy\n - ecr:DeleteRepositoryPolicy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import ECR Public Repository Policy using the repository name. For example:\n\n```sh\n$ pulumi import aws:ecrpublic/repositoryPolicy:RepositoryPolicy example example\n```\n", "properties": { "policy": { "type": "string", @@ -230520,7 +230520,7 @@ } }, "aws:eks/cluster:Cluster": { - "description": "Manages an EKS Cluster.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const example = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n roleArn: exampleAwsIamRole.arn,\n vpcConfig: {\n subnetIds: [\n example1.id,\n example2.id,\n ],\n },\n });\n return {\n endpoint: example.endpoint,\n \"kubeconfig-certificate-authority-data\": example.certificateAuthority.apply(certificateAuthority =\u003e certificateAuthority.data),\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.Cluster(\"example\",\n name=\"example\",\n role_arn=example_aws_iam_role[\"arn\"],\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n subnet_ids=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n ))\npulumi.export(\"endpoint\", example.endpoint)\npulumi.export(\"kubeconfig-certificate-authority-data\", example.certificate_authority.data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n RoleArn = exampleAwsIamRole.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n SubnetIds = new[]\n {\n example1.Id,\n example2.Id,\n },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"endpoint\"] = example.Endpoint,\n [\"kubeconfig-certificate-authority-data\"] = example.CertificateAuthority.Apply(certificateAuthority =\u003e certificateAuthority.Data),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texample1.Id,\n\t\t\t\t\texample2.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"endpoint\", example.Endpoint)\n\t\tctx.Export(\"kubeconfig-certificate-authority-data\", example.CertificateAuthority.ApplyT(func(certificateAuthority eks.ClusterCertificateAuthority) (*string, error) {\n\t\t\treturn \u0026certificateAuthority.Data, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .name(\"example\")\n .roleArn(exampleAwsIamRole.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .subnetIds( \n example1.id(),\n example2.id())\n .build())\n .build());\n\n ctx.export(\"endpoint\", example.endpoint());\n ctx.export(\"kubeconfig-certificate-authority-data\", example.certificateAuthority().applyValue(certificateAuthority -\u003e certificateAuthority.data()));\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n roleArn: ${exampleAwsIamRole.arn}\n vpcConfig:\n subnetIds:\n - ${example1.id}\n - ${example2.id}\noutputs:\n endpoint: ${example.endpoint}\n kubeconfig-certificate-authority-data: ${example.certificateAuthority.data}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example IAM Role for EKS Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"eks.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: example.name,\n});\n// Optionally, enable Security Groups for Pods\n// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nconst example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"eks.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"eks-cluster-example\",\n assume_role_policy=assume_role.json)\nexample__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=example.name)\n# Optionally, enable Security Groups for Pods\n# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nexample__amazon_eksvpc_resource_controller = aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"eks.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = example.Name,\n });\n\n // Optionally, enable Security Groups for Pods\n // Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n var example_AmazonEKSVPCResourceController = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"eks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Optionally, enable Security Groups for Pods\n\t\t// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSVPCResourceController\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"eks.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"eks-cluster-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example_AmazonEKSClusterPolicy = new RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(example.name())\n .build());\n\n var example_AmazonEKSVPCResourceController = new RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\")\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy: ${assumeRole.json}\n example-AmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${example.name}\n # Optionally, enable Security Groups for Pods\n # Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n example-AmazonEKSVPCResourceController:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\n role: ${example.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - eks.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enabling Control Plane Logging\n\n[EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) can be enabled via the `enabled_cluster_log_types` argument. To manage the CloudWatch Log Group retention period, the `aws.cloudwatch.LogGroup` resource can be used.\n\n\u003e The below configuration uses [`dependsOn`](https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson) to prevent ordering issues with EKS automatically creating the log group first and a variable for naming consistency. Other ordering and naming methodologies may be more appropriate for your environment.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst clusterName = config.get(\"clusterName\") || \"example\";\nconst example = new aws.eks.Cluster(\"example\", {\n enabledClusterLogTypes: [\n \"api\",\n \"audit\",\n ],\n name: clusterName,\n});\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/eks/${clusterName}/cluster`,\n retentionInDays: 7,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncluster_name = config.get(\"clusterName\")\nif cluster_name is None:\n cluster_name = \"example\"\nexample = aws.eks.Cluster(\"example\",\n enabled_cluster_log_types=[\n \"api\",\n \"audit\",\n ],\n name=cluster_name)\nexample_log_group = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/eks/{cluster_name}/cluster\",\n retention_in_days=7)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var clusterName = config.Get(\"clusterName\") ?? \"example\";\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n EnabledClusterLogTypes = new[]\n {\n \"api\",\n \"audit\",\n },\n Name = clusterName,\n });\n\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/eks/{clusterName}/cluster\",\n RetentionInDays = 7,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tclusterName := \"example\"\n\t\tif param := cfg.Get(\"clusterName\"); param != \"\" {\n\t\t\tclusterName = param\n\t\t}\n\t\t_, err := eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tEnabledClusterLogTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t},\n\t\t\tName: pulumi.String(clusterName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(fmt.Sprintf(\"/aws/eks/%v/cluster\", clusterName)),\n\t\t\tRetentionInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var clusterName = config.get(\"clusterName\").orElse(\"example\");\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .enabledClusterLogTypes( \n \"api\",\n \"audit\")\n .name(clusterName)\n .build());\n\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(String.format(\"/aws/eks/%s/cluster\", clusterName))\n .retentionInDays(7)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n clusterName:\n type: string\n default: example\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n enabledClusterLogTypes:\n - api\n - audit\n name: ${clusterName}\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: /aws/eks/${clusterName}/cluster\n retentionInDays: 7 # ... potentially other configuration ...\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enabling IAM Roles for Service Accounts\n\nOnly available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. For more information about this feature, see the [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst exampleCluster = new aws.eks.Cluster(\"example\", {});\nconst example = exampleCluster.identities.apply(identities =\u003e tls.getCertificateOutput({\n url: identities[0].oidcs?.[0]?.issuer,\n}));\nconst exampleOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider(\"example\", {\n clientIdLists: [\"sts.amazonaws.com\"],\n thumbprintLists: [example.apply(example =\u003e example.certificates?.[0]?.sha1Fingerprint)],\n url: example.apply(example =\u003e example.url),\n});\nconst exampleAssumeRolePolicy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\"sts:AssumeRoleWithWebIdentity\"],\n effect: \"Allow\",\n conditions: [{\n test: \"StringEquals\",\n variable: std.replaceOutput({\n text: exampleOpenIdConnectProvider.url,\n search: \"https://\",\n replace: \"\",\n }).apply(invoke =\u003e `${invoke.result}:sub`),\n values: [\"system:serviceaccount:kube-system:aws-node\"],\n }],\n principals: [{\n identifiers: [exampleOpenIdConnectProvider.arn],\n type: \"Federated\",\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n assumeRolePolicy: exampleAssumeRolePolicy.apply(exampleAssumeRolePolicy =\u003e exampleAssumeRolePolicy.json),\n name: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\nimport pulumi_tls as tls\n\nexample_cluster = aws.eks.Cluster(\"example\")\nexample = example_cluster.identities.apply(lambda identities: tls.get_certificate_output(url=identities[0].oidcs[0].issuer))\nexample_open_id_connect_provider = aws.iam.OpenIdConnectProvider(\"example\",\n client_id_lists=[\"sts.amazonaws.com\"],\n thumbprint_lists=[example.certificates[0].sha1_fingerprint],\n url=example.url)\nexample_assume_role_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRoleWithWebIdentity\"],\n effect=\"Allow\",\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=std.replace_output(text=example_open_id_connect_provider.url,\n search=\"https://\",\n replace=\"\").apply(lambda invoke: f\"{invoke.result}:sub\"),\n values=[\"system:serviceaccount:kube-system:aws-node\"],\n )],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[example_open_id_connect_provider.arn],\n type=\"Federated\",\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n assume_role_policy=example_assume_role_policy.json,\n name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleCluster = new Aws.Eks.Cluster(\"example\");\n\n var example = Tls.GetCertificate.Invoke(new()\n {\n Url = exampleCluster.Identities[0].Oidcs[0]?.Issuer,\n });\n\n var exampleOpenIdConnectProvider = new Aws.Iam.OpenIdConnectProvider(\"example\", new()\n {\n ClientIdLists = new[]\n {\n \"sts.amazonaws.com\",\n },\n ThumbprintLists = new[]\n {\n example.Apply(getCertificateResult =\u003e getCertificateResult.Certificates[0]?.Sha1Fingerprint),\n },\n Url = example.Apply(getCertificateResult =\u003e getCertificateResult.Url),\n });\n\n var exampleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRoleWithWebIdentity\",\n },\n Effect = \"Allow\",\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = $\"{Std.Replace.Invoke(new()\n {\n Text = exampleOpenIdConnectProvider.Url,\n Search = \"https://\",\n Replace = \"\",\n }).Result}:sub\",\n Values = new[]\n {\n \"system:serviceaccount:kube-system:aws-node\",\n },\n },\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n exampleOpenIdConnectProvider.Arn,\n },\n Type = \"Federated\",\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = exampleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCluster, err := eks.NewCluster(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (tls.GetCertificateResult, error) {\n\t\t\treturn tls.GetCertificateOutput(ctx, tls.GetCertificateOutputArgs{\n\t\t\t\tUrl: identities[0].Oidcs[0].Issuer,\n\t\t\t}, nil), nil\n\t\t}).(tls.GetCertificateResultOutput)\n\t\texampleOpenIdConnectProvider, err := iam.NewOpenIdConnectProvider(ctx, \"example\", \u0026iam.OpenIdConnectProviderArgs{\n\t\t\tClientIdLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"sts.amazonaws.com\"),\n\t\t\t},\n\t\t\tThumbprintLists: pulumi.StringArray{\n\t\t\t\texample.ApplyT(func(example tls.GetCertificateResult) (*string, error) {\n\t\t\t\t\treturn \u0026example.Certificates[0].Sha1Fingerprint, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tUrl: example.ApplyT(func(example tls.GetCertificateResult) (*string, error) {\n\t\t\t\treturn \u0026example.Url, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAssumeRolePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sts:AssumeRoleWithWebIdentity\"),\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\t\t\t\tText: exampleOpenIdConnectProvider.Url,\n\t\t\t\t\t\t\t\tSearch: pulumi.String(\"https://\"),\n\t\t\t\t\t\t\t\tReplace: pulumi.String(\"\"),\n\t\t\t\t\t\t\t}, nil).ApplyT(func(invoke std.ReplaceResult) (string, error) {\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:sub\", invoke.Result), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"system:serviceaccount:kube-system:aws-node\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\texampleOpenIdConnectProvider.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: pulumi.String(\"Federated\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: exampleAssumeRolePolicy.ApplyT(func(exampleAssumeRolePolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026exampleAssumeRolePolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.tls.TlsFunctions;\nimport com.pulumi.tls.inputs.GetCertificateArgs;\nimport com.pulumi.aws.iam.OpenIdConnectProvider;\nimport com.pulumi.aws.iam.OpenIdConnectProviderArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n final var example = TlsFunctions.getCertificate(GetCertificateArgs.builder()\n .url(exampleCluster.identities().applyValue(identities -\u003e identities[0].oidcs()[0].issuer()))\n .build());\n\n var exampleOpenIdConnectProvider = new OpenIdConnectProvider(\"exampleOpenIdConnectProvider\", OpenIdConnectProviderArgs.builder() \n .clientIdLists(\"sts.amazonaws.com\")\n .thumbprintLists(example.applyValue(getCertificateResult -\u003e getCertificateResult).applyValue(example -\u003e example.applyValue(getCertificateResult -\u003e getCertificateResult.certificates()[0].sha1Fingerprint())))\n .url(example.applyValue(getCertificateResult -\u003e getCertificateResult).applyValue(example -\u003e example.applyValue(getCertificateResult -\u003e getCertificateResult.url())))\n .build());\n\n final var exampleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRoleWithWebIdentity\")\n .effect(\"Allow\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(StdFunctions.replace().applyValue(invoke -\u003e String.format(\"%s:sub\", invoke.result())))\n .values(\"system:serviceaccount:kube-system:aws-node\")\n .build())\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(exampleOpenIdConnectProvider.arn())\n .type(\"Federated\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(exampleAssumeRolePolicy -\u003e exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .name(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n exampleOpenIdConnectProvider:\n type: aws:iam:OpenIdConnectProvider\n name: example\n properties:\n clientIdLists:\n - sts.amazonaws.com\n thumbprintLists:\n - ${example.certificates[0].sha1Fingerprint}\n url: ${example.url}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n assumeRolePolicy: ${exampleAssumeRolePolicy.json}\n name: example\nvariables:\n example:\n fn::invoke:\n Function: tls:getCertificate\n Arguments:\n url: ${exampleCluster.identities[0].oidcs[0].issuer}\n exampleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRoleWithWebIdentity\n effect: Allow\n conditions:\n - test: StringEquals\n variable:\n fn::join:\n -\n - - fn::invoke:\n Function: std:replace\n Arguments:\n text: ${exampleOpenIdConnectProvider.url}\n search: https://\n replace:\n Return: result\n - :sub\n values:\n - system:serviceaccount:kube-system:aws-node\n principals:\n - identifiers:\n - ${exampleOpenIdConnectProvider.arn}\n type: Federated\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster on AWS Outpost\n\n[Creating a local Amazon EKS cluster on an AWS Outpost](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster-outpost.html)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: exampleAssumeRolePolicy.json,\n name: \"example\",\n});\nconst exampleCluster = new aws.eks.Cluster(\"example\", {\n name: \"example-cluster\",\n roleArn: example.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n outpostConfig: {\n controlPlaneInstanceType: \"m5d.large\",\n outpostArns: [exampleAwsOutpostsOutpost.arn],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n assume_role_policy=example_assume_role_policy[\"json\"],\n name=\"example\")\nexample_cluster = aws.eks.Cluster(\"example\",\n name=\"example-cluster\",\n role_arn=example.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n outpost_config=aws.eks.ClusterOutpostConfigArgs(\n control_plane_instance_type=\"m5d.large\",\n outpost_arns=[example_aws_outposts_outpost[\"arn\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = exampleAssumeRolePolicy.Json,\n Name = \"example\",\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example-cluster\",\n RoleArn = example.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs\n {\n ControlPlaneInstanceType = \"m5d.large\",\n OutpostArns = new[]\n {\n exampleAwsOutpostsOutpost.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(exampleAssumeRolePolicy.Json),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example-cluster\"),\n\t\t\tRoleArn: example.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tOutpostConfig: \u0026eks.ClusterOutpostConfigArgs{\n\t\t\t\tControlPlaneInstanceType: pulumi.String(\"m5d.large\"),\n\t\t\t\tOutpostArns: pulumi.StringArray{\n\t\t\t\t\texampleAwsOutpostsOutpost.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterOutpostConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(exampleAssumeRolePolicy.json())\n .name(\"example\")\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .name(\"example-cluster\")\n .roleArn(example.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .outpostConfig(ClusterOutpostConfigArgs.builder()\n .controlPlaneInstanceType(\"m5d.large\")\n .outpostArns(exampleAwsOutpostsOutpost.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${exampleAssumeRolePolicy.json}\n name: example\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n properties:\n name: example-cluster\n roleArn: ${example.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n outpostConfig:\n controlPlaneInstanceType: m5d.large\n outpostArns:\n - ${exampleAwsOutpostsOutpost.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster with Access Config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: exampleAssumeRolePolicy.json,\n name: \"example\",\n});\nconst exampleCluster = new aws.eks.Cluster(\"example\", {\n name: \"example-cluster\",\n roleArn: example.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n accessConfig: {\n authenticationMode: \"CONFIG_MAP\",\n bootstrapClusterCreatorAdminPermissions: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n assume_role_policy=example_assume_role_policy[\"json\"],\n name=\"example\")\nexample_cluster = aws.eks.Cluster(\"example\",\n name=\"example-cluster\",\n role_arn=example.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n access_config=aws.eks.ClusterAccessConfigArgs(\n authentication_mode=\"CONFIG_MAP\",\n bootstrap_cluster_creator_admin_permissions=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = exampleAssumeRolePolicy.Json,\n Name = \"example\",\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example-cluster\",\n RoleArn = example.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"CONFIG_MAP\",\n BootstrapClusterCreatorAdminPermissions = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(exampleAssumeRolePolicy.Json),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example-cluster\"),\n\t\t\tRoleArn: example.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"CONFIG_MAP\"),\n\t\t\t\tBootstrapClusterCreatorAdminPermissions: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(exampleAssumeRolePolicy.json())\n .name(\"example\")\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .name(\"example-cluster\")\n .roleArn(example.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"CONFIG_MAP\")\n .bootstrapClusterCreatorAdminPermissions(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${exampleAssumeRolePolicy.json}\n name: example\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n properties:\n name: example-cluster\n roleArn: ${example.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n accessConfig:\n authenticationMode: CONFIG_MAP\n bootstrapClusterCreatorAdminPermissions: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nAfter adding inline IAM Policies (e.g., `aws.iam.RolePolicy` resource) or attaching IAM Policies (e.g., `aws.iam.Policy` resource and `aws.iam.RolePolicyAttachment` resource) with the desired permissions to the IAM Role, annotate the Kubernetes service account (e.g., `kubernetes_service_account` resource) and recreate any pods.\n\n## Import\n\nUsing `pulumi import`, import EKS Clusters using the `name`. For example:\n\n```sh\n$ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster\n```\n", + "description": "Manages an EKS Cluster.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const example = new aws.eks.Cluster(\"example\", {\n name: \"example\",\n roleArn: exampleAwsIamRole.arn,\n vpcConfig: {\n subnetIds: [\n example1.id,\n example2.id,\n ],\n },\n });\n return {\n endpoint: example.endpoint,\n \"kubeconfig-certificate-authority-data\": example.certificateAuthority.apply(certificateAuthority =\u003e certificateAuthority.data),\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.Cluster(\"example\",\n name=\"example\",\n role_arn=example_aws_iam_role[\"arn\"],\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n subnet_ids=[\n example1[\"id\"],\n example2[\"id\"],\n ],\n ))\npulumi.export(\"endpoint\", example.endpoint)\npulumi.export(\"kubeconfig-certificate-authority-data\", example.certificate_authority.data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example\",\n RoleArn = exampleAwsIamRole.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n SubnetIds = new[]\n {\n example1.Id,\n example2.Id,\n },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"endpoint\"] = example.Endpoint,\n [\"kubeconfig-certificate-authority-data\"] = example.CertificateAuthority.Apply(certificateAuthority =\u003e certificateAuthority.Data),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texample1.Id,\n\t\t\t\t\texample2.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"endpoint\", example.Endpoint)\n\t\tctx.Export(\"kubeconfig-certificate-authority-data\", example.CertificateAuthority.ApplyT(func(certificateAuthority eks.ClusterCertificateAuthority) (*string, error) {\n\t\t\treturn \u0026certificateAuthority.Data, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .name(\"example\")\n .roleArn(exampleAwsIamRole.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .subnetIds( \n example1.id(),\n example2.id())\n .build())\n .build());\n\n ctx.export(\"endpoint\", example.endpoint());\n ctx.export(\"kubeconfig-certificate-authority-data\", example.certificateAuthority().applyValue(certificateAuthority -\u003e certificateAuthority.data()));\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n name: example\n roleArn: ${exampleAwsIamRole.arn}\n vpcConfig:\n subnetIds:\n - ${example1.id}\n - ${example2.id}\noutputs:\n endpoint: ${example.endpoint}\n kubeconfig-certificate-authority-data: ${example.certificateAuthority.data}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example IAM Role for EKS Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"eks.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"eks-cluster-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: example.name,\n});\n// Optionally, enable Security Groups for Pods\n// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nconst example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"eks.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"eks-cluster-example\",\n assume_role_policy=assume_role.json)\nexample__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=example.name)\n# Optionally, enable Security Groups for Pods\n# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nexample__amazon_eksvpc_resource_controller = aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"eks.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"eks-cluster-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = example.Name,\n });\n\n // Optionally, enable Security Groups for Pods\n // Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n var example_AmazonEKSVPCResourceController = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"eks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-cluster-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Optionally, enable Security Groups for Pods\n\t\t// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSVPCResourceController\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"eks.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"eks-cluster-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example_AmazonEKSClusterPolicy = new RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(example.name())\n .build());\n\n var example_AmazonEKSVPCResourceController = new RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\")\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: eks-cluster-example\n assumeRolePolicy: ${assumeRole.json}\n example-AmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${example.name}\n # Optionally, enable Security Groups for Pods\n # Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n example-AmazonEKSVPCResourceController:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\n role: ${example.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - eks.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enabling Control Plane Logging\n\n[EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) can be enabled via the `enabled_cluster_log_types` argument. To manage the CloudWatch Log Group retention period, the `aws.cloudwatch.LogGroup` resource can be used.\n\n\u003e The below configuration uses [`dependsOn`](https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson) to prevent ordering issues with EKS automatically creating the log group first and a variable for naming consistency. Other ordering and naming methodologies may be more appropriate for your environment.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst clusterName = config.get(\"clusterName\") || \"example\";\nconst example = new aws.eks.Cluster(\"example\", {\n enabledClusterLogTypes: [\n \"api\",\n \"audit\",\n ],\n name: clusterName,\n});\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/eks/${clusterName}/cluster`,\n retentionInDays: 7,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncluster_name = config.get(\"clusterName\")\nif cluster_name is None:\n cluster_name = \"example\"\nexample = aws.eks.Cluster(\"example\",\n enabled_cluster_log_types=[\n \"api\",\n \"audit\",\n ],\n name=cluster_name)\nexample_log_group = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/eks/{cluster_name}/cluster\",\n retention_in_days=7)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var clusterName = config.Get(\"clusterName\") ?? \"example\";\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n EnabledClusterLogTypes = new[]\n {\n \"api\",\n \"audit\",\n },\n Name = clusterName,\n });\n\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/eks/{clusterName}/cluster\",\n RetentionInDays = 7,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tclusterName := \"example\"\n\t\tif param := cfg.Get(\"clusterName\"); param != \"\" {\n\t\t\tclusterName = param\n\t\t}\n\t\t_, err := eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tEnabledClusterLogTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t},\n\t\t\tName: pulumi.String(clusterName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(fmt.Sprintf(\"/aws/eks/%v/cluster\", clusterName)),\n\t\t\tRetentionInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var clusterName = config.get(\"clusterName\").orElse(\"example\");\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .enabledClusterLogTypes( \n \"api\",\n \"audit\")\n .name(clusterName)\n .build());\n\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(String.format(\"/aws/eks/%s/cluster\", clusterName))\n .retentionInDays(7)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n clusterName:\n type: string\n default: example\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n enabledClusterLogTypes:\n - api\n - audit\n name: ${clusterName}\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: /aws/eks/${clusterName}/cluster\n retentionInDays: 7 # ... potentially other configuration ...\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enabling IAM Roles for Service Accounts\n\nOnly available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. For more information about this feature, see the [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst exampleCluster = new aws.eks.Cluster(\"example\", {});\nconst example = exampleCluster.identities.apply(identities =\u003e tls.getCertificateOutput({\n url: identities[0].oidcs?.[0]?.issuer,\n}));\nconst exampleOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider(\"example\", {\n clientIdLists: [\"sts.amazonaws.com\"],\n thumbprintLists: [example.apply(example =\u003e example.certificates?.[0]?.sha1Fingerprint)],\n url: example.apply(example =\u003e example.url),\n});\nconst exampleAssumeRolePolicy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\"sts:AssumeRoleWithWebIdentity\"],\n effect: \"Allow\",\n conditions: [{\n test: \"StringEquals\",\n variable: std.replaceOutput({\n text: exampleOpenIdConnectProvider.url,\n search: \"https://\",\n replace: \"\",\n }).apply(invoke =\u003e `${invoke.result}:sub`),\n values: [\"system:serviceaccount:kube-system:aws-node\"],\n }],\n principals: [{\n identifiers: [exampleOpenIdConnectProvider.arn],\n type: \"Federated\",\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n assumeRolePolicy: exampleAssumeRolePolicy.apply(exampleAssumeRolePolicy =\u003e exampleAssumeRolePolicy.json),\n name: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\nimport pulumi_tls as tls\n\nexample_cluster = aws.eks.Cluster(\"example\")\nexample = example_cluster.identities.apply(lambda identities: tls.get_certificate_output(url=identities[0].oidcs[0].issuer))\nexample_open_id_connect_provider = aws.iam.OpenIdConnectProvider(\"example\",\n client_id_lists=[\"sts.amazonaws.com\"],\n thumbprint_lists=[example.certificates[0].sha1_fingerprint],\n url=example.url)\nexample_assume_role_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRoleWithWebIdentity\"],\n effect=\"Allow\",\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=std.replace_output(text=example_open_id_connect_provider.url,\n search=\"https://\",\n replace=\"\").apply(lambda invoke: f\"{invoke.result}:sub\"),\n values=[\"system:serviceaccount:kube-system:aws-node\"],\n )],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[example_open_id_connect_provider.arn],\n type=\"Federated\",\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n assume_role_policy=example_assume_role_policy.json,\n name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleCluster = new Aws.Eks.Cluster(\"example\");\n\n var example = Tls.GetCertificate.Invoke(new()\n {\n Url = exampleCluster.Identities[0].Oidcs[0]?.Issuer,\n });\n\n var exampleOpenIdConnectProvider = new Aws.Iam.OpenIdConnectProvider(\"example\", new()\n {\n ClientIdLists = new[]\n {\n \"sts.amazonaws.com\",\n },\n ThumbprintLists = new[]\n {\n example.Apply(getCertificateResult =\u003e getCertificateResult.Certificates[0]?.Sha1Fingerprint),\n },\n Url = example.Apply(getCertificateResult =\u003e getCertificateResult.Url),\n });\n\n var exampleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRoleWithWebIdentity\",\n },\n Effect = \"Allow\",\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = $\"{Std.Replace.Invoke(new()\n {\n Text = exampleOpenIdConnectProvider.Url,\n Search = \"https://\",\n Replace = \"\",\n }).Result}:sub\",\n Values = new[]\n {\n \"system:serviceaccount:kube-system:aws-node\",\n },\n },\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n exampleOpenIdConnectProvider.Arn,\n },\n Type = \"Federated\",\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = exampleAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCluster, err := eks.NewCluster(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (tls.GetCertificateResult, error) {\n\t\t\treturn tls.GetCertificateOutput(ctx, tls.GetCertificateOutputArgs{\n\t\t\t\tUrl: identities[0].Oidcs[0].Issuer,\n\t\t\t}, nil), nil\n\t\t}).(tls.GetCertificateResultOutput)\n\t\texampleOpenIdConnectProvider, err := iam.NewOpenIdConnectProvider(ctx, \"example\", \u0026iam.OpenIdConnectProviderArgs{\n\t\t\tClientIdLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"sts.amazonaws.com\"),\n\t\t\t},\n\t\t\tThumbprintLists: pulumi.StringArray{\n\t\t\t\texample.ApplyT(func(example tls.GetCertificateResult) (*string, error) {\n\t\t\t\t\treturn \u0026example.Certificates[0].Sha1Fingerprint, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tUrl: example.ApplyT(func(example tls.GetCertificateResult) (*string, error) {\n\t\t\t\treturn \u0026example.Url, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAssumeRolePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sts:AssumeRoleWithWebIdentity\"),\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: std.ReplaceOutput(ctx, std.ReplaceOutputArgs{\n\t\t\t\t\t\t\t\tText: exampleOpenIdConnectProvider.Url,\n\t\t\t\t\t\t\t\tSearch: pulumi.String(\"https://\"),\n\t\t\t\t\t\t\t\tReplace: pulumi.String(\"\"),\n\t\t\t\t\t\t\t}, nil).ApplyT(func(invoke std.ReplaceResult) (string, error) {\n\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:sub\", invoke.Result), nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"system:serviceaccount:kube-system:aws-node\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\texampleOpenIdConnectProvider.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: pulumi.String(\"Federated\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: exampleAssumeRolePolicy.ApplyT(func(exampleAssumeRolePolicy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026exampleAssumeRolePolicy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.tls.TlsFunctions;\nimport com.pulumi.tls.inputs.GetCertificateArgs;\nimport com.pulumi.aws.iam.OpenIdConnectProvider;\nimport com.pulumi.aws.iam.OpenIdConnectProviderArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n final var example = TlsFunctions.getCertificate(GetCertificateArgs.builder()\n .url(exampleCluster.identities().applyValue(identities -\u003e identities[0].oidcs()[0].issuer()))\n .build());\n\n var exampleOpenIdConnectProvider = new OpenIdConnectProvider(\"exampleOpenIdConnectProvider\", OpenIdConnectProviderArgs.builder() \n .clientIdLists(\"sts.amazonaws.com\")\n .thumbprintLists(example.applyValue(getCertificateResult -\u003e getCertificateResult).applyValue(example -\u003e example.applyValue(getCertificateResult -\u003e getCertificateResult.certificates()[0].sha1Fingerprint())))\n .url(example.applyValue(getCertificateResult -\u003e getCertificateResult).applyValue(example -\u003e example.applyValue(getCertificateResult -\u003e getCertificateResult.url())))\n .build());\n\n final var exampleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRoleWithWebIdentity\")\n .effect(\"Allow\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(StdFunctions.replace().applyValue(invoke -\u003e String.format(\"%s:sub\", invoke.result())))\n .values(\"system:serviceaccount:kube-system:aws-node\")\n .build())\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(exampleOpenIdConnectProvider.arn())\n .type(\"Federated\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(exampleAssumeRolePolicy -\u003e exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .name(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n exampleOpenIdConnectProvider:\n type: aws:iam:OpenIdConnectProvider\n name: example\n properties:\n clientIdLists:\n - sts.amazonaws.com\n thumbprintLists:\n - ${example.certificates[0].sha1Fingerprint}\n url: ${example.url}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n assumeRolePolicy: ${exampleAssumeRolePolicy.json}\n name: example\nvariables:\n example:\n fn::invoke:\n Function: tls:getCertificate\n Arguments:\n url: ${exampleCluster.identities[0].oidcs[0].issuer}\n exampleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRoleWithWebIdentity\n effect: Allow\n conditions:\n - test: StringEquals\n variable:\n fn::join:\n -\n - - fn::invoke:\n Function: std:replace\n Arguments:\n text: ${exampleOpenIdConnectProvider.url}\n search: https://\n replace:\n Return: result\n - :sub\n values:\n - system:serviceaccount:kube-system:aws-node\n principals:\n - identifiers:\n - ${exampleOpenIdConnectProvider.arn}\n type: Federated\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster on AWS Outpost\n\n[Creating a local Amazon EKS cluster on an AWS Outpost](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster-outpost.html)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: exampleAssumeRolePolicy.json,\n name: \"example\",\n});\nconst exampleCluster = new aws.eks.Cluster(\"example\", {\n name: \"example-cluster\",\n roleArn: example.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n outpostConfig: {\n controlPlaneInstanceType: \"m5d.large\",\n outpostArns: [exampleAwsOutpostsOutpost.arn],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n assume_role_policy=example_assume_role_policy[\"json\"],\n name=\"example\")\nexample_cluster = aws.eks.Cluster(\"example\",\n name=\"example-cluster\",\n role_arn=example.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n outpost_config=aws.eks.ClusterOutpostConfigArgs(\n control_plane_instance_type=\"m5d.large\",\n outpost_arns=[example_aws_outposts_outpost[\"arn\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = exampleAssumeRolePolicy.Json,\n Name = \"example\",\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example-cluster\",\n RoleArn = example.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs\n {\n ControlPlaneInstanceType = \"m5d.large\",\n OutpostArns = new[]\n {\n exampleAwsOutpostsOutpost.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(exampleAssumeRolePolicy.Json),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example-cluster\"),\n\t\t\tRoleArn: example.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tOutpostConfig: \u0026eks.ClusterOutpostConfigArgs{\n\t\t\t\tControlPlaneInstanceType: pulumi.String(\"m5d.large\"),\n\t\t\t\tOutpostArns: pulumi.StringArray{\n\t\t\t\t\texampleAwsOutpostsOutpost.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterOutpostConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(exampleAssumeRolePolicy.json())\n .name(\"example\")\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .name(\"example-cluster\")\n .roleArn(example.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .outpostConfig(ClusterOutpostConfigArgs.builder()\n .controlPlaneInstanceType(\"m5d.large\")\n .outpostArns(exampleAwsOutpostsOutpost.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${exampleAssumeRolePolicy.json}\n name: example\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n properties:\n name: example-cluster\n roleArn: ${example.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n outpostConfig:\n controlPlaneInstanceType: m5d.large\n outpostArns:\n - ${exampleAwsOutpostsOutpost.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EKS Cluster with Access Config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: exampleAssumeRolePolicy.json,\n name: \"example\",\n});\nconst exampleCluster = new aws.eks.Cluster(\"example\", {\n name: \"example-cluster\",\n roleArn: example.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n accessConfig: {\n authenticationMode: \"CONFIG_MAP\",\n bootstrapClusterCreatorAdminPermissions: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n assume_role_policy=example_assume_role_policy[\"json\"],\n name=\"example\")\nexample_cluster = aws.eks.Cluster(\"example\",\n name=\"example-cluster\",\n role_arn=example.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n access_config=aws.eks.ClusterAccessConfigArgs(\n authentication_mode=\"CONFIG_MAP\",\n bootstrap_cluster_creator_admin_permissions=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = exampleAssumeRolePolicy.Json,\n Name = \"example\",\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"example\", new()\n {\n Name = \"example-cluster\",\n RoleArn = example.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"CONFIG_MAP\",\n BootstrapClusterCreatorAdminPermissions = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(exampleAssumeRolePolicy.Json),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tName: pulumi.String(\"example-cluster\"),\n\t\t\tRoleArn: example.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"CONFIG_MAP\"),\n\t\t\t\tBootstrapClusterCreatorAdminPermissions: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(exampleAssumeRolePolicy.json())\n .name(\"example\")\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .name(\"example-cluster\")\n .roleArn(example.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"CONFIG_MAP\")\n .bootstrapClusterCreatorAdminPermissions(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${exampleAssumeRolePolicy.json}\n name: example\n exampleCluster:\n type: aws:eks:Cluster\n name: example\n properties:\n name: example-cluster\n roleArn: ${example.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n accessConfig:\n authenticationMode: CONFIG_MAP\n bootstrapClusterCreatorAdminPermissions: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nAfter adding inline IAM Policies (e.g., `aws.iam.RolePolicy` resource) or attaching IAM Policies (e.g., `aws.iam.Policy` resource and `aws.iam.RolePolicyAttachment` resource) with the desired permissions to the IAM Role, annotate the Kubernetes service account (e.g., `kubernetes_service_account` resource) and recreate any pods.\n\n## Import\n\nUsing `pulumi import`, import EKS Clusters using the `name`. For example:\n\n```sh\n$ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster\n```\n", "properties": { "accessConfig": { "$ref": "#/types/aws:eks/ClusterAccessConfig:ClusterAccessConfig", @@ -231463,7 +231463,7 @@ } }, "aws:eks/podIdentityAssociation:PodIdentityAssociation": { - "description": "Resource for managing an AWS EKS (Elastic Kubernetes) Pod Identity Association.\n\nCreates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.\n\nAmazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that EC2 instance profiles provide credentials to Amazon EC2 instances.\n\nIf a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.\n\nPod Identity is a simpler method than IAM roles for service accounts, as this method doesn’t use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"pods.eks.amazonaws.com\"],\n }],\n actions: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"eks-pod-identity-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleS3 = new aws.iam.RolePolicyAttachment(\"example_s3\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\n role: example.name,\n});\nconst examplePodIdentityAssociation = new aws.eks.PodIdentityAssociation(\"example\", {\n clusterName: exampleAwsEksCluster.name,\n namespace: \"example\",\n serviceAccount: \"example-sa\",\n roleArn: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"pods.eks.amazonaws.com\"],\n )],\n actions=[\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"eks-pod-identity-example\",\n assume_role_policy=assume_role.json)\nexample_s3 = aws.iam.RolePolicyAttachment(\"example_s3\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\n role=example.name)\nexample_pod_identity_association = aws.eks.PodIdentityAssociation(\"example\",\n cluster_name=example_aws_eks_cluster[\"name\"],\n namespace=\"example\",\n service_account=\"example-sa\",\n role_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"pods.eks.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"eks-pod-identity-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleS3 = new Aws.Iam.RolePolicyAttachment(\"example_s3\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\n Role = example.Name,\n });\n\n var examplePodIdentityAssociation = new Aws.Eks.PodIdentityAssociation(\"example\", new()\n {\n ClusterName = exampleAwsEksCluster.Name,\n Namespace = \"example\",\n ServiceAccount = \"example-sa\",\n RoleArn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"pods.eks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-pod-identity-example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_s3\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewPodIdentityAssociation(ctx, \"example\", \u0026eks.PodIdentityAssociationArgs{\n\t\t\tClusterName: pulumi.Any(exampleAwsEksCluster.Name),\n\t\t\tNamespace: pulumi.String(\"example\"),\n\t\t\tServiceAccount: pulumi.String(\"example-sa\"),\n\t\t\tRoleArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.PodIdentityAssociation;\nimport com.pulumi.aws.eks.PodIdentityAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"pods.eks.amazonaws.com\")\n .build())\n .actions( \n \"sts:AssumeRole\",\n \"sts:TagSession\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"eks-pod-identity-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleS3 = new RolePolicyAttachment(\"exampleS3\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\")\n .role(example.name())\n .build());\n\n var examplePodIdentityAssociation = new PodIdentityAssociation(\"examplePodIdentityAssociation\", PodIdentityAssociationArgs.builder() \n .clusterName(exampleAwsEksCluster.name())\n .namespace(\"example\")\n .serviceAccount(\"example-sa\")\n .roleArn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: eks-pod-identity-example\n assumeRolePolicy: ${assumeRole.json}\n exampleS3:\n type: aws:iam:RolePolicyAttachment\n name: example_s3\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\n role: ${example.name}\n examplePodIdentityAssociation:\n type: aws:eks:PodIdentityAssociation\n name: example\n properties:\n clusterName: ${exampleAwsEksCluster.name}\n namespace: example\n serviceAccount: example-sa\n roleArn: ${example.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - pods.eks.amazonaws.com\n actions:\n - sts:AssumeRole\n - sts:TagSession\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EKS (Elastic Kubernetes) Pod Identity Association using the `cluster_name` and `association_id` separated by a comma (`,`). For example:\n\n```sh\n$ pulumi import aws:eks/podIdentityAssociation:PodIdentityAssociation example example,a-12345678\n```\n", + "description": "Resource for managing an AWS EKS (Elastic Kubernetes) Pod Identity Association.\n\nCreates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.\n\nAmazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that EC2 instance profiles provide credentials to Amazon EC2 instances.\n\nIf a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.\n\nPod Identity is a simpler method than IAM roles for service accounts, as this method doesn’t use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"pods.eks.amazonaws.com\"],\n }],\n actions: [\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"eks-pod-identity-example\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleS3 = new aws.iam.RolePolicyAttachment(\"example_s3\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\n role: example.name,\n});\nconst examplePodIdentityAssociation = new aws.eks.PodIdentityAssociation(\"example\", {\n clusterName: exampleAwsEksCluster.name,\n namespace: \"example\",\n serviceAccount: \"example-sa\",\n roleArn: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"pods.eks.amazonaws.com\"],\n )],\n actions=[\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n ],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"eks-pod-identity-example\",\n assume_role_policy=assume_role.json)\nexample_s3 = aws.iam.RolePolicyAttachment(\"example_s3\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\n role=example.name)\nexample_pod_identity_association = aws.eks.PodIdentityAssociation(\"example\",\n cluster_name=example_aws_eks_cluster[\"name\"],\n namespace=\"example\",\n service_account=\"example-sa\",\n role_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"pods.eks.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n \"sts:TagSession\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"eks-pod-identity-example\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleS3 = new Aws.Iam.RolePolicyAttachment(\"example_s3\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\",\n Role = example.Name,\n });\n\n var examplePodIdentityAssociation = new Aws.Eks.PodIdentityAssociation(\"example\", new()\n {\n ClusterName = exampleAwsEksCluster.Name,\n Namespace = \"example\",\n ServiceAccount = \"example-sa\",\n RoleArn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"pods.eks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t\t\"sts:TagSession\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"eks-pod-identity-example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_s3\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewPodIdentityAssociation(ctx, \"example\", \u0026eks.PodIdentityAssociationArgs{\n\t\t\tClusterName: pulumi.Any(exampleAwsEksCluster.Name),\n\t\t\tNamespace: pulumi.String(\"example\"),\n\t\t\tServiceAccount: pulumi.String(\"example-sa\"),\n\t\t\tRoleArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.eks.PodIdentityAssociation;\nimport com.pulumi.aws.eks.PodIdentityAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"pods.eks.amazonaws.com\")\n .build())\n .actions( \n \"sts:AssumeRole\",\n \"sts:TagSession\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"eks-pod-identity-example\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleS3 = new RolePolicyAttachment(\"exampleS3\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\")\n .role(example.name())\n .build());\n\n var examplePodIdentityAssociation = new PodIdentityAssociation(\"examplePodIdentityAssociation\", PodIdentityAssociationArgs.builder() \n .clusterName(exampleAwsEksCluster.name())\n .namespace(\"example\")\n .serviceAccount(\"example-sa\")\n .roleArn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: eks-pod-identity-example\n assumeRolePolicy: ${assumeRole.json}\n exampleS3:\n type: aws:iam:RolePolicyAttachment\n name: example_s3\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\n role: ${example.name}\n examplePodIdentityAssociation:\n type: aws:eks:PodIdentityAssociation\n name: example\n properties:\n clusterName: ${exampleAwsEksCluster.name}\n namespace: example\n serviceAccount: example-sa\n roleArn: ${example.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - pods.eks.amazonaws.com\n actions:\n - sts:AssumeRole\n - sts:TagSession\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EKS (Elastic Kubernetes) Pod Identity Association using the `cluster_name` and `association_id` separated by a comma (`,`). For example:\n\n```sh\n$ pulumi import aws:eks/podIdentityAssociation:PodIdentityAssociation example example,a-12345678\n```\n", "properties": { "associationArn": { "type": "string", @@ -234645,7 +234645,7 @@ } }, "aws:elasticsearch/domain:Domain": { - "description": "Manages an AWS Elasticsearch Domain.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {\n domainName: \"example\",\n elasticsearchVersion: \"7.10\",\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\",\n domain_name=\"example\",\n elasticsearch_version=\"7.10\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n DomainName = \"example\",\n ElasticsearchVersion = \"7.10\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tElasticsearchVersion: pulumi.String(\"7.10\"),\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.elasticsearch\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"example\")\n .elasticsearchVersion(\"7.10\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.elasticsearch\")\n .build())\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n domainName: example\n elasticsearchVersion: '7.10'\n clusterConfig:\n instanceType: r4.large.elasticsearch\n tags:\n Domain: TestDomain\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Access Policy\n\n\u003e See also: `aws.elasticsearch.DomainPolicy` resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst example = new aws.elasticsearch.Domain(\"example\", {\n domainName: domain,\n accessPolicies: Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nexample = aws.elasticsearch.Domain(\"example\",\n domain_name=domain,\n access_policies=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": [\"66.193.100.22/32\"]}}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n DomainName = domain,\n AccessPolicies = Output.Tuple(current, currentGetCallerIdentity).Apply(values =\u003e\n {\n var current = values.Item1;\n var currentGetCallerIdentity = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": [\"\"66.193.100.22/32\"\"]}}\n }}\n }}\n ]\n}}\n\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(domain),\n\t\t\tAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`, current.Name, currentGetCallerIdentity.AccountId, domain)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(domain)\n .accessPolicies(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n domainName: ${domain}\n accessPolicies: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n }\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Log Publishing to CloudWatch Logs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {name: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"example\", {\n policyName: \"example\",\n policyDocument: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.elasticsearch.Domain(\"example\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"example\", name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"example\",\n policy_name=\"example\",\n policy_document=example.json)\nexample_domain = aws.elasticsearch.Domain(\"example\", log_publishing_options=[aws.elasticsearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"example\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"example\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tLogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026elasticsearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: example\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: example\n properties:\n policyName: example\n policyDocument: ${example.json}\n exampleDomain:\n type: aws:elasticsearch:Domain\n name: example\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### VPC based ES\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst selected = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst selectedGetSubnets = selected.then(selected =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [selected.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst es = new aws.ec2.SecurityGroup(\"es\", {\n name: `${vpc}-elasticsearch-${domain}`,\n description: \"Managed by Pulumi\",\n vpcId: selected.then(selected =\u003e selected.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [selected.then(selected =\u003e selected.cidrBlock)],\n }],\n});\nconst esServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"es\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst esDomain = new aws.elasticsearch.Domain(\"es\", {\n domainName: domain,\n elasticsearchVersion: \"6.3\",\n clusterConfig: {\n instanceType: \"m4.large.elasticsearch\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n selectedGetSubnets.then(selectedGetSubnets =\u003e selectedGetSubnets.ids?.[0]),\n selectedGetSubnets.then(selectedGetSubnets =\u003e selectedGetSubnets.ids?.[1]),\n ],\n securityGroupIds: [es.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\"\n\t\t}\n\t]\n}\n`),\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nselected = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nselected_get_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[selected.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nes = aws.ec2.SecurityGroup(\"es\",\n name=f\"{vpc}-elasticsearch-{domain}\",\n description=\"Managed by Pulumi\",\n vpc_id=selected.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[selected.cidr_block],\n )])\nes_service_linked_role = aws.iam.ServiceLinkedRole(\"es\", aws_service_name=\"opensearchservice.amazonaws.com\")\nes_domain = aws.elasticsearch.Domain(\"es\",\n domain_name=domain,\n elasticsearch_version=\"6.3\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.elasticsearch\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n subnet_ids=[\n selected_get_subnets.ids[0],\n selected_get_subnets.ids[1],\n ],\n security_group_ids=[es.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=f\"\"\"{{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\"\n\t\t}}\n\t]\n}}\n\"\"\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var selected = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var selectedGetSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n selected.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var es = new Aws.Ec2.SecurityGroup(\"es\", new()\n {\n Name = $\"{vpc}-elasticsearch-{domain}\",\n Description = \"Managed by Pulumi\",\n VpcId = selected.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n selected.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"es\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var esDomain = new Aws.ElasticSearch.Domain(\"es\", new()\n {\n DomainName = domain,\n ElasticsearchVersion = \"6.3\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.elasticsearch\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n selectedGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n selectedGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n es.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = Output.Tuple(current, currentGetCallerIdentity).Apply(values =\u003e\n {\n var current = values.Item1;\n var currentGetCallerIdentity = values.Item2;\n return @$\"{{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{{\n\t\t\t\"\"Action\"\": \"\"es:*\"\",\n\t\t\t\"\"Principal\"\": \"\"*\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Resource\"\": \"\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\"\n\t\t}}\n\t]\n}}\n\";\n }),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nselected, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nselectedGetSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nselected.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrent, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nes, err := ec2.NewSecurityGroup(ctx, \"es\", \u0026ec2.SecurityGroupArgs{\nName: pulumi.String(fmt.Sprintf(\"%v-elasticsearch-%v\", vpc, domain)),\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(selected.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(selected.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\n_, err = iam.NewServiceLinkedRole(ctx, \"es\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\n_, err = elasticsearch.NewDomain(ctx, \"es\", \u0026elasticsearch.DomainArgs{\nDomainName: pulumi.String(domain),\nElasticsearchVersion: pulumi.String(\"6.3\"),\nClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.elasticsearch\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(selectedGetSubnets.Ids[0]),\n*pulumi.String(selectedGetSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nes.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\"\n\t\t}\n\t]\n}\n`, current.Name, currentGetCallerIdentity.AccountId, domain)),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var selected = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var selectedGetSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(selected.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var es = new SecurityGroup(\"es\", SecurityGroupArgs.builder() \n .name(String.format(\"%s-elasticsearch-%s\", vpc,domain))\n .description(\"Managed by Pulumi\")\n .vpcId(selected.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(selected.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var esServiceLinkedRole = new ServiceLinkedRole(\"esServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n var esDomain = new Domain(\"esDomain\", DomainArgs.builder() \n .domainName(domain)\n .elasticsearchVersion(\"6.3\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.elasticsearch\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n selectedGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n selectedGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(es.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(\"\"\"\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\"\n\t\t}\n\t]\n}\n\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n es:\n type: aws:ec2:SecurityGroup\n properties:\n name: ${vpc}-elasticsearch-${domain}\n description: Managed by Pulumi\n vpcId: ${selected.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${selected.cidrBlock}\n esServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n name: es\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n esDomain:\n type: aws:elasticsearch:Domain\n name: es\n properties:\n domainName: ${domain}\n elasticsearchVersion: '6.3'\n clusterConfig:\n instanceType: m4.large.elasticsearch\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${selectedGetSubnets.ids[0]}\n - ${selectedGetSubnets.ids[1]}\n securityGroupIds:\n - ${es.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: |\n {\n \t\"Version\": \"2012-10-17\",\n \t\"Statement\": [\n \t\t{\n \t\t\t\"Action\": \"es:*\",\n \t\t\t\"Principal\": \"*\",\n \t\t\t\"Effect\": \"Allow\",\n \t\t\t\"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\"\n \t\t}\n \t]\n }\n tags:\n Domain: TestDomain\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n selectedGetSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${selected.id}\n tags:\n Tier: private\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Elasticsearch domains using the `domain_name`. For example:\n\n```sh\n$ pulumi import aws:elasticsearch/domain:Domain example domain_name\n```\n", + "description": "Manages an AWS Elasticsearch Domain.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {\n domainName: \"example\",\n elasticsearchVersion: \"7.10\",\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\",\n domain_name=\"example\",\n elasticsearch_version=\"7.10\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n DomainName = \"example\",\n ElasticsearchVersion = \"7.10\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tElasticsearchVersion: pulumi.String(\"7.10\"),\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.elasticsearch\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"example\")\n .elasticsearchVersion(\"7.10\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.elasticsearch\")\n .build())\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n domainName: example\n elasticsearchVersion: '7.10'\n clusterConfig:\n instanceType: r4.large.elasticsearch\n tags:\n Domain: TestDomain\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Access Policy\n\n\u003e See also: `aws.elasticsearch.DomainPolicy` resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst example = new aws.elasticsearch.Domain(\"example\", {\n domainName: domain,\n accessPolicies: Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nexample = aws.elasticsearch.Domain(\"example\",\n domain_name=domain,\n access_policies=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": [\"66.193.100.22/32\"]}}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n DomainName = domain,\n AccessPolicies = Output.Tuple(current, currentGetCallerIdentity).Apply(values =\u003e\n {\n var current = values.Item1;\n var currentGetCallerIdentity = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": [\"\"66.193.100.22/32\"\"]}}\n }}\n }}\n ]\n}}\n\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(domain),\n\t\t\tAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`, current.Name, currentGetCallerIdentity.AccountId, domain)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(domain)\n .accessPolicies(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n domainName: ${domain}\n accessPolicies: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n }\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Log Publishing to CloudWatch Logs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {name: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"example\", {\n policyName: \"example\",\n policyDocument: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.elasticsearch.Domain(\"example\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"example\", name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"example\",\n policy_name=\"example\",\n policy_document=example.json)\nexample_domain = aws.elasticsearch.Domain(\"example\", log_publishing_options=[aws.elasticsearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"example\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"example\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tLogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026elasticsearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: example\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: example\n properties:\n policyName: example\n policyDocument: ${example.json}\n exampleDomain:\n type: aws:elasticsearch:Domain\n name: example\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### VPC based ES\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst selected = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst selectedGetSubnets = selected.then(selected =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [selected.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst es = new aws.ec2.SecurityGroup(\"es\", {\n name: `${vpc}-elasticsearch-${domain}`,\n description: \"Managed by Pulumi\",\n vpcId: selected.then(selected =\u003e selected.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [selected.then(selected =\u003e selected.cidrBlock)],\n }],\n});\nconst esServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"es\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst esDomain = new aws.elasticsearch.Domain(\"es\", {\n domainName: domain,\n elasticsearchVersion: \"6.3\",\n clusterConfig: {\n instanceType: \"m4.large.elasticsearch\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n selectedGetSubnets.then(selectedGetSubnets =\u003e selectedGetSubnets.ids?.[0]),\n selectedGetSubnets.then(selectedGetSubnets =\u003e selectedGetSubnets.ids?.[1]),\n ],\n securityGroupIds: [es.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\"\n\t\t}\n\t]\n}\n`),\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nselected = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nselected_get_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[selected.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nes = aws.ec2.SecurityGroup(\"es\",\n name=f\"{vpc}-elasticsearch-{domain}\",\n description=\"Managed by Pulumi\",\n vpc_id=selected.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[selected.cidr_block],\n )])\nes_service_linked_role = aws.iam.ServiceLinkedRole(\"es\", aws_service_name=\"opensearchservice.amazonaws.com\")\nes_domain = aws.elasticsearch.Domain(\"es\",\n domain_name=domain,\n elasticsearch_version=\"6.3\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.elasticsearch\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n subnet_ids=[\n selected_get_subnets.ids[0],\n selected_get_subnets.ids[1],\n ],\n security_group_ids=[es.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=f\"\"\"{{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\"\n\t\t}}\n\t]\n}}\n\"\"\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var selected = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var selectedGetSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n selected.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var es = new Aws.Ec2.SecurityGroup(\"es\", new()\n {\n Name = $\"{vpc}-elasticsearch-{domain}\",\n Description = \"Managed by Pulumi\",\n VpcId = selected.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n selected.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"es\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var esDomain = new Aws.ElasticSearch.Domain(\"es\", new()\n {\n DomainName = domain,\n ElasticsearchVersion = \"6.3\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.elasticsearch\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n selectedGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n selectedGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n es.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = Output.Tuple(current, currentGetCallerIdentity).Apply(values =\u003e\n {\n var current = values.Item1;\n var currentGetCallerIdentity = values.Item2;\n return @$\"{{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{{\n\t\t\t\"\"Action\"\": \"\"es:*\"\",\n\t\t\t\"\"Principal\"\": \"\"*\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Resource\"\": \"\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\"\n\t\t}}\n\t]\n}}\n\";\n }),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nselected, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nselectedGetSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nselected.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrent, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nes, err := ec2.NewSecurityGroup(ctx, \"es\", \u0026ec2.SecurityGroupArgs{\nName: pulumi.String(fmt.Sprintf(\"%v-elasticsearch-%v\", vpc, domain)),\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: pulumi.String(selected.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\npulumi.String(selected.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\n_, err = iam.NewServiceLinkedRole(ctx, \"es\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\n_, err = elasticsearch.NewDomain(ctx, \"es\", \u0026elasticsearch.DomainArgs{\nDomainName: pulumi.String(domain),\nElasticsearchVersion: pulumi.String(\"6.3\"),\nClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.elasticsearch\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\npulumi.String(selectedGetSubnets.Ids[0]),\npulumi.String(selectedGetSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nes.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\"\n\t\t}\n\t]\n}\n`, current.Name, currentGetCallerIdentity.AccountId, domain)),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var selected = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var selectedGetSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(selected.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var es = new SecurityGroup(\"es\", SecurityGroupArgs.builder() \n .name(String.format(\"%s-elasticsearch-%s\", vpc,domain))\n .description(\"Managed by Pulumi\")\n .vpcId(selected.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(selected.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var esServiceLinkedRole = new ServiceLinkedRole(\"esServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n var esDomain = new Domain(\"esDomain\", DomainArgs.builder() \n .domainName(domain)\n .elasticsearchVersion(\"6.3\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.elasticsearch\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n selectedGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n selectedGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(es.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(\"\"\"\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\"\n\t\t}\n\t]\n}\n\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n es:\n type: aws:ec2:SecurityGroup\n properties:\n name: ${vpc}-elasticsearch-${domain}\n description: Managed by Pulumi\n vpcId: ${selected.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${selected.cidrBlock}\n esServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n name: es\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n esDomain:\n type: aws:elasticsearch:Domain\n name: es\n properties:\n domainName: ${domain}\n elasticsearchVersion: '6.3'\n clusterConfig:\n instanceType: m4.large.elasticsearch\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${selectedGetSubnets.ids[0]}\n - ${selectedGetSubnets.ids[1]}\n securityGroupIds:\n - ${es.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: |\n {\n \t\"Version\": \"2012-10-17\",\n \t\"Statement\": [\n \t\t{\n \t\t\t\"Action\": \"es:*\",\n \t\t\t\"Principal\": \"*\",\n \t\t\t\"Effect\": \"Allow\",\n \t\t\t\"Resource\": \"arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\"\n \t\t}\n \t]\n }\n tags:\n Domain: TestDomain\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n selectedGetSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${selected.id}\n tags:\n Tier: private\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Elasticsearch domains using the `domain_name`. For example:\n\n```sh\n$ pulumi import aws:elasticsearch/domain:Domain example domain_name\n```\n", "properties": { "accessPolicies": { "type": "string", @@ -244366,7 +244366,7 @@ } }, "aws:gamelift/gameServerGroup:GameServerGroup": { - "description": "Provides an GameLift Game Server Group resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.gamelift.GameServerGroup(\"example\", {\n gameServerGroupName: \"example\",\n instanceDefinitions: [\n {\n instanceType: \"c5.large\",\n },\n {\n instanceType: \"c5a.large\",\n },\n ],\n launchTemplate: {\n id: exampleAwsLaunchTemplate.id,\n },\n maxSize: 1,\n minSize: 1,\n roleArn: exampleAwsIamRole.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.gamelift.GameServerGroup(\"example\",\n game_server_group_name=\"example\",\n instance_definitions=[\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5.large\",\n ),\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5a.large\",\n ),\n ],\n launch_template=aws.gamelift.GameServerGroupLaunchTemplateArgs(\n id=example_aws_launch_template[\"id\"],\n ),\n max_size=1,\n min_size=1,\n role_arn=example_aws_iam_role[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.GameLift.GameServerGroup(\"example\", new()\n {\n GameServerGroupName = \"example\",\n InstanceDefinitions = new[]\n {\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5.large\",\n },\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5a.large\",\n },\n },\n LaunchTemplate = new Aws.GameLift.Inputs.GameServerGroupLaunchTemplateArgs\n {\n Id = exampleAwsLaunchTemplate.Id,\n },\n MaxSize = 1,\n MinSize = 1,\n RoleArn = exampleAwsIamRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewGameServerGroup(ctx, \"example\", \u0026gamelift.GameServerGroupArgs{\n\t\t\tGameServerGroupName: pulumi.String(\"example\"),\n\t\t\tInstanceDefinitions: gamelift.GameServerGroupInstanceDefinitionArray{\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t\t\t},\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5a.large\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchTemplate: \u0026gamelift.GameServerGroupLaunchTemplateArgs{\n\t\t\t\tId: pulumi.Any(exampleAwsLaunchTemplate.Id),\n\t\t\t},\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.gamelift.GameServerGroup;\nimport com.pulumi.aws.gamelift.GameServerGroupArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupInstanceDefinitionArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GameServerGroup(\"example\", GameServerGroupArgs.builder() \n .gameServerGroupName(\"example\")\n .instanceDefinitions( \n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5.large\")\n .build(),\n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5a.large\")\n .build())\n .launchTemplate(GameServerGroupLaunchTemplateArgs.builder()\n .id(exampleAwsLaunchTemplate.id())\n .build())\n .maxSize(1)\n .minSize(1)\n .roleArn(exampleAwsIamRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:gamelift:GameServerGroup\n properties:\n gameServerGroupName: example\n instanceDefinitions:\n - instanceType: c5.large\n - instanceType: c5a.large\n launchTemplate:\n id: ${exampleAwsLaunchTemplate.id}\n maxSize: 1\n minSize: 1\n roleArn: ${exampleAwsIamRole.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nFull usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.gamelift.GameServerGroup(\"example\", {\n autoScalingPolicy: {\n estimatedInstanceWarmup: 60,\n targetTrackingConfiguration: {\n targetValue: 75,\n },\n },\n balancingStrategy: \"SPOT_ONLY\",\n gameServerGroupName: \"example\",\n gameServerProtectionPolicy: \"FULL_PROTECTION\",\n instanceDefinitions: [\n {\n instanceType: \"c5.large\",\n weightedCapacity: \"1\",\n },\n {\n instanceType: \"c5.2xlarge\",\n weightedCapacity: \"2\",\n },\n ],\n launchTemplate: {\n id: exampleAwsLaunchTemplate.id,\n version: \"1\",\n },\n maxSize: 1,\n minSize: 1,\n roleArn: exampleAwsIamRole.arn,\n tags: {\n Name: \"example\",\n },\n vpcSubnets: [\n \"subnet-12345678\",\n \"subnet-23456789\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.gamelift.GameServerGroup(\"example\",\n auto_scaling_policy=aws.gamelift.GameServerGroupAutoScalingPolicyArgs(\n estimated_instance_warmup=60,\n target_tracking_configuration=aws.gamelift.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs(\n target_value=75,\n ),\n ),\n balancing_strategy=\"SPOT_ONLY\",\n game_server_group_name=\"example\",\n game_server_protection_policy=\"FULL_PROTECTION\",\n instance_definitions=[\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5.large\",\n weighted_capacity=\"1\",\n ),\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5.2xlarge\",\n weighted_capacity=\"2\",\n ),\n ],\n launch_template=aws.gamelift.GameServerGroupLaunchTemplateArgs(\n id=example_aws_launch_template[\"id\"],\n version=\"1\",\n ),\n max_size=1,\n min_size=1,\n role_arn=example_aws_iam_role[\"arn\"],\n tags={\n \"Name\": \"example\",\n },\n vpc_subnets=[\n \"subnet-12345678\",\n \"subnet-23456789\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.GameLift.GameServerGroup(\"example\", new()\n {\n AutoScalingPolicy = new Aws.GameLift.Inputs.GameServerGroupAutoScalingPolicyArgs\n {\n EstimatedInstanceWarmup = 60,\n TargetTrackingConfiguration = new Aws.GameLift.Inputs.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs\n {\n TargetValue = 75,\n },\n },\n BalancingStrategy = \"SPOT_ONLY\",\n GameServerGroupName = \"example\",\n GameServerProtectionPolicy = \"FULL_PROTECTION\",\n InstanceDefinitions = new[]\n {\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5.large\",\n WeightedCapacity = \"1\",\n },\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5.2xlarge\",\n WeightedCapacity = \"2\",\n },\n },\n LaunchTemplate = new Aws.GameLift.Inputs.GameServerGroupLaunchTemplateArgs\n {\n Id = exampleAwsLaunchTemplate.Id,\n Version = \"1\",\n },\n MaxSize = 1,\n MinSize = 1,\n RoleArn = exampleAwsIamRole.Arn,\n Tags = \n {\n { \"Name\", \"example\" },\n },\n VpcSubnets = new[]\n {\n \"subnet-12345678\",\n \"subnet-23456789\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewGameServerGroup(ctx, \"example\", \u0026gamelift.GameServerGroupArgs{\n\t\t\tAutoScalingPolicy: \u0026gamelift.GameServerGroupAutoScalingPolicyArgs{\n\t\t\t\tEstimatedInstanceWarmup: pulumi.Int(60),\n\t\t\t\tTargetTrackingConfiguration: \u0026gamelift.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs{\n\t\t\t\t\tTargetValue: pulumi.Float64(75),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBalancingStrategy: pulumi.String(\"SPOT_ONLY\"),\n\t\t\tGameServerGroupName: pulumi.String(\"example\"),\n\t\t\tGameServerProtectionPolicy: pulumi.String(\"FULL_PROTECTION\"),\n\t\t\tInstanceDefinitions: gamelift.GameServerGroupInstanceDefinitionArray{\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"1\"),\n\t\t\t\t},\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5.2xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchTemplate: \u0026gamelift.GameServerGroupLaunchTemplateArgs{\n\t\t\t\tId: pulumi.Any(exampleAwsLaunchTemplate.Id),\n\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t},\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t\tVpcSubnets: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"subnet-12345678\"),\n\t\t\t\tpulumi.String(\"subnet-23456789\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.gamelift.GameServerGroup;\nimport com.pulumi.aws.gamelift.GameServerGroupArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupAutoScalingPolicyArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupInstanceDefinitionArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GameServerGroup(\"example\", GameServerGroupArgs.builder() \n .autoScalingPolicy(GameServerGroupAutoScalingPolicyArgs.builder()\n .estimatedInstanceWarmup(60)\n .targetTrackingConfiguration(GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs.builder()\n .targetValue(75)\n .build())\n .build())\n .balancingStrategy(\"SPOT_ONLY\")\n .gameServerGroupName(\"example\")\n .gameServerProtectionPolicy(\"FULL_PROTECTION\")\n .instanceDefinitions( \n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5.large\")\n .weightedCapacity(\"1\")\n .build(),\n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5.2xlarge\")\n .weightedCapacity(\"2\")\n .build())\n .launchTemplate(GameServerGroupLaunchTemplateArgs.builder()\n .id(exampleAwsLaunchTemplate.id())\n .version(\"1\")\n .build())\n .maxSize(1)\n .minSize(1)\n .roleArn(exampleAwsIamRole.arn())\n .tags(Map.of(\"Name\", \"example\"))\n .vpcSubnets( \n \"subnet-12345678\",\n \"subnet-23456789\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:gamelift:GameServerGroup\n properties:\n autoScalingPolicy:\n estimatedInstanceWarmup: 60\n targetTrackingConfiguration:\n targetValue: 75\n balancingStrategy: SPOT_ONLY\n gameServerGroupName: example\n gameServerProtectionPolicy: FULL_PROTECTION\n instanceDefinitions:\n - instanceType: c5.large\n weightedCapacity: '1'\n - instanceType: c5.2xlarge\n weightedCapacity: '2'\n launchTemplate:\n id: ${exampleAwsLaunchTemplate.id}\n version: '1'\n maxSize: 1\n minSize: 1\n roleArn: ${exampleAwsIamRole.arn}\n tags:\n Name: example\n vpcSubnets:\n - subnet-12345678\n - subnet-23456789\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example IAM Role for GameLift Game Server Group\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getPartition({});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\",\n ],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n name: \"gamelift-game-server-group-example\",\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n policyArn: current.then(current =\u003e `arn:${current.partition}:iam::aws:policy/GameLiftGameServerGroupPolicy`),\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_partition()\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\",\n ],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n assume_role_policy=assume_role.json,\n name=\"gamelift-game-server-group-example\")\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n policy_arn=f\"arn:{current.partition}:iam::aws:policy/GameLiftGameServerGroupPolicy\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetPartition.Invoke();\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"gamelift-game-server-group-example\",\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n PolicyArn = $\"arn:{current.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:iam::aws:policy/GameLiftGameServerGroupPolicy\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"autoscaling.amazonaws.com\",\n\t\t\t\t\t\t\t\t\"gamelift.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t\tName: pulumi.String(\"gamelift-game-server-group-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(fmt.Sprintf(\"arn:%v:iam::aws:policy/GameLiftGameServerGroupPolicy\", current.Partition)),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getPartition();\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers( \n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"gamelift-game-server-group-example\")\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(String.format(\"arn:%s:iam::aws:policy/GameLiftGameServerGroupPolicy\", current.applyValue(getPartitionResult -\u003e getPartitionResult.partition())))\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n name: gamelift-game-server-group-example\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n policyArn: arn:${current.partition}:iam::aws:policy/GameLiftGameServerGroupPolicy\n role: ${example.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - autoscaling.amazonaws.com\n - gamelift.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import GameLift Game Server Group using the `name`. For example:\n\n```sh\n$ pulumi import aws:gamelift/gameServerGroup:GameServerGroup example example\n```\n", + "description": "Provides an GameLift Game Server Group resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.gamelift.GameServerGroup(\"example\", {\n gameServerGroupName: \"example\",\n instanceDefinitions: [\n {\n instanceType: \"c5.large\",\n },\n {\n instanceType: \"c5a.large\",\n },\n ],\n launchTemplate: {\n id: exampleAwsLaunchTemplate.id,\n },\n maxSize: 1,\n minSize: 1,\n roleArn: exampleAwsIamRole.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.gamelift.GameServerGroup(\"example\",\n game_server_group_name=\"example\",\n instance_definitions=[\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5.large\",\n ),\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5a.large\",\n ),\n ],\n launch_template=aws.gamelift.GameServerGroupLaunchTemplateArgs(\n id=example_aws_launch_template[\"id\"],\n ),\n max_size=1,\n min_size=1,\n role_arn=example_aws_iam_role[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.GameLift.GameServerGroup(\"example\", new()\n {\n GameServerGroupName = \"example\",\n InstanceDefinitions = new[]\n {\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5.large\",\n },\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5a.large\",\n },\n },\n LaunchTemplate = new Aws.GameLift.Inputs.GameServerGroupLaunchTemplateArgs\n {\n Id = exampleAwsLaunchTemplate.Id,\n },\n MaxSize = 1,\n MinSize = 1,\n RoleArn = exampleAwsIamRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewGameServerGroup(ctx, \"example\", \u0026gamelift.GameServerGroupArgs{\n\t\t\tGameServerGroupName: pulumi.String(\"example\"),\n\t\t\tInstanceDefinitions: gamelift.GameServerGroupInstanceDefinitionArray{\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t\t\t},\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5a.large\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchTemplate: \u0026gamelift.GameServerGroupLaunchTemplateArgs{\n\t\t\t\tId: pulumi.Any(exampleAwsLaunchTemplate.Id),\n\t\t\t},\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.gamelift.GameServerGroup;\nimport com.pulumi.aws.gamelift.GameServerGroupArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupInstanceDefinitionArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GameServerGroup(\"example\", GameServerGroupArgs.builder() \n .gameServerGroupName(\"example\")\n .instanceDefinitions( \n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5.large\")\n .build(),\n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5a.large\")\n .build())\n .launchTemplate(GameServerGroupLaunchTemplateArgs.builder()\n .id(exampleAwsLaunchTemplate.id())\n .build())\n .maxSize(1)\n .minSize(1)\n .roleArn(exampleAwsIamRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:gamelift:GameServerGroup\n properties:\n gameServerGroupName: example\n instanceDefinitions:\n - instanceType: c5.large\n - instanceType: c5a.large\n launchTemplate:\n id: ${exampleAwsLaunchTemplate.id}\n maxSize: 1\n minSize: 1\n roleArn: ${exampleAwsIamRole.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nFull usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.gamelift.GameServerGroup(\"example\", {\n autoScalingPolicy: {\n estimatedInstanceWarmup: 60,\n targetTrackingConfiguration: {\n targetValue: 75,\n },\n },\n balancingStrategy: \"SPOT_ONLY\",\n gameServerGroupName: \"example\",\n gameServerProtectionPolicy: \"FULL_PROTECTION\",\n instanceDefinitions: [\n {\n instanceType: \"c5.large\",\n weightedCapacity: \"1\",\n },\n {\n instanceType: \"c5.2xlarge\",\n weightedCapacity: \"2\",\n },\n ],\n launchTemplate: {\n id: exampleAwsLaunchTemplate.id,\n version: \"1\",\n },\n maxSize: 1,\n minSize: 1,\n roleArn: exampleAwsIamRole.arn,\n tags: {\n Name: \"example\",\n },\n vpcSubnets: [\n \"subnet-12345678\",\n \"subnet-23456789\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.gamelift.GameServerGroup(\"example\",\n auto_scaling_policy=aws.gamelift.GameServerGroupAutoScalingPolicyArgs(\n estimated_instance_warmup=60,\n target_tracking_configuration=aws.gamelift.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs(\n target_value=75,\n ),\n ),\n balancing_strategy=\"SPOT_ONLY\",\n game_server_group_name=\"example\",\n game_server_protection_policy=\"FULL_PROTECTION\",\n instance_definitions=[\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5.large\",\n weighted_capacity=\"1\",\n ),\n aws.gamelift.GameServerGroupInstanceDefinitionArgs(\n instance_type=\"c5.2xlarge\",\n weighted_capacity=\"2\",\n ),\n ],\n launch_template=aws.gamelift.GameServerGroupLaunchTemplateArgs(\n id=example_aws_launch_template[\"id\"],\n version=\"1\",\n ),\n max_size=1,\n min_size=1,\n role_arn=example_aws_iam_role[\"arn\"],\n tags={\n \"Name\": \"example\",\n },\n vpc_subnets=[\n \"subnet-12345678\",\n \"subnet-23456789\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.GameLift.GameServerGroup(\"example\", new()\n {\n AutoScalingPolicy = new Aws.GameLift.Inputs.GameServerGroupAutoScalingPolicyArgs\n {\n EstimatedInstanceWarmup = 60,\n TargetTrackingConfiguration = new Aws.GameLift.Inputs.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs\n {\n TargetValue = 75,\n },\n },\n BalancingStrategy = \"SPOT_ONLY\",\n GameServerGroupName = \"example\",\n GameServerProtectionPolicy = \"FULL_PROTECTION\",\n InstanceDefinitions = new[]\n {\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5.large\",\n WeightedCapacity = \"1\",\n },\n new Aws.GameLift.Inputs.GameServerGroupInstanceDefinitionArgs\n {\n InstanceType = \"c5.2xlarge\",\n WeightedCapacity = \"2\",\n },\n },\n LaunchTemplate = new Aws.GameLift.Inputs.GameServerGroupLaunchTemplateArgs\n {\n Id = exampleAwsLaunchTemplate.Id,\n Version = \"1\",\n },\n MaxSize = 1,\n MinSize = 1,\n RoleArn = exampleAwsIamRole.Arn,\n Tags = \n {\n { \"Name\", \"example\" },\n },\n VpcSubnets = new[]\n {\n \"subnet-12345678\",\n \"subnet-23456789\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewGameServerGroup(ctx, \"example\", \u0026gamelift.GameServerGroupArgs{\n\t\t\tAutoScalingPolicy: \u0026gamelift.GameServerGroupAutoScalingPolicyArgs{\n\t\t\t\tEstimatedInstanceWarmup: pulumi.Int(60),\n\t\t\t\tTargetTrackingConfiguration: \u0026gamelift.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs{\n\t\t\t\t\tTargetValue: pulumi.Float64(75),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBalancingStrategy: pulumi.String(\"SPOT_ONLY\"),\n\t\t\tGameServerGroupName: pulumi.String(\"example\"),\n\t\t\tGameServerProtectionPolicy: pulumi.String(\"FULL_PROTECTION\"),\n\t\t\tInstanceDefinitions: gamelift.GameServerGroupInstanceDefinitionArray{\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"1\"),\n\t\t\t\t},\n\t\t\t\t\u0026gamelift.GameServerGroupInstanceDefinitionArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"c5.2xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchTemplate: \u0026gamelift.GameServerGroupLaunchTemplateArgs{\n\t\t\t\tId: pulumi.Any(exampleAwsLaunchTemplate.Id),\n\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t},\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t\tVpcSubnets: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"subnet-12345678\"),\n\t\t\t\tpulumi.String(\"subnet-23456789\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.gamelift.GameServerGroup;\nimport com.pulumi.aws.gamelift.GameServerGroupArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupAutoScalingPolicyArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupInstanceDefinitionArgs;\nimport com.pulumi.aws.gamelift.inputs.GameServerGroupLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GameServerGroup(\"example\", GameServerGroupArgs.builder() \n .autoScalingPolicy(GameServerGroupAutoScalingPolicyArgs.builder()\n .estimatedInstanceWarmup(60)\n .targetTrackingConfiguration(GameServerGroupAutoScalingPolicyTargetTrackingConfigurationArgs.builder()\n .targetValue(75)\n .build())\n .build())\n .balancingStrategy(\"SPOT_ONLY\")\n .gameServerGroupName(\"example\")\n .gameServerProtectionPolicy(\"FULL_PROTECTION\")\n .instanceDefinitions( \n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5.large\")\n .weightedCapacity(\"1\")\n .build(),\n GameServerGroupInstanceDefinitionArgs.builder()\n .instanceType(\"c5.2xlarge\")\n .weightedCapacity(\"2\")\n .build())\n .launchTemplate(GameServerGroupLaunchTemplateArgs.builder()\n .id(exampleAwsLaunchTemplate.id())\n .version(\"1\")\n .build())\n .maxSize(1)\n .minSize(1)\n .roleArn(exampleAwsIamRole.arn())\n .tags(Map.of(\"Name\", \"example\"))\n .vpcSubnets( \n \"subnet-12345678\",\n \"subnet-23456789\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:gamelift:GameServerGroup\n properties:\n autoScalingPolicy:\n estimatedInstanceWarmup: 60\n targetTrackingConfiguration:\n targetValue: 75\n balancingStrategy: SPOT_ONLY\n gameServerGroupName: example\n gameServerProtectionPolicy: FULL_PROTECTION\n instanceDefinitions:\n - instanceType: c5.large\n weightedCapacity: '1'\n - instanceType: c5.2xlarge\n weightedCapacity: '2'\n launchTemplate:\n id: ${exampleAwsLaunchTemplate.id}\n version: '1'\n maxSize: 1\n minSize: 1\n roleArn: ${exampleAwsIamRole.arn}\n tags:\n Name: example\n vpcSubnets:\n - subnet-12345678\n - subnet-23456789\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example IAM Role for GameLift Game Server Group\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getPartition({});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\",\n ],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n name: \"gamelift-game-server-group-example\",\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n policyArn: current.then(current =\u003e `arn:${current.partition}:iam::aws:policy/GameLiftGameServerGroupPolicy`),\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_partition()\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\",\n ],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\",\n assume_role_policy=assume_role.json,\n name=\"gamelift-game-server-group-example\")\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n policy_arn=f\"arn:{current.partition}:iam::aws:policy/GameLiftGameServerGroupPolicy\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetPartition.Invoke();\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Name = \"gamelift-game-server-group-example\",\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n PolicyArn = $\"arn:{current.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:iam::aws:policy/GameLiftGameServerGroupPolicy\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"autoscaling.amazonaws.com\",\n\t\t\t\t\t\t\t\t\"gamelift.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t\tName: pulumi.String(\"gamelift-game-server-group-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(fmt.Sprintf(\"arn:%v:iam::aws:policy/GameLiftGameServerGroupPolicy\", current.Partition)),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getPartition();\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers( \n \"autoscaling.amazonaws.com\",\n \"gamelift.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .name(\"gamelift-game-server-group-example\")\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(String.format(\"arn:%s:iam::aws:policy/GameLiftGameServerGroupPolicy\", current.applyValue(getPartitionResult -\u003e getPartitionResult.partition())))\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n name: gamelift-game-server-group-example\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n policyArn: arn:${current.partition}:iam::aws:policy/GameLiftGameServerGroupPolicy\n role: ${example.name}\nvariables:\n current:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - autoscaling.amazonaws.com\n - gamelift.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import GameLift Game Server Group using the `name`. For example:\n\n```sh\n$ pulumi import aws:gamelift/gameServerGroup:GameServerGroup example example\n```\n", "properties": { "arn": { "type": "string", @@ -245225,7 +245225,7 @@ } }, "aws:glacier/vault:Vault": { - "description": "Provides a Glacier Vault Resource. You can refer to the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/working-with-vaults.html) for a full explanation of the Glacier Vault functionality\n\n\u003e **NOTE:** When removing a Glacier Vault, the Vault must be empty.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsSnsTopic = new aws.sns.Topic(\"aws_sns_topic\", {name: \"glacier-sns-topic\"});\nconst myArchive = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"add-read-only-perm\",\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\",\n ],\n resources: [\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"],\n }],\n});\nconst myArchiveVault = new aws.glacier.Vault(\"my_archive\", {\n name: \"MyArchive\",\n notification: {\n snsTopic: awsSnsTopic.arn,\n events: [\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n ],\n },\n accessPolicy: myArchive.then(myArchive =\u003e myArchive.json),\n tags: {\n Test: \"MyArchive\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_sns_topic = aws.sns.Topic(\"aws_sns_topic\", name=\"glacier-sns-topic\")\nmy_archive = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"add-read-only-perm\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\",\n ],\n resources=[\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"],\n)])\nmy_archive_vault = aws.glacier.Vault(\"my_archive\",\n name=\"MyArchive\",\n notification=aws.glacier.VaultNotificationArgs(\n sns_topic=aws_sns_topic.arn,\n events=[\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n ],\n ),\n access_policy=my_archive.json,\n tags={\n \"Test\": \"MyArchive\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var awsSnsTopic = new Aws.Sns.Topic(\"aws_sns_topic\", new()\n {\n Name = \"glacier-sns-topic\",\n });\n\n var myArchive = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"add-read-only-perm\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\",\n },\n Resources = new[]\n {\n \"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\",\n },\n },\n },\n });\n\n var myArchiveVault = new Aws.Glacier.Vault(\"my_archive\", new()\n {\n Name = \"MyArchive\",\n Notification = new Aws.Glacier.Inputs.VaultNotificationArgs\n {\n SnsTopic = awsSnsTopic.Arn,\n Events = new[]\n {\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n },\n },\n AccessPolicy = myArchive.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Test\", \"MyArchive\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glacier\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tawsSnsTopic, err := sns.NewTopic(ctx, \"aws_sns_topic\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"glacier-sns-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyArchive, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"add-read-only-perm\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"glacier:InitiateJob\",\n\t\t\t\t\t\t\"glacier:GetJobOutput\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glacier.NewVault(ctx, \"my_archive\", \u0026glacier.VaultArgs{\n\t\t\tName: pulumi.String(\"MyArchive\"),\n\t\t\tNotification: \u0026glacier.VaultNotificationArgs{\n\t\t\t\tSnsTopic: awsSnsTopic.Arn,\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ArchiveRetrievalCompleted\"),\n\t\t\t\t\tpulumi.String(\"InventoryRetrievalCompleted\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAccessPolicy: *pulumi.String(myArchive.Json),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Test\": pulumi.String(\"MyArchive\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.glacier.Vault;\nimport com.pulumi.aws.glacier.VaultArgs;\nimport com.pulumi.aws.glacier.inputs.VaultNotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var awsSnsTopic = new Topic(\"awsSnsTopic\", TopicArgs.builder() \n .name(\"glacier-sns-topic\")\n .build());\n\n final var myArchive = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"add-read-only-perm\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions( \n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\")\n .resources(\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\")\n .build())\n .build());\n\n var myArchiveVault = new Vault(\"myArchiveVault\", VaultArgs.builder() \n .name(\"MyArchive\")\n .notification(VaultNotificationArgs.builder()\n .snsTopic(awsSnsTopic.arn())\n .events( \n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\")\n .build())\n .accessPolicy(myArchive.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Test\", \"MyArchive\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n awsSnsTopic:\n type: aws:sns:Topic\n name: aws_sns_topic\n properties:\n name: glacier-sns-topic\n myArchiveVault:\n type: aws:glacier:Vault\n name: my_archive\n properties:\n name: MyArchive\n notification:\n snsTopic: ${awsSnsTopic.arn}\n events:\n - ArchiveRetrievalCompleted\n - InventoryRetrievalCompleted\n accessPolicy: ${myArchive.json}\n tags:\n Test: MyArchive\nvariables:\n myArchive:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: add-read-only-perm\n effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - glacier:InitiateJob\n - glacier:GetJobOutput\n resources:\n - arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Glacier Vaults using the `name`. For example:\n\n```sh\n$ pulumi import aws:glacier/vault:Vault archive my_archive\n```\n", + "description": "Provides a Glacier Vault Resource. You can refer to the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/working-with-vaults.html) for a full explanation of the Glacier Vault functionality\n\n\u003e **NOTE:** When removing a Glacier Vault, the Vault must be empty.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsSnsTopic = new aws.sns.Topic(\"aws_sns_topic\", {name: \"glacier-sns-topic\"});\nconst myArchive = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"add-read-only-perm\",\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\",\n ],\n resources: [\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"],\n }],\n});\nconst myArchiveVault = new aws.glacier.Vault(\"my_archive\", {\n name: \"MyArchive\",\n notification: {\n snsTopic: awsSnsTopic.arn,\n events: [\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n ],\n },\n accessPolicy: myArchive.then(myArchive =\u003e myArchive.json),\n tags: {\n Test: \"MyArchive\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_sns_topic = aws.sns.Topic(\"aws_sns_topic\", name=\"glacier-sns-topic\")\nmy_archive = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"add-read-only-perm\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\",\n ],\n resources=[\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"],\n)])\nmy_archive_vault = aws.glacier.Vault(\"my_archive\",\n name=\"MyArchive\",\n notification=aws.glacier.VaultNotificationArgs(\n sns_topic=aws_sns_topic.arn,\n events=[\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n ],\n ),\n access_policy=my_archive.json,\n tags={\n \"Test\": \"MyArchive\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var awsSnsTopic = new Aws.Sns.Topic(\"aws_sns_topic\", new()\n {\n Name = \"glacier-sns-topic\",\n });\n\n var myArchive = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"add-read-only-perm\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\",\n },\n Resources = new[]\n {\n \"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\",\n },\n },\n },\n });\n\n var myArchiveVault = new Aws.Glacier.Vault(\"my_archive\", new()\n {\n Name = \"MyArchive\",\n Notification = new Aws.Glacier.Inputs.VaultNotificationArgs\n {\n SnsTopic = awsSnsTopic.Arn,\n Events = new[]\n {\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n },\n },\n AccessPolicy = myArchive.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Test\", \"MyArchive\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glacier\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tawsSnsTopic, err := sns.NewTopic(ctx, \"aws_sns_topic\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"glacier-sns-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyArchive, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"add-read-only-perm\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"glacier:InitiateJob\",\n\t\t\t\t\t\t\"glacier:GetJobOutput\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glacier.NewVault(ctx, \"my_archive\", \u0026glacier.VaultArgs{\n\t\t\tName: pulumi.String(\"MyArchive\"),\n\t\t\tNotification: \u0026glacier.VaultNotificationArgs{\n\t\t\t\tSnsTopic: awsSnsTopic.Arn,\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ArchiveRetrievalCompleted\"),\n\t\t\t\t\tpulumi.String(\"InventoryRetrievalCompleted\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAccessPolicy: pulumi.String(myArchive.Json),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Test\": pulumi.String(\"MyArchive\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.glacier.Vault;\nimport com.pulumi.aws.glacier.VaultArgs;\nimport com.pulumi.aws.glacier.inputs.VaultNotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var awsSnsTopic = new Topic(\"awsSnsTopic\", TopicArgs.builder() \n .name(\"glacier-sns-topic\")\n .build());\n\n final var myArchive = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"add-read-only-perm\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions( \n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\")\n .resources(\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\")\n .build())\n .build());\n\n var myArchiveVault = new Vault(\"myArchiveVault\", VaultArgs.builder() \n .name(\"MyArchive\")\n .notification(VaultNotificationArgs.builder()\n .snsTopic(awsSnsTopic.arn())\n .events( \n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\")\n .build())\n .accessPolicy(myArchive.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Test\", \"MyArchive\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n awsSnsTopic:\n type: aws:sns:Topic\n name: aws_sns_topic\n properties:\n name: glacier-sns-topic\n myArchiveVault:\n type: aws:glacier:Vault\n name: my_archive\n properties:\n name: MyArchive\n notification:\n snsTopic: ${awsSnsTopic.arn}\n events:\n - ArchiveRetrievalCompleted\n - InventoryRetrievalCompleted\n accessPolicy: ${myArchive.json}\n tags:\n Test: MyArchive\nvariables:\n myArchive:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: add-read-only-perm\n effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - glacier:InitiateJob\n - glacier:GetJobOutput\n resources:\n - arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Glacier Vaults using the `name`. For example:\n\n```sh\n$ pulumi import aws:glacier/vault:Vault archive my_archive\n```\n", "properties": { "accessPolicy": { "type": "string", @@ -247451,7 +247451,7 @@ } }, "aws:glue/devEndpoint:DevEndpoint": { - "description": "Provides a Glue Development Endpoint resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"glue.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"AWSGlueServiceRole-foo\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst exampleDevEndpoint = new aws.glue.DevEndpoint(\"example\", {\n name: \"foo\",\n roleArn: exampleRole.arn,\n});\nconst example_AWSGlueServiceRole = new aws.iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n role: exampleRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"glue.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"AWSGlueServiceRole-foo\",\n assume_role_policy=example.json)\nexample_dev_endpoint = aws.glue.DevEndpoint(\"example\",\n name=\"foo\",\n role_arn=example_role.arn)\nexample__aws_glue_service_role = aws.iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n role=example_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"glue.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"AWSGlueServiceRole-foo\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDevEndpoint = new Aws.Glue.DevEndpoint(\"example\", new()\n {\n Name = \"foo\",\n RoleArn = exampleRole.Arn,\n });\n\n var example_AWSGlueServiceRole = new Aws.Iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n Role = exampleRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"glue.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"AWSGlueServiceRole-foo\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewDevEndpoint(ctx, \"example\", \u0026glue.DevEndpointArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tRoleArn: exampleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AWSGlueServiceRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.glue.DevEndpoint;\nimport com.pulumi.aws.glue.DevEndpointArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"glue.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"AWSGlueServiceRole-foo\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDevEndpoint = new DevEndpoint(\"exampleDevEndpoint\", DevEndpointArgs.builder() \n .name(\"foo\")\n .roleArn(exampleRole.arn())\n .build());\n\n var example_AWSGlueServiceRole = new RolePolicyAttachment(\"example-AWSGlueServiceRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\")\n .role(exampleRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDevEndpoint:\n type: aws:glue:DevEndpoint\n name: example\n properties:\n name: foo\n roleArn: ${exampleRole.arn}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: AWSGlueServiceRole-foo\n assumeRolePolicy: ${example.json}\n example-AWSGlueServiceRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\n role: ${exampleRole.name}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - glue.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import a Glue Development Endpoint using the `name`. For example:\n\n```sh\n$ pulumi import aws:glue/devEndpoint:DevEndpoint example foo\n```\n", + "description": "Provides a Glue Development Endpoint resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"glue.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"AWSGlueServiceRole-foo\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst exampleDevEndpoint = new aws.glue.DevEndpoint(\"example\", {\n name: \"foo\",\n roleArn: exampleRole.arn,\n});\nconst example_AWSGlueServiceRole = new aws.iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n role: exampleRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"glue.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"AWSGlueServiceRole-foo\",\n assume_role_policy=example.json)\nexample_dev_endpoint = aws.glue.DevEndpoint(\"example\",\n name=\"foo\",\n role_arn=example_role.arn)\nexample__aws_glue_service_role = aws.iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n role=example_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"glue.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"AWSGlueServiceRole-foo\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDevEndpoint = new Aws.Glue.DevEndpoint(\"example\", new()\n {\n Name = \"foo\",\n RoleArn = exampleRole.Arn,\n });\n\n var example_AWSGlueServiceRole = new Aws.Iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n Role = exampleRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"glue.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"AWSGlueServiceRole-foo\"),\n\t\t\tAssumeRolePolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewDevEndpoint(ctx, \"example\", \u0026glue.DevEndpointArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tRoleArn: exampleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AWSGlueServiceRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.glue.DevEndpoint;\nimport com.pulumi.aws.glue.DevEndpointArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"glue.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"AWSGlueServiceRole-foo\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDevEndpoint = new DevEndpoint(\"exampleDevEndpoint\", DevEndpointArgs.builder() \n .name(\"foo\")\n .roleArn(exampleRole.arn())\n .build());\n\n var example_AWSGlueServiceRole = new RolePolicyAttachment(\"example-AWSGlueServiceRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\")\n .role(exampleRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDevEndpoint:\n type: aws:glue:DevEndpoint\n name: example\n properties:\n name: foo\n roleArn: ${exampleRole.arn}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: AWSGlueServiceRole-foo\n assumeRolePolicy: ${example.json}\n example-AWSGlueServiceRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\n role: ${exampleRole.name}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - glue.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import a Glue Development Endpoint using the `name`. For example:\n\n```sh\n$ pulumi import aws:glue/devEndpoint:DevEndpoint example foo\n```\n", "properties": { "arguments": { "type": "object", @@ -248685,7 +248685,7 @@ } }, "aws:glue/resourcePolicy:ResourcePolicy": { - "description": "Provides a Glue resource policy. Only one can exist per region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst glue-example-policy = Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"glue:CreateTable\"],\n resources: [`arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*`],\n principals: [{\n identifiers: [\"*\"],\n type: \"AWS\",\n }],\n }],\n}));\nconst example = new aws.glue.ResourcePolicy(\"example\", {policy: glue_example_policy.then(glue_example_policy =\u003e glue_example_policy.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nglue_example_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"glue:CreateTable\"],\n resources=[f\"arn:{current_get_partition.partition}:glue:{current_get_region.name}:{current.account_id}:*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"*\"],\n type=\"AWS\",\n )],\n)])\nexample = aws.glue.ResourcePolicy(\"example\", policy=glue_example_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var glue_example_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"glue:CreateTable\",\n },\n Resources = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:glue:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"*\",\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var example = new Aws.Glue.ResourcePolicy(\"example\", new()\n {\n Policy = glue_example_policy.Apply(glue_example_policy =\u003e glue_example_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tglue_example_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"glue:CreateTable\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:%v:glue:%v:%v:*\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewResourcePolicy(ctx, \"example\", \u0026glue.ResourcePolicyArgs{\n\t\t\tPolicy: *pulumi.String(glue_example_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.glue.ResourcePolicy;\nimport com.pulumi.aws.glue.ResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n final var glue-example-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"glue:CreateTable\")\n .resources(String.format(\"arn:%s:glue:%s:%s:*\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"*\")\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var example = new ResourcePolicy(\"example\", ResourcePolicyArgs.builder() \n .policy(glue_example_policy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:ResourcePolicy\n properties:\n policy: ${[\"glue-example-policy\"].json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetPartition:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n glue-example-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - glue:CreateTable\n resources:\n - arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*\n principals:\n - identifiers:\n - '*'\n type: AWS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Glue Resource Policy using the account ID. For example:\n\n```sh\n$ pulumi import aws:glue/resourcePolicy:ResourcePolicy Test 12356789012\n```\n", + "description": "Provides a Glue resource policy. Only one can exist per region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst glue-example-policy = Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"glue:CreateTable\"],\n resources: [`arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*`],\n principals: [{\n identifiers: [\"*\"],\n type: \"AWS\",\n }],\n }],\n}));\nconst example = new aws.glue.ResourcePolicy(\"example\", {policy: glue_example_policy.then(glue_example_policy =\u003e glue_example_policy.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nglue_example_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"glue:CreateTable\"],\n resources=[f\"arn:{current_get_partition.partition}:glue:{current_get_region.name}:{current.account_id}:*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"*\"],\n type=\"AWS\",\n )],\n)])\nexample = aws.glue.ResourcePolicy(\"example\", policy=glue_example_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var glue_example_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"glue:CreateTable\",\n },\n Resources = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:glue:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"*\",\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var example = new Aws.Glue.ResourcePolicy(\"example\", new()\n {\n Policy = glue_example_policy.Apply(glue_example_policy =\u003e glue_example_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tglue_example_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"glue:CreateTable\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:%v:glue:%v:%v:*\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewResourcePolicy(ctx, \"example\", \u0026glue.ResourcePolicyArgs{\n\t\t\tPolicy: pulumi.String(glue_example_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.glue.ResourcePolicy;\nimport com.pulumi.aws.glue.ResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n final var glue-example-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"glue:CreateTable\")\n .resources(String.format(\"arn:%s:glue:%s:%s:*\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"*\")\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var example = new ResourcePolicy(\"example\", ResourcePolicyArgs.builder() \n .policy(glue_example_policy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:ResourcePolicy\n properties:\n policy: ${[\"glue-example-policy\"].json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetPartition:\n fn::invoke:\n Function: aws:getPartition\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n glue-example-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - glue:CreateTable\n resources:\n - arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*\n principals:\n - identifiers:\n - '*'\n type: AWS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Glue Resource Policy using the account ID. For example:\n\n```sh\n$ pulumi import aws:glue/resourcePolicy:ResourcePolicy Test 12356789012\n```\n", "properties": { "enableHybrid": { "type": "string", @@ -251054,7 +251054,7 @@ } }, "aws:guardduty/publishingDestination:PublishingDestination": { - "description": "Provides a resource to manage a GuardDuty PublishingDestination. Requires an existing GuardDuty Detector.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetRegion = aws.getRegion({});\nconst gdBucket = new aws.s3.BucketV2(\"gd_bucket\", {\n bucket: \"example\",\n forceDestroy: true,\n});\nconst bucketPol = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n sid: \"Allow PutObject\",\n actions: [\"s3:PutObject\"],\n resources: [pulumi.interpolate`${gdBucket.arn}/*`],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n {\n sid: \"Allow GetBucketLocation\",\n actions: [\"s3:GetBucketLocation\"],\n resources: [gdBucket.arn],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n ],\n});\nconst kmsPol = Promise.all([currentGetRegion, current, currentGetRegion, current, current]).then(([currentGetRegion, current, currentGetRegion1, current1, current2]) =\u003e aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"Allow GuardDuty to encrypt findings\",\n actions: [\"kms:GenerateDataKey\"],\n resources: [`arn:aws:kms:${currentGetRegion.name}:${current.accountId}:key/*`],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n {\n sid: \"Allow all users to modify/delete key (test only)\",\n actions: [\"kms:*\"],\n resources: [`arn:aws:kms:${currentGetRegion1.name}:${current1.accountId}:key/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current2.accountId}:root`],\n }],\n },\n ],\n}));\nconst testGd = new aws.guardduty.Detector(\"test_gd\", {enable: true});\nconst gdBucketAcl = new aws.s3.BucketAclV2(\"gd_bucket_acl\", {\n bucket: gdBucket.id,\n acl: \"private\",\n});\nconst gdBucketPolicy = new aws.s3.BucketPolicy(\"gd_bucket_policy\", {\n bucket: gdBucket.id,\n policy: bucketPol.apply(bucketPol =\u003e bucketPol.json),\n});\nconst gdKey = new aws.kms.Key(\"gd_key\", {\n description: \"Temporary key for AccTest of TF\",\n deletionWindowInDays: 7,\n policy: kmsPol.then(kmsPol =\u003e kmsPol.json),\n});\nconst test = new aws.guardduty.PublishingDestination(\"test\", {\n detectorId: testGd.id,\n destinationArn: gdBucket.arn,\n kmsKeyArn: gdKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_region = aws.get_region()\ngd_bucket = aws.s3.BucketV2(\"gd_bucket\",\n bucket=\"example\",\n force_destroy=True)\nbucket_pol = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow PutObject\",\n actions=[\"s3:PutObject\"],\n resources=[gd_bucket.arn.apply(lambda arn: f\"{arn}/*\")],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow GetBucketLocation\",\n actions=[\"s3:GetBucketLocation\"],\n resources=[gd_bucket.arn],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n])\nkms_pol = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow GuardDuty to encrypt findings\",\n actions=[\"kms:GenerateDataKey\"],\n resources=[f\"arn:aws:kms:{current_get_region.name}:{current.account_id}:key/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow all users to modify/delete key (test only)\",\n actions=[\"kms:*\"],\n resources=[f\"arn:aws:kms:{current_get_region.name}:{current.account_id}:key/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n ),\n])\ntest_gd = aws.guardduty.Detector(\"test_gd\", enable=True)\ngd_bucket_acl = aws.s3.BucketAclV2(\"gd_bucket_acl\",\n bucket=gd_bucket.id,\n acl=\"private\")\ngd_bucket_policy = aws.s3.BucketPolicy(\"gd_bucket_policy\",\n bucket=gd_bucket.id,\n policy=bucket_pol.json)\ngd_key = aws.kms.Key(\"gd_key\",\n description=\"Temporary key for AccTest of TF\",\n deletion_window_in_days=7,\n policy=kms_pol.json)\ntest = aws.guardduty.PublishingDestination(\"test\",\n detector_id=test_gd.id,\n destination_arn=gd_bucket.arn,\n kms_key_arn=gd_key.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var gdBucket = new Aws.S3.BucketV2(\"gd_bucket\", new()\n {\n Bucket = \"example\",\n ForceDestroy = true,\n });\n\n var bucketPol = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow PutObject\",\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{gdBucket.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow GetBucketLocation\",\n Actions = new[]\n {\n \"s3:GetBucketLocation\",\n },\n Resources = new[]\n {\n gdBucket.Arn,\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var kmsPol = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow GuardDuty to encrypt findings\",\n Actions = new[]\n {\n \"kms:GenerateDataKey\",\n },\n Resources = new[]\n {\n $\"arn:aws:kms:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:key/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow all users to modify/delete key (test only)\",\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:kms:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:key/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n },\n },\n });\n\n var testGd = new Aws.GuardDuty.Detector(\"test_gd\", new()\n {\n Enable = true,\n });\n\n var gdBucketAcl = new Aws.S3.BucketAclV2(\"gd_bucket_acl\", new()\n {\n Bucket = gdBucket.Id,\n Acl = \"private\",\n });\n\n var gdBucketPolicy = new Aws.S3.BucketPolicy(\"gd_bucket_policy\", new()\n {\n Bucket = gdBucket.Id,\n Policy = bucketPol.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var gdKey = new Aws.Kms.Key(\"gd_key\", new()\n {\n Description = \"Temporary key for AccTest of TF\",\n DeletionWindowInDays = 7,\n Policy = kmsPol.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test = new Aws.GuardDuty.PublishingDestination(\"test\", new()\n {\n DetectorId = testGd.Id,\n DestinationArn = gdBucket.Arn,\n KmsKeyArn = gdKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgdBucket, err := s3.NewBucketV2(ctx, \"gd_bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucketPol := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"Allow PutObject\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tgdBucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"guardduty.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"Allow GetBucketLocation\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketLocation\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tgdBucket.Arn,\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"guardduty.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tkmsPol, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Allow GuardDuty to encrypt findings\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:GenerateDataKey\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:kms:%v:%v:key/*\", currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"guardduty.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Allow all users to modify/delete key (test only)\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:kms:%v:%v:key/*\", currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestGd, err := guardduty.NewDetector(ctx, \"test_gd\", \u0026guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"gd_bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: gdBucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPolicy(ctx, \"gd_bucket_policy\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: gdBucket.ID(),\n\t\t\tPolicy: bucketPol.ApplyT(func(bucketPol iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026bucketPol.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgdKey, err := kms.NewKey(ctx, \"gd_key\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Temporary key for AccTest of TF\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: *pulumi.String(kmsPol.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewPublishingDestination(ctx, \"test\", \u0026guardduty.PublishingDestinationArgs{\n\t\t\tDetectorId: testGd.ID(),\n\t\t\tDestinationArn: gdBucket.Arn,\n\t\t\tKmsKeyArn: gdKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.guardduty.Detector;\nimport com.pulumi.aws.guardduty.DetectorArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.guardduty.PublishingDestination;\nimport com.pulumi.aws.guardduty.PublishingDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var gdBucket = new BucketV2(\"gdBucket\", BucketV2Args.builder() \n .bucket(\"example\")\n .forceDestroy(true)\n .build());\n\n final var bucketPol = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow PutObject\")\n .actions(\"s3:PutObject\")\n .resources(gdBucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"guardduty.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow GetBucketLocation\")\n .actions(\"s3:GetBucketLocation\")\n .resources(gdBucket.arn())\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"guardduty.amazonaws.com\")\n .build())\n .build())\n .build());\n\n final var kmsPol = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow GuardDuty to encrypt findings\")\n .actions(\"kms:GenerateDataKey\")\n .resources(String.format(\"arn:aws:kms:%s:%s:key/*\", currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"guardduty.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow all users to modify/delete key (test only)\")\n .actions(\"kms:*\")\n .resources(String.format(\"arn:aws:kms:%s:%s:key/*\", currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .build())\n .build());\n\n var testGd = new Detector(\"testGd\", DetectorArgs.builder() \n .enable(true)\n .build());\n\n var gdBucketAcl = new BucketAclV2(\"gdBucketAcl\", BucketAclV2Args.builder() \n .bucket(gdBucket.id())\n .acl(\"private\")\n .build());\n\n var gdBucketPolicy = new BucketPolicy(\"gdBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(gdBucket.id())\n .policy(bucketPol.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(bucketPol -\u003e bucketPol.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var gdKey = new Key(\"gdKey\", KeyArgs.builder() \n .description(\"Temporary key for AccTest of TF\")\n .deletionWindowInDays(7)\n .policy(kmsPol.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var test = new PublishingDestination(\"test\", PublishingDestinationArgs.builder() \n .detectorId(testGd.id())\n .destinationArn(gdBucket.arn())\n .kmsKeyArn(gdKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testGd:\n type: aws:guardduty:Detector\n name: test_gd\n properties:\n enable: true\n gdBucket:\n type: aws:s3:BucketV2\n name: gd_bucket\n properties:\n bucket: example\n forceDestroy: true\n gdBucketAcl:\n type: aws:s3:BucketAclV2\n name: gd_bucket_acl\n properties:\n bucket: ${gdBucket.id}\n acl: private\n gdBucketPolicy:\n type: aws:s3:BucketPolicy\n name: gd_bucket_policy\n properties:\n bucket: ${gdBucket.id}\n policy: ${bucketPol.json}\n gdKey:\n type: aws:kms:Key\n name: gd_key\n properties:\n description: Temporary key for AccTest of TF\n deletionWindowInDays: 7\n policy: ${kmsPol.json}\n test:\n type: aws:guardduty:PublishingDestination\n properties:\n detectorId: ${testGd.id}\n destinationArn: ${gdBucket.arn}\n kmsKeyArn: ${gdKey.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n bucketPol:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Allow PutObject\n actions:\n - s3:PutObject\n resources:\n - ${gdBucket.arn}/*\n principals:\n - type: Service\n identifiers:\n - guardduty.amazonaws.com\n - sid: Allow GetBucketLocation\n actions:\n - s3:GetBucketLocation\n resources:\n - ${gdBucket.arn}\n principals:\n - type: Service\n identifiers:\n - guardduty.amazonaws.com\n kmsPol:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Allow GuardDuty to encrypt findings\n actions:\n - kms:GenerateDataKey\n resources:\n - arn:aws:kms:${currentGetRegion.name}:${current.accountId}:key/*\n principals:\n - type: Service\n identifiers:\n - guardduty.amazonaws.com\n - sid: Allow all users to modify/delete key (test only)\n actions:\n - kms:*\n resources:\n - arn:aws:kms:${currentGetRegion.name}:${current.accountId}:key/*\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Note:** Please do not use this simple example for Bucket-Policy and KMS Key Policy in a production environment. It is much too open for such a use-case. Refer to the AWS documentation here: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html\n\n## Import\n\nUsing `pulumi import`, import GuardDuty PublishingDestination using the master GuardDuty detector ID and PublishingDestinationID. For example:\n\n```sh\n$ pulumi import aws:guardduty/publishingDestination:PublishingDestination test a4b86f26fa42e7e7cf0d1c333ea77777:a4b86f27a0e464e4a7e0516d242f1234\n```\n", + "description": "Provides a resource to manage a GuardDuty PublishingDestination. Requires an existing GuardDuty Detector.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetRegion = aws.getRegion({});\nconst gdBucket = new aws.s3.BucketV2(\"gd_bucket\", {\n bucket: \"example\",\n forceDestroy: true,\n});\nconst bucketPol = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n sid: \"Allow PutObject\",\n actions: [\"s3:PutObject\"],\n resources: [pulumi.interpolate`${gdBucket.arn}/*`],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n {\n sid: \"Allow GetBucketLocation\",\n actions: [\"s3:GetBucketLocation\"],\n resources: [gdBucket.arn],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n ],\n});\nconst kmsPol = Promise.all([currentGetRegion, current, currentGetRegion, current, current]).then(([currentGetRegion, current, currentGetRegion1, current1, current2]) =\u003e aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"Allow GuardDuty to encrypt findings\",\n actions: [\"kms:GenerateDataKey\"],\n resources: [`arn:aws:kms:${currentGetRegion.name}:${current.accountId}:key/*`],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n {\n sid: \"Allow all users to modify/delete key (test only)\",\n actions: [\"kms:*\"],\n resources: [`arn:aws:kms:${currentGetRegion1.name}:${current1.accountId}:key/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current2.accountId}:root`],\n }],\n },\n ],\n}));\nconst testGd = new aws.guardduty.Detector(\"test_gd\", {enable: true});\nconst gdBucketAcl = new aws.s3.BucketAclV2(\"gd_bucket_acl\", {\n bucket: gdBucket.id,\n acl: \"private\",\n});\nconst gdBucketPolicy = new aws.s3.BucketPolicy(\"gd_bucket_policy\", {\n bucket: gdBucket.id,\n policy: bucketPol.apply(bucketPol =\u003e bucketPol.json),\n});\nconst gdKey = new aws.kms.Key(\"gd_key\", {\n description: \"Temporary key for AccTest of TF\",\n deletionWindowInDays: 7,\n policy: kmsPol.then(kmsPol =\u003e kmsPol.json),\n});\nconst test = new aws.guardduty.PublishingDestination(\"test\", {\n detectorId: testGd.id,\n destinationArn: gdBucket.arn,\n kmsKeyArn: gdKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_region = aws.get_region()\ngd_bucket = aws.s3.BucketV2(\"gd_bucket\",\n bucket=\"example\",\n force_destroy=True)\nbucket_pol = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow PutObject\",\n actions=[\"s3:PutObject\"],\n resources=[gd_bucket.arn.apply(lambda arn: f\"{arn}/*\")],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow GetBucketLocation\",\n actions=[\"s3:GetBucketLocation\"],\n resources=[gd_bucket.arn],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n])\nkms_pol = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow GuardDuty to encrypt findings\",\n actions=[\"kms:GenerateDataKey\"],\n resources=[f\"arn:aws:kms:{current_get_region.name}:{current.account_id}:key/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow all users to modify/delete key (test only)\",\n actions=[\"kms:*\"],\n resources=[f\"arn:aws:kms:{current_get_region.name}:{current.account_id}:key/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n ),\n])\ntest_gd = aws.guardduty.Detector(\"test_gd\", enable=True)\ngd_bucket_acl = aws.s3.BucketAclV2(\"gd_bucket_acl\",\n bucket=gd_bucket.id,\n acl=\"private\")\ngd_bucket_policy = aws.s3.BucketPolicy(\"gd_bucket_policy\",\n bucket=gd_bucket.id,\n policy=bucket_pol.json)\ngd_key = aws.kms.Key(\"gd_key\",\n description=\"Temporary key for AccTest of TF\",\n deletion_window_in_days=7,\n policy=kms_pol.json)\ntest = aws.guardduty.PublishingDestination(\"test\",\n detector_id=test_gd.id,\n destination_arn=gd_bucket.arn,\n kms_key_arn=gd_key.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var gdBucket = new Aws.S3.BucketV2(\"gd_bucket\", new()\n {\n Bucket = \"example\",\n ForceDestroy = true,\n });\n\n var bucketPol = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow PutObject\",\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{gdBucket.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow GetBucketLocation\",\n Actions = new[]\n {\n \"s3:GetBucketLocation\",\n },\n Resources = new[]\n {\n gdBucket.Arn,\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var kmsPol = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow GuardDuty to encrypt findings\",\n Actions = new[]\n {\n \"kms:GenerateDataKey\",\n },\n Resources = new[]\n {\n $\"arn:aws:kms:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:key/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Allow all users to modify/delete key (test only)\",\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:kms:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:key/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n },\n },\n });\n\n var testGd = new Aws.GuardDuty.Detector(\"test_gd\", new()\n {\n Enable = true,\n });\n\n var gdBucketAcl = new Aws.S3.BucketAclV2(\"gd_bucket_acl\", new()\n {\n Bucket = gdBucket.Id,\n Acl = \"private\",\n });\n\n var gdBucketPolicy = new Aws.S3.BucketPolicy(\"gd_bucket_policy\", new()\n {\n Bucket = gdBucket.Id,\n Policy = bucketPol.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var gdKey = new Aws.Kms.Key(\"gd_key\", new()\n {\n Description = \"Temporary key for AccTest of TF\",\n DeletionWindowInDays = 7,\n Policy = kmsPol.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test = new Aws.GuardDuty.PublishingDestination(\"test\", new()\n {\n DetectorId = testGd.Id,\n DestinationArn = gdBucket.Arn,\n KmsKeyArn = gdKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgdBucket, err := s3.NewBucketV2(ctx, \"gd_bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucketPol := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"Allow PutObject\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tgdBucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"guardduty.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"Allow GetBucketLocation\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketLocation\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tgdBucket.Arn,\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"guardduty.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tkmsPol, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Allow GuardDuty to encrypt findings\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:GenerateDataKey\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:kms:%v:%v:key/*\", currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"guardduty.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Allow all users to modify/delete key (test only)\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:kms:%v:%v:key/*\", currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestGd, err := guardduty.NewDetector(ctx, \"test_gd\", \u0026guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"gd_bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: gdBucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPolicy(ctx, \"gd_bucket_policy\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: gdBucket.ID(),\n\t\t\tPolicy: bucketPol.ApplyT(func(bucketPol iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026bucketPol.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgdKey, err := kms.NewKey(ctx, \"gd_key\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Temporary key for AccTest of TF\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: pulumi.String(kmsPol.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewPublishingDestination(ctx, \"test\", \u0026guardduty.PublishingDestinationArgs{\n\t\t\tDetectorId: testGd.ID(),\n\t\t\tDestinationArn: gdBucket.Arn,\n\t\t\tKmsKeyArn: gdKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.guardduty.Detector;\nimport com.pulumi.aws.guardduty.DetectorArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.guardduty.PublishingDestination;\nimport com.pulumi.aws.guardduty.PublishingDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var gdBucket = new BucketV2(\"gdBucket\", BucketV2Args.builder() \n .bucket(\"example\")\n .forceDestroy(true)\n .build());\n\n final var bucketPol = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow PutObject\")\n .actions(\"s3:PutObject\")\n .resources(gdBucket.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"guardduty.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow GetBucketLocation\")\n .actions(\"s3:GetBucketLocation\")\n .resources(gdBucket.arn())\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"guardduty.amazonaws.com\")\n .build())\n .build())\n .build());\n\n final var kmsPol = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow GuardDuty to encrypt findings\")\n .actions(\"kms:GenerateDataKey\")\n .resources(String.format(\"arn:aws:kms:%s:%s:key/*\", currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"guardduty.amazonaws.com\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"Allow all users to modify/delete key (test only)\")\n .actions(\"kms:*\")\n .resources(String.format(\"arn:aws:kms:%s:%s:key/*\", currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .build())\n .build());\n\n var testGd = new Detector(\"testGd\", DetectorArgs.builder() \n .enable(true)\n .build());\n\n var gdBucketAcl = new BucketAclV2(\"gdBucketAcl\", BucketAclV2Args.builder() \n .bucket(gdBucket.id())\n .acl(\"private\")\n .build());\n\n var gdBucketPolicy = new BucketPolicy(\"gdBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(gdBucket.id())\n .policy(bucketPol.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(bucketPol -\u003e bucketPol.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var gdKey = new Key(\"gdKey\", KeyArgs.builder() \n .description(\"Temporary key for AccTest of TF\")\n .deletionWindowInDays(7)\n .policy(kmsPol.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var test = new PublishingDestination(\"test\", PublishingDestinationArgs.builder() \n .detectorId(testGd.id())\n .destinationArn(gdBucket.arn())\n .kmsKeyArn(gdKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testGd:\n type: aws:guardduty:Detector\n name: test_gd\n properties:\n enable: true\n gdBucket:\n type: aws:s3:BucketV2\n name: gd_bucket\n properties:\n bucket: example\n forceDestroy: true\n gdBucketAcl:\n type: aws:s3:BucketAclV2\n name: gd_bucket_acl\n properties:\n bucket: ${gdBucket.id}\n acl: private\n gdBucketPolicy:\n type: aws:s3:BucketPolicy\n name: gd_bucket_policy\n properties:\n bucket: ${gdBucket.id}\n policy: ${bucketPol.json}\n gdKey:\n type: aws:kms:Key\n name: gd_key\n properties:\n description: Temporary key for AccTest of TF\n deletionWindowInDays: 7\n policy: ${kmsPol.json}\n test:\n type: aws:guardduty:PublishingDestination\n properties:\n detectorId: ${testGd.id}\n destinationArn: ${gdBucket.arn}\n kmsKeyArn: ${gdKey.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n bucketPol:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Allow PutObject\n actions:\n - s3:PutObject\n resources:\n - ${gdBucket.arn}/*\n principals:\n - type: Service\n identifiers:\n - guardduty.amazonaws.com\n - sid: Allow GetBucketLocation\n actions:\n - s3:GetBucketLocation\n resources:\n - ${gdBucket.arn}\n principals:\n - type: Service\n identifiers:\n - guardduty.amazonaws.com\n kmsPol:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Allow GuardDuty to encrypt findings\n actions:\n - kms:GenerateDataKey\n resources:\n - arn:aws:kms:${currentGetRegion.name}:${current.accountId}:key/*\n principals:\n - type: Service\n identifiers:\n - guardduty.amazonaws.com\n - sid: Allow all users to modify/delete key (test only)\n actions:\n - kms:*\n resources:\n - arn:aws:kms:${currentGetRegion.name}:${current.accountId}:key/*\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Note:** Please do not use this simple example for Bucket-Policy and KMS Key Policy in a production environment. It is much too open for such a use-case. Refer to the AWS documentation here: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html\n\n## Import\n\nUsing `pulumi import`, import GuardDuty PublishingDestination using the master GuardDuty detector ID and PublishingDestinationID. For example:\n\n```sh\n$ pulumi import aws:guardduty/publishingDestination:PublishingDestination test a4b86f26fa42e7e7cf0d1c333ea77777:a4b86f27a0e464e4a7e0516d242f1234\n```\n", "properties": { "destinationArn": { "type": "string", @@ -251264,7 +251264,7 @@ } }, "aws:iam/accessKey:AccessKey": { - "description": "Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lbUser = new aws.iam.User(\"lb\", {\n name: \"loadbalancer\",\n path: \"/system/\",\n});\nconst lb = new aws.iam.AccessKey(\"lb\", {\n user: lbUser.name,\n pgpKey: \"keybase:some_person_that_exists\",\n});\nconst lbRo = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst lbRoUserPolicy = new aws.iam.UserPolicy(\"lb_ro\", {\n name: \"test\",\n user: lbUser.name,\n policy: lbRo.then(lbRo =\u003e lbRo.json),\n});\nexport const secret = lb.encryptedSecret;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb_user = aws.iam.User(\"lb\",\n name=\"loadbalancer\",\n path=\"/system/\")\nlb = aws.iam.AccessKey(\"lb\",\n user=lb_user.name,\n pgp_key=\"keybase:some_person_that_exists\")\nlb_ro = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\nlb_ro_user_policy = aws.iam.UserPolicy(\"lb_ro\",\n name=\"test\",\n user=lb_user.name,\n policy=lb_ro.json)\npulumi.export(\"secret\", lb.encrypted_secret)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lbUser = new Aws.Iam.User(\"lb\", new()\n {\n Name = \"loadbalancer\",\n Path = \"/system/\",\n });\n\n var lb = new Aws.Iam.AccessKey(\"lb\", new()\n {\n User = lbUser.Name,\n PgpKey = \"keybase:some_person_that_exists\",\n });\n\n var lbRo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var lbRoUserPolicy = new Aws.Iam.UserPolicy(\"lb_ro\", new()\n {\n Name = \"test\",\n User = lbUser.Name,\n Policy = lbRo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"secret\"] = lb.EncryptedSecret,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlbUser, err := iam.NewUser(ctx, \"lb\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"loadbalancer\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlb, err := iam.NewAccessKey(ctx, \"lb\", \u0026iam.AccessKeyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t\tPgpKey: pulumi.String(\"keybase:some_person_that_exists\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlbRo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserPolicy(ctx, \"lb_ro\", \u0026iam.UserPolicyArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tUser: lbUser.Name,\n\t\t\tPolicy: *pulumi.String(lbRo.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"secret\", lb.EncryptedSecret)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.AccessKey;\nimport com.pulumi.aws.iam.AccessKeyArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.UserPolicy;\nimport com.pulumi.aws.iam.UserPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lbUser = new User(\"lbUser\", UserArgs.builder() \n .name(\"loadbalancer\")\n .path(\"/system/\")\n .build());\n\n var lb = new AccessKey(\"lb\", AccessKeyArgs.builder() \n .user(lbUser.name())\n .pgpKey(\"keybase:some_person_that_exists\")\n .build());\n\n final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var lbRoUserPolicy = new UserPolicy(\"lbRoUserPolicy\", UserPolicyArgs.builder() \n .name(\"test\")\n .user(lbUser.name())\n .policy(lbRo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n ctx.export(\"secret\", lb.encryptedSecret());\n }\n}\n```\n```yaml\nresources:\n lb:\n type: aws:iam:AccessKey\n properties:\n user: ${lbUser.name}\n pgpKey: keybase:some_person_that_exists\n lbUser:\n type: aws:iam:User\n name: lb\n properties:\n name: loadbalancer\n path: /system/\n lbRoUserPolicy:\n type: aws:iam:UserPolicy\n name: lb_ro\n properties:\n name: test\n user: ${lbUser.name}\n policy: ${lbRo.json}\nvariables:\n lbRo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\noutputs:\n secret: ${lb.encryptedSecret}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.iam.User(\"test\", {\n name: \"test\",\n path: \"/test/\",\n});\nconst testAccessKey = new aws.iam.AccessKey(\"test\", {user: test.name});\nexport const awsIamSmtpPasswordV4 = testAccessKey.sesSmtpPasswordV4;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.User(\"test\",\n name=\"test\",\n path=\"/test/\")\ntest_access_key = aws.iam.AccessKey(\"test\", user=test.name)\npulumi.export(\"awsIamSmtpPasswordV4\", test_access_key.ses_smtp_password_v4)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Iam.User(\"test\", new()\n {\n Name = \"test\",\n Path = \"/test/\",\n });\n\n var testAccessKey = new Aws.Iam.AccessKey(\"test\", new()\n {\n User = test.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"awsIamSmtpPasswordV4\"] = testAccessKey.SesSmtpPasswordV4,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := iam.NewUser(ctx, \"test\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tPath: pulumi.String(\"/test/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestAccessKey, err := iam.NewAccessKey(ctx, \"test\", \u0026iam.AccessKeyArgs{\n\t\t\tUser: test.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"awsIamSmtpPasswordV4\", testAccessKey.SesSmtpPasswordV4)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.AccessKey;\nimport com.pulumi.aws.iam.AccessKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new User(\"test\", UserArgs.builder() \n .name(\"test\")\n .path(\"/test/\")\n .build());\n\n var testAccessKey = new AccessKey(\"testAccessKey\", AccessKeyArgs.builder() \n .user(test.name())\n .build());\n\n ctx.export(\"awsIamSmtpPasswordV4\", testAccessKey.sesSmtpPasswordV4());\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:iam:User\n properties:\n name: test\n path: /test/\n testAccessKey:\n type: aws:iam:AccessKey\n name: test\n properties:\n user: ${test.name}\noutputs:\n awsIamSmtpPasswordV4: ${testAccessKey.sesSmtpPasswordV4}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Access Keys using the identifier. For example:\n\n```sh\n$ pulumi import aws:iam/accessKey:AccessKey example AKIA1234567890\n```\nResource attributes such as `encrypted_secret`, `key_fingerprint`, `pgp_key`, `secret`, `ses_smtp_password_v4`, and `encrypted_ses_smtp_password_v4` are not available for imported resources as this information cannot be read from the IAM API.\n\n", + "description": "Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lbUser = new aws.iam.User(\"lb\", {\n name: \"loadbalancer\",\n path: \"/system/\",\n});\nconst lb = new aws.iam.AccessKey(\"lb\", {\n user: lbUser.name,\n pgpKey: \"keybase:some_person_that_exists\",\n});\nconst lbRo = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst lbRoUserPolicy = new aws.iam.UserPolicy(\"lb_ro\", {\n name: \"test\",\n user: lbUser.name,\n policy: lbRo.then(lbRo =\u003e lbRo.json),\n});\nexport const secret = lb.encryptedSecret;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb_user = aws.iam.User(\"lb\",\n name=\"loadbalancer\",\n path=\"/system/\")\nlb = aws.iam.AccessKey(\"lb\",\n user=lb_user.name,\n pgp_key=\"keybase:some_person_that_exists\")\nlb_ro = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\nlb_ro_user_policy = aws.iam.UserPolicy(\"lb_ro\",\n name=\"test\",\n user=lb_user.name,\n policy=lb_ro.json)\npulumi.export(\"secret\", lb.encrypted_secret)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lbUser = new Aws.Iam.User(\"lb\", new()\n {\n Name = \"loadbalancer\",\n Path = \"/system/\",\n });\n\n var lb = new Aws.Iam.AccessKey(\"lb\", new()\n {\n User = lbUser.Name,\n PgpKey = \"keybase:some_person_that_exists\",\n });\n\n var lbRo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var lbRoUserPolicy = new Aws.Iam.UserPolicy(\"lb_ro\", new()\n {\n Name = \"test\",\n User = lbUser.Name,\n Policy = lbRo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"secret\"] = lb.EncryptedSecret,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlbUser, err := iam.NewUser(ctx, \"lb\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"loadbalancer\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlb, err := iam.NewAccessKey(ctx, \"lb\", \u0026iam.AccessKeyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t\tPgpKey: pulumi.String(\"keybase:some_person_that_exists\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlbRo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserPolicy(ctx, \"lb_ro\", \u0026iam.UserPolicyArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tUser: lbUser.Name,\n\t\t\tPolicy: pulumi.String(lbRo.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"secret\", lb.EncryptedSecret)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.AccessKey;\nimport com.pulumi.aws.iam.AccessKeyArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.UserPolicy;\nimport com.pulumi.aws.iam.UserPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lbUser = new User(\"lbUser\", UserArgs.builder() \n .name(\"loadbalancer\")\n .path(\"/system/\")\n .build());\n\n var lb = new AccessKey(\"lb\", AccessKeyArgs.builder() \n .user(lbUser.name())\n .pgpKey(\"keybase:some_person_that_exists\")\n .build());\n\n final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var lbRoUserPolicy = new UserPolicy(\"lbRoUserPolicy\", UserPolicyArgs.builder() \n .name(\"test\")\n .user(lbUser.name())\n .policy(lbRo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n ctx.export(\"secret\", lb.encryptedSecret());\n }\n}\n```\n```yaml\nresources:\n lb:\n type: aws:iam:AccessKey\n properties:\n user: ${lbUser.name}\n pgpKey: keybase:some_person_that_exists\n lbUser:\n type: aws:iam:User\n name: lb\n properties:\n name: loadbalancer\n path: /system/\n lbRoUserPolicy:\n type: aws:iam:UserPolicy\n name: lb_ro\n properties:\n name: test\n user: ${lbUser.name}\n policy: ${lbRo.json}\nvariables:\n lbRo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\noutputs:\n secret: ${lb.encryptedSecret}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.iam.User(\"test\", {\n name: \"test\",\n path: \"/test/\",\n});\nconst testAccessKey = new aws.iam.AccessKey(\"test\", {user: test.name});\nexport const awsIamSmtpPasswordV4 = testAccessKey.sesSmtpPasswordV4;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.iam.User(\"test\",\n name=\"test\",\n path=\"/test/\")\ntest_access_key = aws.iam.AccessKey(\"test\", user=test.name)\npulumi.export(\"awsIamSmtpPasswordV4\", test_access_key.ses_smtp_password_v4)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Iam.User(\"test\", new()\n {\n Name = \"test\",\n Path = \"/test/\",\n });\n\n var testAccessKey = new Aws.Iam.AccessKey(\"test\", new()\n {\n User = test.Name,\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"awsIamSmtpPasswordV4\"] = testAccessKey.SesSmtpPasswordV4,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := iam.NewUser(ctx, \"test\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tPath: pulumi.String(\"/test/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestAccessKey, err := iam.NewAccessKey(ctx, \"test\", \u0026iam.AccessKeyArgs{\n\t\t\tUser: test.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"awsIamSmtpPasswordV4\", testAccessKey.SesSmtpPasswordV4)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.AccessKey;\nimport com.pulumi.aws.iam.AccessKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new User(\"test\", UserArgs.builder() \n .name(\"test\")\n .path(\"/test/\")\n .build());\n\n var testAccessKey = new AccessKey(\"testAccessKey\", AccessKeyArgs.builder() \n .user(test.name())\n .build());\n\n ctx.export(\"awsIamSmtpPasswordV4\", testAccessKey.sesSmtpPasswordV4());\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:iam:User\n properties:\n name: test\n path: /test/\n testAccessKey:\n type: aws:iam:AccessKey\n name: test\n properties:\n user: ${test.name}\noutputs:\n awsIamSmtpPasswordV4: ${testAccessKey.sesSmtpPasswordV4}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Access Keys using the identifier. For example:\n\n```sh\n$ pulumi import aws:iam/accessKey:AccessKey example AKIA1234567890\n```\nResource attributes such as `encrypted_secret`, `key_fingerprint`, `pgp_key`, `secret`, `ses_smtp_password_v4`, and `encrypted_ses_smtp_password_v4` are not available for imported resources as this information cannot be read from the IAM API.\n\n", "properties": { "createDate": { "type": "string", @@ -251862,7 +251862,7 @@ } }, "aws:iam/instanceProfile:InstanceProfile": { - "description": "Provides an IAM instance profile.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"test_role\",\n path: \"/\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testProfile = new aws.iam.InstanceProfile(\"test_profile\", {\n name: \"test_profile\",\n role: role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"test_role\",\n path=\"/\",\n assume_role_policy=assume_role.json)\ntest_profile = aws.iam.InstanceProfile(\"test_profile\",\n name=\"test_profile\",\n role=role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"test_role\",\n Path = \"/\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testProfile = new Aws.Iam.InstanceProfile(\"test_profile\", new()\n {\n Name = \"test_profile\",\n Role = role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewInstanceProfile(ctx, \"test_profile\", \u0026iam.InstanceProfileArgs{\n\t\t\tName: pulumi.String(\"test_profile\"),\n\t\t\tRole: role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.InstanceProfile;\nimport com.pulumi.aws.iam.InstanceProfileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"test_role\")\n .path(\"/\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testProfile = new InstanceProfile(\"testProfile\", InstanceProfileArgs.builder() \n .name(\"test_profile\")\n .role(role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testProfile:\n type: aws:iam:InstanceProfile\n name: test_profile\n properties:\n name: test_profile\n role: ${role.name}\n role:\n type: aws:iam:Role\n properties:\n name: test_role\n path: /\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Instance Profiles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/instanceProfile:InstanceProfile test_profile app-instance-profile-1\n```\n", + "description": "Provides an IAM instance profile.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"test_role\",\n path: \"/\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testProfile = new aws.iam.InstanceProfile(\"test_profile\", {\n name: \"test_profile\",\n role: role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"test_role\",\n path=\"/\",\n assume_role_policy=assume_role.json)\ntest_profile = aws.iam.InstanceProfile(\"test_profile\",\n name=\"test_profile\",\n role=role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"test_role\",\n Path = \"/\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testProfile = new Aws.Iam.InstanceProfile(\"test_profile\", new()\n {\n Name = \"test_profile\",\n Role = role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewInstanceProfile(ctx, \"test_profile\", \u0026iam.InstanceProfileArgs{\n\t\t\tName: pulumi.String(\"test_profile\"),\n\t\t\tRole: role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.InstanceProfile;\nimport com.pulumi.aws.iam.InstanceProfileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"test_role\")\n .path(\"/\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testProfile = new InstanceProfile(\"testProfile\", InstanceProfileArgs.builder() \n .name(\"test_profile\")\n .role(role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testProfile:\n type: aws:iam:InstanceProfile\n name: test_profile\n properties:\n name: test_profile\n role: ${role.name}\n role:\n type: aws:iam:Role\n properties:\n name: test_role\n path: /\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Instance Profiles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/instanceProfile:InstanceProfile test_profile app-instance-profile-1\n```\n", "properties": { "arn": { "type": "string", @@ -252322,7 +252322,7 @@ } }, "aws:iam/policyAttachment:PolicyAttachment": { - "description": "Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)\n\n!\u003e **WARNING:** The aws.iam.PolicyAttachment resource creates **exclusive** attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws.iam.PolicyAttachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other resources managed by this provider) will have that attached policy revoked by this resource. Consider `aws.iam.RolePolicyAttachment`, `aws.iam.UserPolicyAttachment`, or `aws.iam.GroupPolicyAttachment` instead. These resources do not enforce exclusive attachment of an IAM policy.\n\n\u003e **NOTE:** The usage of this resource conflicts with the `aws.iam.GroupPolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.UserPolicyAttachment` resources and will permanently show a difference if both are defined.\n\n\u003e **NOTE:** For a given role, this resource is incompatible with using the `aws.iam.Role` resource `managed_policy_arns` argument. When using that argument and this resource, both will attempt to manage the role's managed policy attachments and the provider will show a permanent difference.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst user = new aws.iam.User(\"user\", {name: \"test-user\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"test-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst group = new aws.iam.Group(\"group\", {name: \"test-group\"});\nconst policy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst policyPolicy = new aws.iam.Policy(\"policy\", {\n name: \"test-policy\",\n description: \"A test policy\",\n policy: policy.then(policy =\u003e policy.json),\n});\nconst test_attach = new aws.iam.PolicyAttachment(\"test-attach\", {\n name: \"test-attachment\",\n users: [user.name],\n roles: [role.name],\n groups: [group.name],\n policyArn: policyPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser = aws.iam.User(\"user\", name=\"test-user\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"test-role\",\n assume_role_policy=assume_role.json)\ngroup = aws.iam.Group(\"group\", name=\"test-group\")\npolicy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\npolicy_policy = aws.iam.Policy(\"policy\",\n name=\"test-policy\",\n description=\"A test policy\",\n policy=policy.json)\ntest_attach = aws.iam.PolicyAttachment(\"test-attach\",\n name=\"test-attachment\",\n users=[user.name],\n roles=[role.name],\n groups=[group.name],\n policy_arn=policy_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var user = new Aws.Iam.User(\"user\", new()\n {\n Name = \"test-user\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"test-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var @group = new Aws.Iam.Group(\"group\", new()\n {\n Name = \"test-group\",\n });\n\n var policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyPolicy = new Aws.Iam.Policy(\"policy\", new()\n {\n Name = \"test-policy\",\n Description = \"A test policy\",\n PolicyDocument = policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test_attach = new Aws.Iam.PolicyAttachment(\"test-attach\", new()\n {\n Name = \"test-attachment\",\n Users = new[]\n {\n user.Name,\n },\n Roles = new[]\n {\n role.Name,\n },\n Groups = new[]\n {\n @group.Name,\n },\n PolicyArn = policyPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuser, err := iam.NewUser(ctx, \"user\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"test-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := iam.NewGroup(ctx, \"group\", \u0026iam.GroupArgs{\n\t\t\tName: pulumi.String(\"test-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyPolicy, err := iam.NewPolicy(ctx, \"policy\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"test-policy\"),\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: *pulumi.String(policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicyAttachment(ctx, \"test-attach\", \u0026iam.PolicyAttachmentArgs{\n\t\t\tName: pulumi.String(\"test-attachment\"),\n\t\t\tUsers: pulumi.Array{\n\t\t\t\tuser.Name,\n\t\t\t},\n\t\t\tRoles: pulumi.Array{\n\t\t\t\trole.Name,\n\t\t\t},\n\t\t\tGroups: pulumi.Array{\n\t\t\t\tgroup.Name,\n\t\t\t},\n\t\t\tPolicyArn: policyPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Group;\nimport com.pulumi.aws.iam.GroupArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.PolicyAttachment;\nimport com.pulumi.aws.iam.PolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var user = new User(\"user\", UserArgs.builder() \n .name(\"test-user\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"test-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .name(\"test-group\")\n .build());\n\n final var policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var policyPolicy = new Policy(\"policyPolicy\", PolicyArgs.builder() \n .name(\"test-policy\")\n .description(\"A test policy\")\n .policy(policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var test_attach = new PolicyAttachment(\"test-attach\", PolicyAttachmentArgs.builder() \n .name(\"test-attachment\")\n .users(user.name())\n .roles(role.name())\n .groups(group.name())\n .policyArn(policyPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n user:\n type: aws:iam:User\n properties:\n name: test-user\n role:\n type: aws:iam:Role\n properties:\n name: test-role\n assumeRolePolicy: ${assumeRole.json}\n group:\n type: aws:iam:Group\n properties:\n name: test-group\n policyPolicy:\n type: aws:iam:Policy\n name: policy\n properties:\n name: test-policy\n description: A test policy\n policy: ${policy.json}\n test-attach:\n type: aws:iam:PolicyAttachment\n properties:\n name: test-attachment\n users:\n - ${user.name}\n roles:\n - ${role.name}\n groups:\n - ${group.name}\n policyArn: ${policyPolicy.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)\n\n!\u003e **WARNING:** The aws.iam.PolicyAttachment resource creates **exclusive** attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws.iam.PolicyAttachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other resources managed by this provider) will have that attached policy revoked by this resource. Consider `aws.iam.RolePolicyAttachment`, `aws.iam.UserPolicyAttachment`, or `aws.iam.GroupPolicyAttachment` instead. These resources do not enforce exclusive attachment of an IAM policy.\n\n\u003e **NOTE:** The usage of this resource conflicts with the `aws.iam.GroupPolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.UserPolicyAttachment` resources and will permanently show a difference if both are defined.\n\n\u003e **NOTE:** For a given role, this resource is incompatible with using the `aws.iam.Role` resource `managed_policy_arns` argument. When using that argument and this resource, both will attempt to manage the role's managed policy attachments and the provider will show a permanent difference.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst user = new aws.iam.User(\"user\", {name: \"test-user\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"test-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst group = new aws.iam.Group(\"group\", {name: \"test-group\"});\nconst policy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst policyPolicy = new aws.iam.Policy(\"policy\", {\n name: \"test-policy\",\n description: \"A test policy\",\n policy: policy.then(policy =\u003e policy.json),\n});\nconst test_attach = new aws.iam.PolicyAttachment(\"test-attach\", {\n name: \"test-attachment\",\n users: [user.name],\n roles: [role.name],\n groups: [group.name],\n policyArn: policyPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser = aws.iam.User(\"user\", name=\"test-user\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"test-role\",\n assume_role_policy=assume_role.json)\ngroup = aws.iam.Group(\"group\", name=\"test-group\")\npolicy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\npolicy_policy = aws.iam.Policy(\"policy\",\n name=\"test-policy\",\n description=\"A test policy\",\n policy=policy.json)\ntest_attach = aws.iam.PolicyAttachment(\"test-attach\",\n name=\"test-attachment\",\n users=[user.name],\n roles=[role.name],\n groups=[group.name],\n policy_arn=policy_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var user = new Aws.Iam.User(\"user\", new()\n {\n Name = \"test-user\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"test-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var @group = new Aws.Iam.Group(\"group\", new()\n {\n Name = \"test-group\",\n });\n\n var policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyPolicy = new Aws.Iam.Policy(\"policy\", new()\n {\n Name = \"test-policy\",\n Description = \"A test policy\",\n PolicyDocument = policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test_attach = new Aws.Iam.PolicyAttachment(\"test-attach\", new()\n {\n Name = \"test-attachment\",\n Users = new[]\n {\n user.Name,\n },\n Roles = new[]\n {\n role.Name,\n },\n Groups = new[]\n {\n @group.Name,\n },\n PolicyArn = policyPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuser, err := iam.NewUser(ctx, \"user\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"test-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := iam.NewGroup(ctx, \"group\", \u0026iam.GroupArgs{\n\t\t\tName: pulumi.String(\"test-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyPolicy, err := iam.NewPolicy(ctx, \"policy\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"test-policy\"),\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: pulumi.String(policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicyAttachment(ctx, \"test-attach\", \u0026iam.PolicyAttachmentArgs{\n\t\t\tName: pulumi.String(\"test-attachment\"),\n\t\t\tUsers: pulumi.Array{\n\t\t\t\tuser.Name,\n\t\t\t},\n\t\t\tRoles: pulumi.Array{\n\t\t\t\trole.Name,\n\t\t\t},\n\t\t\tGroups: pulumi.Array{\n\t\t\t\tgroup.Name,\n\t\t\t},\n\t\t\tPolicyArn: policyPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Group;\nimport com.pulumi.aws.iam.GroupArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.PolicyAttachment;\nimport com.pulumi.aws.iam.PolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var user = new User(\"user\", UserArgs.builder() \n .name(\"test-user\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"test-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .name(\"test-group\")\n .build());\n\n final var policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var policyPolicy = new Policy(\"policyPolicy\", PolicyArgs.builder() \n .name(\"test-policy\")\n .description(\"A test policy\")\n .policy(policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var test_attach = new PolicyAttachment(\"test-attach\", PolicyAttachmentArgs.builder() \n .name(\"test-attachment\")\n .users(user.name())\n .roles(role.name())\n .groups(group.name())\n .policyArn(policyPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n user:\n type: aws:iam:User\n properties:\n name: test-user\n role:\n type: aws:iam:Role\n properties:\n name: test-role\n assumeRolePolicy: ${assumeRole.json}\n group:\n type: aws:iam:Group\n properties:\n name: test-group\n policyPolicy:\n type: aws:iam:Policy\n name: policy\n properties:\n name: test-policy\n description: A test policy\n policy: ${policy.json}\n test-attach:\n type: aws:iam:PolicyAttachment\n properties:\n name: test-attachment\n users:\n - ${user.name}\n roles:\n - ${role.name}\n groups:\n - ${group.name}\n policyArn: ${policyPolicy.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "groups": { "type": "array", @@ -252490,7 +252490,7 @@ } }, "aws:iam/role:Role": { - "description": "Provides an IAM role.\n\n\u003e **NOTE:** If policies are attached to the role via the `aws.iam.PolicyAttachment` resource and you are modifying the role `name` or `path`, the `force_detach_policies` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.RolePolicyAttachment` resource (recommended) does not have this requirement.\n\n\u003e **NOTE:** If you use this resource's `managed_policy_arns` argument or `inline_policy` configuration blocks, this resource will take over exclusive management of the role's respective policy types (e.g., both policy types if both arguments are used). These arguments are incompatible with other ways of managing a role's policies, such as `aws.iam.PolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.RolePolicy`. If you attempt to manage a role's policies by multiple means, you will get resource cycling and/or errors.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRole = new aws.iam.Role(\"test_role\", {\n name: \"test_role\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest_role = aws.iam.Role(\"test_role\",\n name=\"test_role\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags={\n \"tag-key\": \"tag-value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n Name = \"test_role\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n }),\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test_role\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"ec2.amazonaws.com\")\n ))\n )))\n )))\n .tags(Map.of(\"tag-key\", \"tag-value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n name: test_role\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: ec2.amazonaws.com\n tags:\n tag-key: tag-value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Using Data Source for Assume Role Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instanceAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n }],\n});\nconst instance = new aws.iam.Role(\"instance\", {\n name: \"instance_role\",\n path: \"/system/\",\n assumeRolePolicy: instanceAssumeRolePolicy.then(instanceAssumeRolePolicy =\u003e instanceAssumeRolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n)])\ninstance = aws.iam.Role(\"instance\",\n name=\"instance_role\",\n path=\"/system/\",\n assume_role_policy=instance_assume_role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instanceAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var instance = new Aws.Iam.Role(\"instance\", new()\n {\n Name = \"instance_role\",\n Path = \"/system/\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstanceAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"instance\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"instance_role\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var instanceAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var instance = new Role(\"instance\", RoleArgs.builder() \n .name(\"instance_role\")\n .path(\"/system/\")\n .assumeRolePolicy(instanceAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: aws:iam:Role\n properties:\n name: instance_role\n path: /system/\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\nvariables:\n instanceAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Inline Policies\n\nThis example creates an IAM role with two inline IAM policies. If someone adds another inline policy out-of-band, on the next apply, this provider will remove that policy. If someone deletes these policies out-of-band, this provider will recreate them.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst inlinePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n inlinePolicies: [\n {\n name: \"my_inline_policy\",\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\"ec2:Describe*\"],\n effect: \"Allow\",\n resource: \"*\",\n }],\n }),\n },\n {\n name: \"policy-8675309\",\n policy: inlinePolicy.then(inlinePolicy =\u003e inlinePolicy.json),\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ninline_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n inline_policies=[\n aws.iam.RoleInlinePolicyArgs(\n name=\"my_inline_policy\",\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\"ec2:Describe*\"],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }),\n ),\n aws.iam.RoleInlinePolicyArgs(\n name=\"policy-8675309\",\n policy=inline_policy.json,\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var inlinePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n InlinePolicies = new[]\n {\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"my_inline_policy\",\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = \"*\",\n },\n },\n }),\n },\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"policy-8675309\",\n Policy = inlinePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinlinePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:DescribeAccountAttributes\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"my_inline_policy\"),\n\t\t\t\t\tPolicy: pulumi.String(json0),\n\t\t\t\t},\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"policy-8675309\"),\n\t\t\t\t\tPolicy: *pulumi.String(inlinePolicy.Json),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var inlinePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .inlinePolicies( \n RoleInlinePolicyArgs.builder()\n .name(\"my_inline_policy\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", \"*\")\n )))\n )))\n .build(),\n RoleInlinePolicyArgs.builder()\n .name(\"policy-8675309\")\n .policy(inlinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n inlinePolicies:\n - name: my_inline_policy\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - ec2:Describe*\n effect: Allow\n resource: '*'\n - name: policy-8675309\n policy: ${inlinePolicy.json}\nvariables:\n inlinePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Inline Policies\n\nThis example creates an IAM role with what appears to be empty IAM `inline_policy` argument instead of using `inline_policy` as a configuration block. The result is that if someone were to add an inline policy out-of-band, on the next apply, this provider will remove that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n inlinePolicies: [{}],\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n inline_policies=[aws.iam.RoleInlinePolicyArgs()],\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n InlinePolicies = new[]\n {\n null,\n },\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .inlinePolicies()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n inlinePolicies:\n - {}\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Managed Policies\n\nThis example creates an IAM role and attaches two managed IAM policies. If someone attaches another managed policy out-of-band, on the next apply, this provider will detach that policy. If someone detaches these policies out-of-band, this provider will attach them again.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = new aws.iam.Policy(\"policy_one\", {\n name: \"policy-618033\",\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\"ec2:Describe*\"],\n effect: \"Allow\",\n resource: \"*\",\n }],\n }),\n});\nconst policyTwo = new aws.iam.Policy(\"policy_two\", {\n name: \"policy-381966\",\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n effect: \"Allow\",\n resource: \"*\",\n }],\n }),\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [\n policyOne.arn,\n policyTwo.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.Policy(\"policy_one\",\n name=\"policy-618033\",\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\"ec2:Describe*\"],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }))\npolicy_two = aws.iam.Policy(\"policy_two\",\n name=\"policy-381966\",\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }))\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[\n policy_one.arn,\n policy_two.arn,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = new Aws.Iam.Policy(\"policy_one\", new()\n {\n Name = \"policy-618033\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = \"*\",\n },\n },\n }),\n });\n\n var policyTwo = new Aws.Iam.Policy(\"policy_two\", new()\n {\n Name = \"policy-381966\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = \"*\",\n },\n },\n }),\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[]\n {\n policyOne.Arn,\n policyTwo.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tpolicyOne, err := iam.NewPolicy(ctx, \"policy_one\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-618033\"),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t\t\"s3:HeadBucket\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\tpolicyTwo, err := iam.NewPolicy(ctx, \"policy_two\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-381966\"),\n\t\t\tPolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{\n\t\t\t\tpolicyOne.Arn,\n\t\t\t\tpolicyTwo.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policyOne = new Policy(\"policyOne\", PolicyArgs.builder() \n .name(\"policy-618033\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", \"*\")\n )))\n )))\n .build());\n\n var policyTwo = new Policy(\"policyTwo\", PolicyArgs.builder() \n .name(\"policy-381966\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\n \"s3:ListAllMyBuckets\", \n \"s3:ListBucket\", \n \"s3:HeadBucket\"\n )),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", \"*\")\n )))\n )))\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns( \n policyOne.arn(),\n policyTwo.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns:\n - ${policyOne.arn}\n - ${policyTwo.arn}\n policyOne:\n type: aws:iam:Policy\n name: policy_one\n properties:\n name: policy-618033\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - ec2:Describe*\n effect: Allow\n resource: '*'\n policyTwo:\n type: aws:iam:Policy\n name: policy_two\n properties:\n name: policy-381966\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - s3:ListAllMyBuckets\n - s3:ListBucket\n - s3:HeadBucket\n effect: Allow\n resource: '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Managed Policies\n\nThis example creates an IAM role with an empty `managed_policy_arns` argument. If someone attaches a policy out-of-band, on the next apply, this provider will detach that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Roles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/role:Role developer developer_name\n```\n", + "description": "Provides an IAM role.\n\n\u003e **NOTE:** If policies are attached to the role via the `aws.iam.PolicyAttachment` resource and you are modifying the role `name` or `path`, the `force_detach_policies` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.RolePolicyAttachment` resource (recommended) does not have this requirement.\n\n\u003e **NOTE:** If you use this resource's `managed_policy_arns` argument or `inline_policy` configuration blocks, this resource will take over exclusive management of the role's respective policy types (e.g., both policy types if both arguments are used). These arguments are incompatible with other ways of managing a role's policies, such as `aws.iam.PolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.RolePolicy`. If you attempt to manage a role's policies by multiple means, you will get resource cycling and/or errors.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRole = new aws.iam.Role(\"test_role\", {\n name: \"test_role\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest_role = aws.iam.Role(\"test_role\",\n name=\"test_role\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags={\n \"tag-key\": \"tag-value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n Name = \"test_role\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n }),\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test_role\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"ec2.amazonaws.com\")\n ))\n )))\n )))\n .tags(Map.of(\"tag-key\", \"tag-value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n name: test_role\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: ec2.amazonaws.com\n tags:\n tag-key: tag-value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Using Data Source for Assume Role Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instanceAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n }],\n});\nconst instance = new aws.iam.Role(\"instance\", {\n name: \"instance_role\",\n path: \"/system/\",\n assumeRolePolicy: instanceAssumeRolePolicy.then(instanceAssumeRolePolicy =\u003e instanceAssumeRolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n)])\ninstance = aws.iam.Role(\"instance\",\n name=\"instance_role\",\n path=\"/system/\",\n assume_role_policy=instance_assume_role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instanceAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var instance = new Aws.Iam.Role(\"instance\", new()\n {\n Name = \"instance_role\",\n Path = \"/system/\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstanceAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"instance\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"instance_role\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var instanceAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var instance = new Role(\"instance\", RoleArgs.builder() \n .name(\"instance_role\")\n .path(\"/system/\")\n .assumeRolePolicy(instanceAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: aws:iam:Role\n properties:\n name: instance_role\n path: /system/\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\nvariables:\n instanceAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Inline Policies\n\nThis example creates an IAM role with two inline IAM policies. If someone adds another inline policy out-of-band, on the next apply, this provider will remove that policy. If someone deletes these policies out-of-band, this provider will recreate them.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst inlinePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n inlinePolicies: [\n {\n name: \"my_inline_policy\",\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\"ec2:Describe*\"],\n effect: \"Allow\",\n resource: \"*\",\n }],\n }),\n },\n {\n name: \"policy-8675309\",\n policy: inlinePolicy.then(inlinePolicy =\u003e inlinePolicy.json),\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ninline_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n inline_policies=[\n aws.iam.RoleInlinePolicyArgs(\n name=\"my_inline_policy\",\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\"ec2:Describe*\"],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }),\n ),\n aws.iam.RoleInlinePolicyArgs(\n name=\"policy-8675309\",\n policy=inline_policy.json,\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var inlinePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n InlinePolicies = new[]\n {\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"my_inline_policy\",\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = \"*\",\n },\n },\n }),\n },\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"policy-8675309\",\n Policy = inlinePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinlinePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:DescribeAccountAttributes\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"my_inline_policy\"),\n\t\t\t\t\tPolicy: pulumi.String(json0),\n\t\t\t\t},\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"policy-8675309\"),\n\t\t\t\t\tPolicy: pulumi.String(inlinePolicy.Json),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var inlinePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .inlinePolicies( \n RoleInlinePolicyArgs.builder()\n .name(\"my_inline_policy\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", \"*\")\n )))\n )))\n .build(),\n RoleInlinePolicyArgs.builder()\n .name(\"policy-8675309\")\n .policy(inlinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n inlinePolicies:\n - name: my_inline_policy\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - ec2:Describe*\n effect: Allow\n resource: '*'\n - name: policy-8675309\n policy: ${inlinePolicy.json}\nvariables:\n inlinePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Inline Policies\n\nThis example creates an IAM role with what appears to be empty IAM `inline_policy` argument instead of using `inline_policy` as a configuration block. The result is that if someone were to add an inline policy out-of-band, on the next apply, this provider will remove that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n inlinePolicies: [{}],\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n inline_policies=[aws.iam.RoleInlinePolicyArgs()],\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n InlinePolicies = new[]\n {\n null,\n },\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .inlinePolicies()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n inlinePolicies:\n - {}\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Managed Policies\n\nThis example creates an IAM role and attaches two managed IAM policies. If someone attaches another managed policy out-of-band, on the next apply, this provider will detach that policy. If someone detaches these policies out-of-band, this provider will attach them again.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = new aws.iam.Policy(\"policy_one\", {\n name: \"policy-618033\",\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\"ec2:Describe*\"],\n effect: \"Allow\",\n resource: \"*\",\n }],\n }),\n});\nconst policyTwo = new aws.iam.Policy(\"policy_two\", {\n name: \"policy-381966\",\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n effect: \"Allow\",\n resource: \"*\",\n }],\n }),\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [\n policyOne.arn,\n policyTwo.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.Policy(\"policy_one\",\n name=\"policy-618033\",\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\"ec2:Describe*\"],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }))\npolicy_two = aws.iam.Policy(\"policy_two\",\n name=\"policy-381966\",\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }))\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[\n policy_one.arn,\n policy_two.arn,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = new Aws.Iam.Policy(\"policy_one\", new()\n {\n Name = \"policy-618033\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = \"*\",\n },\n },\n }),\n });\n\n var policyTwo = new Aws.Iam.Policy(\"policy_two\", new()\n {\n Name = \"policy-381966\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = \"*\",\n },\n },\n }),\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[]\n {\n policyOne.Arn,\n policyTwo.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tpolicyOne, err := iam.NewPolicy(ctx, \"policy_one\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-618033\"),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t\t\"s3:HeadBucket\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\tpolicyTwo, err := iam.NewPolicy(ctx, \"policy_two\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-381966\"),\n\t\t\tPolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{\n\t\t\t\tpolicyOne.Arn,\n\t\t\t\tpolicyTwo.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policyOne = new Policy(\"policyOne\", PolicyArgs.builder() \n .name(\"policy-618033\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", \"*\")\n )))\n )))\n .build());\n\n var policyTwo = new Policy(\"policyTwo\", PolicyArgs.builder() \n .name(\"policy-381966\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\n \"s3:ListAllMyBuckets\", \n \"s3:ListBucket\", \n \"s3:HeadBucket\"\n )),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", \"*\")\n )))\n )))\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns( \n policyOne.arn(),\n policyTwo.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns:\n - ${policyOne.arn}\n - ${policyTwo.arn}\n policyOne:\n type: aws:iam:Policy\n name: policy_one\n properties:\n name: policy-618033\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - ec2:Describe*\n effect: Allow\n resource: '*'\n policyTwo:\n type: aws:iam:Policy\n name: policy_two\n properties:\n name: policy-381966\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - s3:ListAllMyBuckets\n - s3:ListBucket\n - s3:HeadBucket\n effect: Allow\n resource: '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Managed Policies\n\nThis example creates an IAM role with an empty `managed_policy_arns` argument. If someone attaches a policy out-of-band, on the next apply, this provider will detach that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Roles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/role:Role developer developer_name\n```\n", "properties": { "arn": { "type": "string", @@ -252850,7 +252850,7 @@ } }, "aws:iam/rolePolicyAttachment:RolePolicyAttachment": { - "description": "Attaches a Managed IAM Policy to an IAM role\n\n\u003e **NOTE:** The usage of this resource conflicts with the `aws.iam.PolicyAttachment` resource and will permanently show a difference if both are defined.\n\n\u003e **NOTE:** For a given role, this resource is incompatible with using the `aws.iam.Role` resource `managed_policy_arns` argument. When using that argument and this resource, both will attempt to manage the role's managed policy attachments and Pulumi will show a permanent difference.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"test-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst policy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst policyPolicy = new aws.iam.Policy(\"policy\", {\n name: \"test-policy\",\n description: \"A test policy\",\n policy: policy.then(policy =\u003e policy.json),\n});\nconst test_attach = new aws.iam.RolePolicyAttachment(\"test-attach\", {\n role: role.name,\n policyArn: policyPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"test-role\",\n assume_role_policy=assume_role.json)\npolicy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\npolicy_policy = aws.iam.Policy(\"policy\",\n name=\"test-policy\",\n description=\"A test policy\",\n policy=policy.json)\ntest_attach = aws.iam.RolePolicyAttachment(\"test-attach\",\n role=role.name,\n policy_arn=policy_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"test-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyPolicy = new Aws.Iam.Policy(\"policy\", new()\n {\n Name = \"test-policy\",\n Description = \"A test policy\",\n PolicyDocument = policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test_attach = new Aws.Iam.RolePolicyAttachment(\"test-attach\", new()\n {\n Role = role.Name,\n PolicyArn = policyPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyPolicy, err := iam.NewPolicy(ctx, \"policy\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"test-policy\"),\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: *pulumi.String(policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"test-attach\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: role.Name,\n\t\t\tPolicyArn: policyPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"test-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var policyPolicy = new Policy(\"policyPolicy\", PolicyArgs.builder() \n .name(\"test-policy\")\n .description(\"A test policy\")\n .policy(policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var test_attach = new RolePolicyAttachment(\"test-attach\", RolePolicyAttachmentArgs.builder() \n .role(role.name())\n .policyArn(policyPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n role:\n type: aws:iam:Role\n properties:\n name: test-role\n assumeRolePolicy: ${assumeRole.json}\n policyPolicy:\n type: aws:iam:Policy\n name: policy\n properties:\n name: test-policy\n description: A test policy\n policy: ${policy.json}\n test-attach:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${role.name}\n policyArn: ${policyPolicy.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM role policy attachments using the role name and policy arn separated by `/`. For example:\n\n```sh\n$ pulumi import aws:iam/rolePolicyAttachment:RolePolicyAttachment test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy\n```\n", + "description": "Attaches a Managed IAM Policy to an IAM role\n\n\u003e **NOTE:** The usage of this resource conflicts with the `aws.iam.PolicyAttachment` resource and will permanently show a difference if both are defined.\n\n\u003e **NOTE:** For a given role, this resource is incompatible with using the `aws.iam.Role` resource `managed_policy_arns` argument. When using that argument and this resource, both will attempt to manage the role's managed policy attachments and Pulumi will show a permanent difference.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {\n name: \"test-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst policy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst policyPolicy = new aws.iam.Policy(\"policy\", {\n name: \"test-policy\",\n description: \"A test policy\",\n policy: policy.then(policy =\u003e policy.json),\n});\nconst test_attach = new aws.iam.RolePolicyAttachment(\"test-attach\", {\n role: role.name,\n policyArn: policyPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\",\n name=\"test-role\",\n assume_role_policy=assume_role.json)\npolicy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\npolicy_policy = aws.iam.Policy(\"policy\",\n name=\"test-policy\",\n description=\"A test policy\",\n policy=policy.json)\ntest_attach = aws.iam.RolePolicyAttachment(\"test-attach\",\n role=role.name,\n policy_arn=policy_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n Name = \"test-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyPolicy = new Aws.Iam.Policy(\"policy\", new()\n {\n Name = \"test-policy\",\n Description = \"A test policy\",\n PolicyDocument = policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test_attach = new Aws.Iam.RolePolicyAttachment(\"test-attach\", new()\n {\n Role = role.Name,\n PolicyArn = policyPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyPolicy, err := iam.NewPolicy(ctx, \"policy\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"test-policy\"),\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: pulumi.String(policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"test-attach\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: role.Name,\n\t\t\tPolicyArn: policyPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .name(\"test-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var policyPolicy = new Policy(\"policyPolicy\", PolicyArgs.builder() \n .name(\"test-policy\")\n .description(\"A test policy\")\n .policy(policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var test_attach = new RolePolicyAttachment(\"test-attach\", RolePolicyAttachmentArgs.builder() \n .role(role.name())\n .policyArn(policyPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n role:\n type: aws:iam:Role\n properties:\n name: test-role\n assumeRolePolicy: ${assumeRole.json}\n policyPolicy:\n type: aws:iam:Policy\n name: policy\n properties:\n name: test-policy\n description: A test policy\n policy: ${policy.json}\n test-attach:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${role.name}\n policyArn: ${policyPolicy.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n actions:\n - sts:AssumeRole\n policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM role policy attachments using the role name and policy arn separated by `/`. For example:\n\n```sh\n$ pulumi import aws:iam/rolePolicyAttachment:RolePolicyAttachment test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy\n```\n", "properties": { "policyArn": { "type": "string", @@ -253626,7 +253626,7 @@ } }, "aws:iam/user:User": { - "description": "Provides an IAM user.\n\n\u003e *NOTE:* If policies are attached to the user via the `aws.iam.PolicyAttachment` resource and you are modifying the user `name` or `path`, the `force_destroy` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.UserPolicyAttachment` resource (recommended) does not have this requirement.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.iam.User(\"lb\", {\n name: \"loadbalancer\",\n path: \"/system/\",\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\nconst lbAccessKey = new aws.iam.AccessKey(\"lb\", {user: lb.name});\nconst lbRo = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst lbRoUserPolicy = new aws.iam.UserPolicy(\"lb_ro\", {\n name: \"test\",\n user: lb.name,\n policy: lbRo.then(lbRo =\u003e lbRo.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.iam.User(\"lb\",\n name=\"loadbalancer\",\n path=\"/system/\",\n tags={\n \"tag-key\": \"tag-value\",\n })\nlb_access_key = aws.iam.AccessKey(\"lb\", user=lb.name)\nlb_ro = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\nlb_ro_user_policy = aws.iam.UserPolicy(\"lb_ro\",\n name=\"test\",\n user=lb.name,\n policy=lb_ro.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lb = new Aws.Iam.User(\"lb\", new()\n {\n Name = \"loadbalancer\",\n Path = \"/system/\",\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n\n var lbAccessKey = new Aws.Iam.AccessKey(\"lb\", new()\n {\n User = lb.Name,\n });\n\n var lbRo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var lbRoUserPolicy = new Aws.Iam.UserPolicy(\"lb_ro\", new()\n {\n Name = \"test\",\n User = lb.Name,\n Policy = lbRo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := iam.NewUser(ctx, \"lb\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"loadbalancer\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewAccessKey(ctx, \"lb\", \u0026iam.AccessKeyArgs{\n\t\t\tUser: lb.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlbRo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserPolicy(ctx, \"lb_ro\", \u0026iam.UserPolicyArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tUser: lb.Name,\n\t\t\tPolicy: *pulumi.String(lbRo.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.AccessKey;\nimport com.pulumi.aws.iam.AccessKeyArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.UserPolicy;\nimport com.pulumi.aws.iam.UserPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lb = new User(\"lb\", UserArgs.builder() \n .name(\"loadbalancer\")\n .path(\"/system/\")\n .tags(Map.of(\"tag-key\", \"tag-value\"))\n .build());\n\n var lbAccessKey = new AccessKey(\"lbAccessKey\", AccessKeyArgs.builder() \n .user(lb.name())\n .build());\n\n final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var lbRoUserPolicy = new UserPolicy(\"lbRoUserPolicy\", UserPolicyArgs.builder() \n .name(\"test\")\n .user(lb.name())\n .policy(lbRo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lb:\n type: aws:iam:User\n properties:\n name: loadbalancer\n path: /system/\n tags:\n tag-key: tag-value\n lbAccessKey:\n type: aws:iam:AccessKey\n name: lb\n properties:\n user: ${lb.name}\n lbRoUserPolicy:\n type: aws:iam:UserPolicy\n name: lb_ro\n properties:\n name: test\n user: ${lb.name}\n policy: ${lbRo.json}\nvariables:\n lbRo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Users using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/user:User lb loadbalancer\n```\n", + "description": "Provides an IAM user.\n\n\u003e *NOTE:* If policies are attached to the user via the `aws.iam.PolicyAttachment` resource and you are modifying the user `name` or `path`, the `force_destroy` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.UserPolicyAttachment` resource (recommended) does not have this requirement.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.iam.User(\"lb\", {\n name: \"loadbalancer\",\n path: \"/system/\",\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\nconst lbAccessKey = new aws.iam.AccessKey(\"lb\", {user: lb.name});\nconst lbRo = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"ec2:Describe*\"],\n resources: [\"*\"],\n }],\n});\nconst lbRoUserPolicy = new aws.iam.UserPolicy(\"lb_ro\", {\n name: \"test\",\n user: lb.name,\n policy: lbRo.then(lbRo =\u003e lbRo.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.iam.User(\"lb\",\n name=\"loadbalancer\",\n path=\"/system/\",\n tags={\n \"tag-key\": \"tag-value\",\n })\nlb_access_key = aws.iam.AccessKey(\"lb\", user=lb.name)\nlb_ro = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:Describe*\"],\n resources=[\"*\"],\n)])\nlb_ro_user_policy = aws.iam.UserPolicy(\"lb_ro\",\n name=\"test\",\n user=lb.name,\n policy=lb_ro.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lb = new Aws.Iam.User(\"lb\", new()\n {\n Name = \"loadbalancer\",\n Path = \"/system/\",\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n\n var lbAccessKey = new Aws.Iam.AccessKey(\"lb\", new()\n {\n User = lb.Name,\n });\n\n var lbRo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:Describe*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var lbRoUserPolicy = new Aws.Iam.UserPolicy(\"lb_ro\", new()\n {\n Name = \"test\",\n User = lb.Name,\n Policy = lbRo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := iam.NewUser(ctx, \"lb\", \u0026iam.UserArgs{\n\t\t\tName: pulumi.String(\"loadbalancer\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewAccessKey(ctx, \"lb\", \u0026iam.AccessKeyArgs{\n\t\t\tUser: lb.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlbRo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserPolicy(ctx, \"lb_ro\", \u0026iam.UserPolicyArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tUser: lb.Name,\n\t\t\tPolicy: pulumi.String(lbRo.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.User;\nimport com.pulumi.aws.iam.UserArgs;\nimport com.pulumi.aws.iam.AccessKey;\nimport com.pulumi.aws.iam.AccessKeyArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.UserPolicy;\nimport com.pulumi.aws.iam.UserPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lb = new User(\"lb\", UserArgs.builder() \n .name(\"loadbalancer\")\n .path(\"/system/\")\n .tags(Map.of(\"tag-key\", \"tag-value\"))\n .build());\n\n var lbAccessKey = new AccessKey(\"lbAccessKey\", AccessKeyArgs.builder() \n .user(lb.name())\n .build());\n\n final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:Describe*\")\n .resources(\"*\")\n .build())\n .build());\n\n var lbRoUserPolicy = new UserPolicy(\"lbRoUserPolicy\", UserPolicyArgs.builder() \n .name(\"test\")\n .user(lb.name())\n .policy(lbRo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lb:\n type: aws:iam:User\n properties:\n name: loadbalancer\n path: /system/\n tags:\n tag-key: tag-value\n lbAccessKey:\n type: aws:iam:AccessKey\n name: lb\n properties:\n user: ${lb.name}\n lbRoUserPolicy:\n type: aws:iam:UserPolicy\n name: lb_ro\n properties:\n name: test\n user: ${lb.name}\n policy: ${lbRo.json}\nvariables:\n lbRo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:Describe*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Users using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/user:User lb loadbalancer\n```\n", "properties": { "arn": { "type": "string", @@ -256702,7 +256702,7 @@ } }, "aws:inspector2/delegatedAdminAccount:DelegatedAdminAccount": { - "description": "Resource for managing an Amazon Inspector Delegated Admin Account.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = new aws.inspector2.DelegatedAdminAccount(\"example\", {accountId: current.then(current =\u003e current.accountId)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.inspector2.DelegatedAdminAccount(\"example\", account_id=current.account_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.Inspector2.DelegatedAdminAccount(\"example\", new()\n {\n AccountId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector2.NewDelegatedAdminAccount(ctx, \"example\", \u0026inspector2.DelegatedAdminAccountArgs{\n\t\t\tAccountId: *pulumi.String(current.AccountId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inspector2.DelegatedAdminAccount;\nimport com.pulumi.aws.inspector2.DelegatedAdminAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var example = new DelegatedAdminAccount(\"example\", DelegatedAdminAccountArgs.builder() \n .accountId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:inspector2:DelegatedAdminAccount\n properties:\n accountId: ${current.accountId}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Inspector Delegated Admin Account using the `account_id`. For example:\n\n```sh\n$ pulumi import aws:inspector2/delegatedAdminAccount:DelegatedAdminAccount example 012345678901\n```\n", + "description": "Resource for managing an Amazon Inspector Delegated Admin Account.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = new aws.inspector2.DelegatedAdminAccount(\"example\", {accountId: current.then(current =\u003e current.accountId)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.inspector2.DelegatedAdminAccount(\"example\", account_id=current.account_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.Inspector2.DelegatedAdminAccount(\"example\", new()\n {\n AccountId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector2.NewDelegatedAdminAccount(ctx, \"example\", \u0026inspector2.DelegatedAdminAccountArgs{\n\t\t\tAccountId: pulumi.String(current.AccountId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inspector2.DelegatedAdminAccount;\nimport com.pulumi.aws.inspector2.DelegatedAdminAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var example = new DelegatedAdminAccount(\"example\", DelegatedAdminAccountArgs.builder() \n .accountId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:inspector2:DelegatedAdminAccount\n properties:\n accountId: ${current.accountId}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Inspector Delegated Admin Account using the `account_id`. For example:\n\n```sh\n$ pulumi import aws:inspector2/delegatedAdminAccount:DelegatedAdminAccount example 012345678901\n```\n", "properties": { "accountId": { "type": "string", @@ -256744,7 +256744,7 @@ } }, "aws:inspector2/enabler:Enabler": { - "description": "Resource for enabling Amazon Inspector resource scans.\n\nThis resource must be created in the Organization's Administrator Account.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.inspector2.Enabler(\"example\", {\n accountIds: [\"123456789012\"],\n resourceTypes: [\"EC2\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.inspector2.Enabler(\"example\",\n account_ids=[\"123456789012\"],\n resource_types=[\"EC2\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Inspector2.Enabler(\"example\", new()\n {\n AccountIds = new[]\n {\n \"123456789012\",\n },\n ResourceTypes = new[]\n {\n \"EC2\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := inspector2.NewEnabler(ctx, \"example\", \u0026inspector2.EnablerArgs{\n\t\t\tAccountIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"123456789012\"),\n\t\t\t},\n\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"EC2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.inspector2.Enabler;\nimport com.pulumi.aws.inspector2.EnablerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Enabler(\"example\", EnablerArgs.builder() \n .accountIds(\"123456789012\")\n .resourceTypes(\"EC2\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:inspector2:Enabler\n properties:\n accountIds:\n - '123456789012'\n resourceTypes:\n - EC2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### For the Calling Account\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst test = new aws.inspector2.Enabler(\"test\", {\n accountIds: [current.then(current =\u003e current.accountId)],\n resourceTypes: [\n \"ECR\",\n \"EC2\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ntest = aws.inspector2.Enabler(\"test\",\n account_ids=[current.account_id],\n resource_types=[\n \"ECR\",\n \"EC2\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var test = new Aws.Inspector2.Enabler(\"test\", new()\n {\n AccountIds = new[]\n {\n current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n ResourceTypes = new[]\n {\n \"ECR\",\n \"EC2\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector2.NewEnabler(ctx, \"test\", \u0026inspector2.EnablerArgs{\n\t\t\tAccountIds: pulumi.StringArray{\n\t\t\t\t*pulumi.String(current.AccountId),\n\t\t\t},\n\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ECR\"),\n\t\t\t\tpulumi.String(\"EC2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inspector2.Enabler;\nimport com.pulumi.aws.inspector2.EnablerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var test = new Enabler(\"test\", EnablerArgs.builder() \n .accountIds(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .resourceTypes( \n \"ECR\",\n \"EC2\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:inspector2:Enabler\n properties:\n accountIds:\n - ${current.accountId}\n resourceTypes:\n - ECR\n - EC2\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Resource for enabling Amazon Inspector resource scans.\n\nThis resource must be created in the Organization's Administrator Account.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.inspector2.Enabler(\"example\", {\n accountIds: [\"123456789012\"],\n resourceTypes: [\"EC2\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.inspector2.Enabler(\"example\",\n account_ids=[\"123456789012\"],\n resource_types=[\"EC2\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Inspector2.Enabler(\"example\", new()\n {\n AccountIds = new[]\n {\n \"123456789012\",\n },\n ResourceTypes = new[]\n {\n \"EC2\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := inspector2.NewEnabler(ctx, \"example\", \u0026inspector2.EnablerArgs{\n\t\t\tAccountIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"123456789012\"),\n\t\t\t},\n\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"EC2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.inspector2.Enabler;\nimport com.pulumi.aws.inspector2.EnablerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Enabler(\"example\", EnablerArgs.builder() \n .accountIds(\"123456789012\")\n .resourceTypes(\"EC2\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:inspector2:Enabler\n properties:\n accountIds:\n - '123456789012'\n resourceTypes:\n - EC2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### For the Calling Account\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst test = new aws.inspector2.Enabler(\"test\", {\n accountIds: [current.then(current =\u003e current.accountId)],\n resourceTypes: [\n \"ECR\",\n \"EC2\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ntest = aws.inspector2.Enabler(\"test\",\n account_ids=[current.account_id],\n resource_types=[\n \"ECR\",\n \"EC2\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var test = new Aws.Inspector2.Enabler(\"test\", new()\n {\n AccountIds = new[]\n {\n current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n },\n ResourceTypes = new[]\n {\n \"ECR\",\n \"EC2\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector2.NewEnabler(ctx, \"test\", \u0026inspector2.EnablerArgs{\n\t\t\tAccountIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.AccountId),\n\t\t\t},\n\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ECR\"),\n\t\t\t\tpulumi.String(\"EC2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inspector2.Enabler;\nimport com.pulumi.aws.inspector2.EnablerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var test = new Enabler(\"test\", EnablerArgs.builder() \n .accountIds(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .resourceTypes( \n \"ECR\",\n \"EC2\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:inspector2:Enabler\n properties:\n accountIds:\n - ${current.accountId}\n resourceTypes:\n - ECR\n - EC2\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "accountIds": { "type": "array", @@ -257141,7 +257141,7 @@ } }, "aws:iot/caCertificate:CaCertificate": { - "description": "Creates and manages an AWS IoT CA Certificate.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst caPrivateKey = new tls.PrivateKey(\"ca\", {algorithm: \"RSA\"});\nconst ca = new tls.SelfSignedCert(\"ca\", {\n privateKeyPem: caPrivateKey.privateKeyPem,\n subject: {\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n },\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n isCaCertificate: true,\n});\nconst verificationPrivateKey = new tls.PrivateKey(\"verification\", {algorithm: \"RSA\"});\nconst example = aws.iot.getRegistrationCode({});\nconst verification = new tls.CertRequest(\"verification\", {\n privateKeyPem: verificationPrivateKey.privateKeyPem,\n subject: {\n commonName: example.then(example =\u003e example.registrationCode),\n },\n});\nconst verificationLocallySignedCert = new tls.LocallySignedCert(\"verification\", {\n certRequestPem: verification.certRequestPem,\n caPrivateKeyPem: caPrivateKey.privateKeyPem,\n caCertPem: ca.certPem,\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\nconst exampleCaCertificate = new aws.iot.CaCertificate(\"example\", {\n active: true,\n caCertificatePem: ca.certPem,\n verificationCertificatePem: verificationLocallySignedCert.certPem,\n allowAutoRegistration: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nca_private_key = tls.PrivateKey(\"ca\", algorithm=\"RSA\")\nca = tls.SelfSignedCert(\"ca\",\n private_key_pem=ca_private_key.private_key_pem,\n subject=tls.SelfSignedCertSubjectArgs(\n common_name=\"example.com\",\n organization=\"ACME Examples, Inc\",\n ),\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n is_ca_certificate=True)\nverification_private_key = tls.PrivateKey(\"verification\", algorithm=\"RSA\")\nexample = aws.iot.get_registration_code()\nverification = tls.CertRequest(\"verification\",\n private_key_pem=verification_private_key.private_key_pem,\n subject=tls.CertRequestSubjectArgs(\n common_name=example.registration_code,\n ))\nverification_locally_signed_cert = tls.LocallySignedCert(\"verification\",\n cert_request_pem=verification.cert_request_pem,\n ca_private_key_pem=ca_private_key.private_key_pem,\n ca_cert_pem=ca.cert_pem,\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\nexample_ca_certificate = aws.iot.CaCertificate(\"example\",\n active=True,\n ca_certificate_pem=ca.cert_pem,\n verification_certificate_pem=verification_locally_signed_cert.cert_pem,\n allow_auto_registration=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var caPrivateKey = new Tls.PrivateKey(\"ca\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var ca = new Tls.SelfSignedCert(\"ca\", new()\n {\n PrivateKeyPem = caPrivateKey.PrivateKeyPem,\n Subject = new Tls.Inputs.SelfSignedCertSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n IsCaCertificate = true,\n });\n\n var verificationPrivateKey = new Tls.PrivateKey(\"verification\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var example = Aws.Iot.GetRegistrationCode.Invoke();\n\n var verification = new Tls.CertRequest(\"verification\", new()\n {\n PrivateKeyPem = verificationPrivateKey.PrivateKeyPem,\n Subject = new Tls.Inputs.CertRequestSubjectArgs\n {\n CommonName = example.Apply(getRegistrationCodeResult =\u003e getRegistrationCodeResult.RegistrationCode),\n },\n });\n\n var verificationLocallySignedCert = new Tls.LocallySignedCert(\"verification\", new()\n {\n CertRequestPem = verification.CertRequestPem,\n CaPrivateKeyPem = caPrivateKey.PrivateKeyPem,\n CaCertPem = ca.CertPem,\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n\n var exampleCaCertificate = new Aws.Iot.CaCertificate(\"example\", new()\n {\n Active = true,\n CaCertificatePem = ca.CertPem,\n VerificationCertificatePem = verificationLocallySignedCert.CertPem,\n AllowAutoRegistration = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcaPrivateKey, err := tls.NewPrivateKey(ctx, \"ca\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tca, err := tls.NewSelfSignedCert(ctx, \"ca\", \u0026tls.SelfSignedCertArgs{\n\t\t\tPrivateKeyPem: caPrivateKey.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.SelfSignedCertSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t},\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t\tIsCaCertificate: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverificationPrivateKey, err := tls.NewPrivateKey(ctx, \"verification\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iot.GetRegistrationCode(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverification, err := tls.NewCertRequest(ctx, \"verification\", \u0026tls.CertRequestArgs{\n\t\t\tPrivateKeyPem: verificationPrivateKey.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.CertRequestSubjectArgs{\n\t\t\t\tCommonName: *pulumi.String(example.RegistrationCode),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverificationLocallySignedCert, err := tls.NewLocallySignedCert(ctx, \"verification\", \u0026tls.LocallySignedCertArgs{\n\t\t\tCertRequestPem: verification.CertRequestPem,\n\t\t\tCaPrivateKeyPem: caPrivateKey.PrivateKeyPem,\n\t\t\tCaCertPem: ca.CertPem,\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewCaCertificate(ctx, \"example\", \u0026iot.CaCertificateArgs{\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tCaCertificatePem: ca.CertPem,\n\t\t\tVerificationCertificatePem: verificationLocallySignedCert.CertPem,\n\t\t\tAllowAutoRegistration: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.SelfSignedCert;\nimport com.pulumi.tls.SelfSignedCertArgs;\nimport com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;\nimport com.pulumi.aws.iot.IotFunctions;\nimport com.pulumi.tls.CertRequest;\nimport com.pulumi.tls.CertRequestArgs;\nimport com.pulumi.tls.inputs.CertRequestSubjectArgs;\nimport com.pulumi.tls.LocallySignedCert;\nimport com.pulumi.tls.LocallySignedCertArgs;\nimport com.pulumi.aws.iot.CaCertificate;\nimport com.pulumi.aws.iot.CaCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var caPrivateKey = new PrivateKey(\"caPrivateKey\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n var ca = new SelfSignedCert(\"ca\", SelfSignedCertArgs.builder() \n .privateKeyPem(caPrivateKey.privateKeyPem())\n .subject(SelfSignedCertSubjectArgs.builder()\n .commonName(\"example.com\")\n .organization(\"ACME Examples, Inc\")\n .build())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .isCaCertificate(true)\n .build());\n\n var verificationPrivateKey = new PrivateKey(\"verificationPrivateKey\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n final var example = IotFunctions.getRegistrationCode();\n\n var verification = new CertRequest(\"verification\", CertRequestArgs.builder() \n .privateKeyPem(verificationPrivateKey.privateKeyPem())\n .subject(CertRequestSubjectArgs.builder()\n .commonName(example.applyValue(getRegistrationCodeResult -\u003e getRegistrationCodeResult.registrationCode()))\n .build())\n .build());\n\n var verificationLocallySignedCert = new LocallySignedCert(\"verificationLocallySignedCert\", LocallySignedCertArgs.builder() \n .certRequestPem(verification.certRequestPem())\n .caPrivateKeyPem(caPrivateKey.privateKeyPem())\n .caCertPem(ca.certPem())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .build());\n\n var exampleCaCertificate = new CaCertificate(\"exampleCaCertificate\", CaCertificateArgs.builder() \n .active(true)\n .caCertificatePem(ca.certPem())\n .verificationCertificatePem(verificationLocallySignedCert.certPem())\n .allowAutoRegistration(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ca:\n type: tls:SelfSignedCert\n properties:\n privateKeyPem: ${caPrivateKey.privateKeyPem}\n subject:\n commonName: example.com\n organization: ACME Examples, Inc\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n isCaCertificate: true\n caPrivateKey:\n type: tls:PrivateKey\n name: ca\n properties:\n algorithm: RSA\n verification:\n type: tls:CertRequest\n properties:\n privateKeyPem: ${verificationPrivateKey.privateKeyPem}\n subject:\n commonName: ${example.registrationCode}\n verificationPrivateKey:\n type: tls:PrivateKey\n name: verification\n properties:\n algorithm: RSA\n verificationLocallySignedCert:\n type: tls:LocallySignedCert\n name: verification\n properties:\n certRequestPem: ${verification.certRequestPem}\n caPrivateKeyPem: ${caPrivateKey.privateKeyPem}\n caCertPem: ${ca.certPem}\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n exampleCaCertificate:\n type: aws:iot:CaCertificate\n name: example\n properties:\n active: true\n caCertificatePem: ${ca.certPem}\n verificationCertificatePem: ${verificationLocallySignedCert.certPem}\n allowAutoRegistration: true\nvariables:\n example:\n fn::invoke:\n Function: aws:iot:getRegistrationCode\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Creates and manages an AWS IoT CA Certificate.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst caPrivateKey = new tls.PrivateKey(\"ca\", {algorithm: \"RSA\"});\nconst ca = new tls.SelfSignedCert(\"ca\", {\n privateKeyPem: caPrivateKey.privateKeyPem,\n subject: {\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n },\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n isCaCertificate: true,\n});\nconst verificationPrivateKey = new tls.PrivateKey(\"verification\", {algorithm: \"RSA\"});\nconst example = aws.iot.getRegistrationCode({});\nconst verification = new tls.CertRequest(\"verification\", {\n privateKeyPem: verificationPrivateKey.privateKeyPem,\n subject: {\n commonName: example.then(example =\u003e example.registrationCode),\n },\n});\nconst verificationLocallySignedCert = new tls.LocallySignedCert(\"verification\", {\n certRequestPem: verification.certRequestPem,\n caPrivateKeyPem: caPrivateKey.privateKeyPem,\n caCertPem: ca.certPem,\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\nconst exampleCaCertificate = new aws.iot.CaCertificate(\"example\", {\n active: true,\n caCertificatePem: ca.certPem,\n verificationCertificatePem: verificationLocallySignedCert.certPem,\n allowAutoRegistration: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nca_private_key = tls.PrivateKey(\"ca\", algorithm=\"RSA\")\nca = tls.SelfSignedCert(\"ca\",\n private_key_pem=ca_private_key.private_key_pem,\n subject=tls.SelfSignedCertSubjectArgs(\n common_name=\"example.com\",\n organization=\"ACME Examples, Inc\",\n ),\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n is_ca_certificate=True)\nverification_private_key = tls.PrivateKey(\"verification\", algorithm=\"RSA\")\nexample = aws.iot.get_registration_code()\nverification = tls.CertRequest(\"verification\",\n private_key_pem=verification_private_key.private_key_pem,\n subject=tls.CertRequestSubjectArgs(\n common_name=example.registration_code,\n ))\nverification_locally_signed_cert = tls.LocallySignedCert(\"verification\",\n cert_request_pem=verification.cert_request_pem,\n ca_private_key_pem=ca_private_key.private_key_pem,\n ca_cert_pem=ca.cert_pem,\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\nexample_ca_certificate = aws.iot.CaCertificate(\"example\",\n active=True,\n ca_certificate_pem=ca.cert_pem,\n verification_certificate_pem=verification_locally_signed_cert.cert_pem,\n allow_auto_registration=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var caPrivateKey = new Tls.PrivateKey(\"ca\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var ca = new Tls.SelfSignedCert(\"ca\", new()\n {\n PrivateKeyPem = caPrivateKey.PrivateKeyPem,\n Subject = new Tls.Inputs.SelfSignedCertSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n IsCaCertificate = true,\n });\n\n var verificationPrivateKey = new Tls.PrivateKey(\"verification\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var example = Aws.Iot.GetRegistrationCode.Invoke();\n\n var verification = new Tls.CertRequest(\"verification\", new()\n {\n PrivateKeyPem = verificationPrivateKey.PrivateKeyPem,\n Subject = new Tls.Inputs.CertRequestSubjectArgs\n {\n CommonName = example.Apply(getRegistrationCodeResult =\u003e getRegistrationCodeResult.RegistrationCode),\n },\n });\n\n var verificationLocallySignedCert = new Tls.LocallySignedCert(\"verification\", new()\n {\n CertRequestPem = verification.CertRequestPem,\n CaPrivateKeyPem = caPrivateKey.PrivateKeyPem,\n CaCertPem = ca.CertPem,\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n\n var exampleCaCertificate = new Aws.Iot.CaCertificate(\"example\", new()\n {\n Active = true,\n CaCertificatePem = ca.CertPem,\n VerificationCertificatePem = verificationLocallySignedCert.CertPem,\n AllowAutoRegistration = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcaPrivateKey, err := tls.NewPrivateKey(ctx, \"ca\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tca, err := tls.NewSelfSignedCert(ctx, \"ca\", \u0026tls.SelfSignedCertArgs{\n\t\t\tPrivateKeyPem: caPrivateKey.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.SelfSignedCertSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t},\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t\tIsCaCertificate: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverificationPrivateKey, err := tls.NewPrivateKey(ctx, \"verification\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iot.GetRegistrationCode(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverification, err := tls.NewCertRequest(ctx, \"verification\", \u0026tls.CertRequestArgs{\n\t\t\tPrivateKeyPem: verificationPrivateKey.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.CertRequestSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(example.RegistrationCode),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverificationLocallySignedCert, err := tls.NewLocallySignedCert(ctx, \"verification\", \u0026tls.LocallySignedCertArgs{\n\t\t\tCertRequestPem: verification.CertRequestPem,\n\t\t\tCaPrivateKeyPem: caPrivateKey.PrivateKeyPem,\n\t\t\tCaCertPem: ca.CertPem,\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewCaCertificate(ctx, \"example\", \u0026iot.CaCertificateArgs{\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tCaCertificatePem: ca.CertPem,\n\t\t\tVerificationCertificatePem: verificationLocallySignedCert.CertPem,\n\t\t\tAllowAutoRegistration: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.SelfSignedCert;\nimport com.pulumi.tls.SelfSignedCertArgs;\nimport com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;\nimport com.pulumi.aws.iot.IotFunctions;\nimport com.pulumi.tls.CertRequest;\nimport com.pulumi.tls.CertRequestArgs;\nimport com.pulumi.tls.inputs.CertRequestSubjectArgs;\nimport com.pulumi.tls.LocallySignedCert;\nimport com.pulumi.tls.LocallySignedCertArgs;\nimport com.pulumi.aws.iot.CaCertificate;\nimport com.pulumi.aws.iot.CaCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var caPrivateKey = new PrivateKey(\"caPrivateKey\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n var ca = new SelfSignedCert(\"ca\", SelfSignedCertArgs.builder() \n .privateKeyPem(caPrivateKey.privateKeyPem())\n .subject(SelfSignedCertSubjectArgs.builder()\n .commonName(\"example.com\")\n .organization(\"ACME Examples, Inc\")\n .build())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .isCaCertificate(true)\n .build());\n\n var verificationPrivateKey = new PrivateKey(\"verificationPrivateKey\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n final var example = IotFunctions.getRegistrationCode();\n\n var verification = new CertRequest(\"verification\", CertRequestArgs.builder() \n .privateKeyPem(verificationPrivateKey.privateKeyPem())\n .subject(CertRequestSubjectArgs.builder()\n .commonName(example.applyValue(getRegistrationCodeResult -\u003e getRegistrationCodeResult.registrationCode()))\n .build())\n .build());\n\n var verificationLocallySignedCert = new LocallySignedCert(\"verificationLocallySignedCert\", LocallySignedCertArgs.builder() \n .certRequestPem(verification.certRequestPem())\n .caPrivateKeyPem(caPrivateKey.privateKeyPem())\n .caCertPem(ca.certPem())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .build());\n\n var exampleCaCertificate = new CaCertificate(\"exampleCaCertificate\", CaCertificateArgs.builder() \n .active(true)\n .caCertificatePem(ca.certPem())\n .verificationCertificatePem(verificationLocallySignedCert.certPem())\n .allowAutoRegistration(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ca:\n type: tls:SelfSignedCert\n properties:\n privateKeyPem: ${caPrivateKey.privateKeyPem}\n subject:\n commonName: example.com\n organization: ACME Examples, Inc\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n isCaCertificate: true\n caPrivateKey:\n type: tls:PrivateKey\n name: ca\n properties:\n algorithm: RSA\n verification:\n type: tls:CertRequest\n properties:\n privateKeyPem: ${verificationPrivateKey.privateKeyPem}\n subject:\n commonName: ${example.registrationCode}\n verificationPrivateKey:\n type: tls:PrivateKey\n name: verification\n properties:\n algorithm: RSA\n verificationLocallySignedCert:\n type: tls:LocallySignedCert\n name: verification\n properties:\n certRequestPem: ${verification.certRequestPem}\n caPrivateKeyPem: ${caPrivateKey.privateKeyPem}\n caCertPem: ${ca.certPem}\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n exampleCaCertificate:\n type: aws:iot:CaCertificate\n name: example\n properties:\n active: true\n caCertificatePem: ${ca.certPem}\n verificationCertificatePem: ${verificationLocallySignedCert.certPem}\n allowAutoRegistration: true\nvariables:\n example:\n fn::invoke:\n Function: aws:iot:getRegistrationCode\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "active": { "type": "boolean", @@ -257906,7 +257906,7 @@ } }, "aws:iot/policyAttachment:PolicyAttachment": { - "description": "Provides an IoT policy attachment.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst pubsub = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"iot:*\"],\n resources: [\"*\"],\n }],\n});\nconst pubsubPolicy = new aws.iot.Policy(\"pubsub\", {\n name: \"PubSubToAnyTopic\",\n policy: pubsub.then(pubsub =\u003e pubsub.json),\n});\nconst cert = new aws.iot.Certificate(\"cert\", {\n csr: std.file({\n input: \"csr.pem\",\n }).then(invoke =\u003e invoke.result),\n active: true,\n});\nconst att = new aws.iot.PolicyAttachment(\"att\", {\n policy: pubsubPolicy.name,\n target: cert.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\npubsub = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"iot:*\"],\n resources=[\"*\"],\n)])\npubsub_policy = aws.iot.Policy(\"pubsub\",\n name=\"PubSubToAnyTopic\",\n policy=pubsub.json)\ncert = aws.iot.Certificate(\"cert\",\n csr=std.file(input=\"csr.pem\").result,\n active=True)\natt = aws.iot.PolicyAttachment(\"att\",\n policy=pubsub_policy.name,\n target=cert.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pubsub = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iot:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var pubsubPolicy = new Aws.Iot.Policy(\"pubsub\", new()\n {\n Name = \"PubSubToAnyTopic\",\n PolicyDocument = pubsub.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var cert = new Aws.Iot.Certificate(\"cert\", new()\n {\n Csr = Std.File.Invoke(new()\n {\n Input = \"csr.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n Active = true,\n });\n\n var att = new Aws.Iot.PolicyAttachment(\"att\", new()\n {\n Policy = pubsubPolicy.Name,\n Target = cert.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpubsub, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"iot:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpubsubPolicy, err := iot.NewPolicy(ctx, \"pubsub\", \u0026iot.PolicyArgs{\n\t\t\tName: pulumi.String(\"PubSubToAnyTopic\"),\n\t\t\tPolicy: *pulumi.String(pubsub.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"csr.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcert, err := iot.NewCertificate(ctx, \"cert\", \u0026iot.CertificateArgs{\n\t\t\tCsr: invokeFile.Result,\n\t\t\tActive: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewPolicyAttachment(ctx, \"att\", \u0026iot.PolicyAttachmentArgs{\n\t\t\tPolicy: pubsubPolicy.Name,\n\t\t\tTarget: cert.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iot.Policy;\nimport com.pulumi.aws.iot.PolicyArgs;\nimport com.pulumi.aws.iot.Certificate;\nimport com.pulumi.aws.iot.CertificateArgs;\nimport com.pulumi.aws.iot.PolicyAttachment;\nimport com.pulumi.aws.iot.PolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var pubsub = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"iot:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var pubsubPolicy = new Policy(\"pubsubPolicy\", PolicyArgs.builder() \n .name(\"PubSubToAnyTopic\")\n .policy(pubsub.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .csr(StdFunctions.file(FileArgs.builder()\n .input(\"csr.pem\")\n .build()).result())\n .active(true)\n .build());\n\n var att = new PolicyAttachment(\"att\", PolicyAttachmentArgs.builder() \n .policy(pubsubPolicy.name())\n .target(cert.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pubsubPolicy:\n type: aws:iot:Policy\n name: pubsub\n properties:\n name: PubSubToAnyTopic\n policy: ${pubsub.json}\n cert:\n type: aws:iot:Certificate\n properties:\n csr:\n fn::invoke:\n Function: std:file\n Arguments:\n input: csr.pem\n Return: result\n active: true\n att:\n type: aws:iot:PolicyAttachment\n properties:\n policy: ${pubsubPolicy.name}\n target: ${cert.arn}\nvariables:\n pubsub:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - iot:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides an IoT policy attachment.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst pubsub = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"iot:*\"],\n resources: [\"*\"],\n }],\n});\nconst pubsubPolicy = new aws.iot.Policy(\"pubsub\", {\n name: \"PubSubToAnyTopic\",\n policy: pubsub.then(pubsub =\u003e pubsub.json),\n});\nconst cert = new aws.iot.Certificate(\"cert\", {\n csr: std.file({\n input: \"csr.pem\",\n }).then(invoke =\u003e invoke.result),\n active: true,\n});\nconst att = new aws.iot.PolicyAttachment(\"att\", {\n policy: pubsubPolicy.name,\n target: cert.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\npubsub = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"iot:*\"],\n resources=[\"*\"],\n)])\npubsub_policy = aws.iot.Policy(\"pubsub\",\n name=\"PubSubToAnyTopic\",\n policy=pubsub.json)\ncert = aws.iot.Certificate(\"cert\",\n csr=std.file(input=\"csr.pem\").result,\n active=True)\natt = aws.iot.PolicyAttachment(\"att\",\n policy=pubsub_policy.name,\n target=cert.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pubsub = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iot:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var pubsubPolicy = new Aws.Iot.Policy(\"pubsub\", new()\n {\n Name = \"PubSubToAnyTopic\",\n PolicyDocument = pubsub.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var cert = new Aws.Iot.Certificate(\"cert\", new()\n {\n Csr = Std.File.Invoke(new()\n {\n Input = \"csr.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n Active = true,\n });\n\n var att = new Aws.Iot.PolicyAttachment(\"att\", new()\n {\n Policy = pubsubPolicy.Name,\n Target = cert.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpubsub, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"iot:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpubsubPolicy, err := iot.NewPolicy(ctx, \"pubsub\", \u0026iot.PolicyArgs{\n\t\t\tName: pulumi.String(\"PubSubToAnyTopic\"),\n\t\t\tPolicy: pulumi.String(pubsub.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"csr.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcert, err := iot.NewCertificate(ctx, \"cert\", \u0026iot.CertificateArgs{\n\t\t\tCsr: invokeFile.Result,\n\t\t\tActive: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewPolicyAttachment(ctx, \"att\", \u0026iot.PolicyAttachmentArgs{\n\t\t\tPolicy: pubsubPolicy.Name,\n\t\t\tTarget: cert.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iot.Policy;\nimport com.pulumi.aws.iot.PolicyArgs;\nimport com.pulumi.aws.iot.Certificate;\nimport com.pulumi.aws.iot.CertificateArgs;\nimport com.pulumi.aws.iot.PolicyAttachment;\nimport com.pulumi.aws.iot.PolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var pubsub = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"iot:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var pubsubPolicy = new Policy(\"pubsubPolicy\", PolicyArgs.builder() \n .name(\"PubSubToAnyTopic\")\n .policy(pubsub.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var cert = new Certificate(\"cert\", CertificateArgs.builder() \n .csr(StdFunctions.file(FileArgs.builder()\n .input(\"csr.pem\")\n .build()).result())\n .active(true)\n .build());\n\n var att = new PolicyAttachment(\"att\", PolicyAttachmentArgs.builder() \n .policy(pubsubPolicy.name())\n .target(cert.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pubsubPolicy:\n type: aws:iot:Policy\n name: pubsub\n properties:\n name: PubSubToAnyTopic\n policy: ${pubsub.json}\n cert:\n type: aws:iot:Certificate\n properties:\n csr:\n fn::invoke:\n Function: std:file\n Arguments:\n input: csr.pem\n Return: result\n active: true\n att:\n type: aws:iot:PolicyAttachment\n properties:\n policy: ${pubsubPolicy.name}\n target: ${cert.arn}\nvariables:\n pubsub:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - iot:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "policy": { "type": "string", @@ -257976,7 +257976,7 @@ } }, "aws:iot/provisioningTemplate:ProvisioningTemplate": { - "description": "Manages an IoT fleet provisioning template. For more info, see the AWS documentation on [fleet provisioning](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst iotAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"iot.amazonaws.com\"],\n }],\n }],\n});\nconst iotFleetProvisioning = new aws.iam.Role(\"iot_fleet_provisioning\", {\n name: \"IoTProvisioningServiceRole\",\n path: \"/service-role/\",\n assumeRolePolicy: iotAssumeRolePolicy.then(iotAssumeRolePolicy =\u003e iotAssumeRolePolicy.json),\n});\nconst iotFleetProvisioningRegistration = new aws.iam.RolePolicyAttachment(\"iot_fleet_provisioning_registration\", {\n role: iotFleetProvisioning.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\",\n});\nconst devicePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"iot:Subscribe\"],\n resources: [\"*\"],\n }],\n});\nconst devicePolicyPolicy = new aws.iot.Policy(\"device_policy\", {\n name: \"DevicePolicy\",\n policy: devicePolicy.then(devicePolicy =\u003e devicePolicy.json),\n});\nconst fleet = new aws.iot.ProvisioningTemplate(\"fleet\", {\n name: \"FleetTemplate\",\n description: \"My provisioning template\",\n provisioningRoleArn: iotFleetProvisioning.arn,\n enabled: true,\n templateBody: pulumi.jsonStringify({\n parameters: {\n serialNumber: {\n type: \"String\",\n },\n },\n resources: {\n certificate: {\n properties: {\n certificateId: {\n ref: \"AWS::IoT::Certificate::Id\",\n },\n status: \"Active\",\n },\n type: \"AWS::IoT::Certificate\",\n },\n policy: {\n properties: {\n policyName: devicePolicyPolicy.name,\n },\n type: \"AWS::IoT::Policy\",\n },\n },\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\niot_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"iot.amazonaws.com\"],\n )],\n)])\niot_fleet_provisioning = aws.iam.Role(\"iot_fleet_provisioning\",\n name=\"IoTProvisioningServiceRole\",\n path=\"/service-role/\",\n assume_role_policy=iot_assume_role_policy.json)\niot_fleet_provisioning_registration = aws.iam.RolePolicyAttachment(\"iot_fleet_provisioning_registration\",\n role=iot_fleet_provisioning.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\")\ndevice_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"iot:Subscribe\"],\n resources=[\"*\"],\n)])\ndevice_policy_policy = aws.iot.Policy(\"device_policy\",\n name=\"DevicePolicy\",\n policy=device_policy.json)\nfleet = aws.iot.ProvisioningTemplate(\"fleet\",\n name=\"FleetTemplate\",\n description=\"My provisioning template\",\n provisioning_role_arn=iot_fleet_provisioning.arn,\n enabled=True,\n template_body=pulumi.Output.json_dumps({\n \"parameters\": {\n \"serialNumber\": {\n \"type\": \"String\",\n },\n },\n \"resources\": {\n \"certificate\": {\n \"properties\": {\n \"certificateId\": {\n \"ref\": \"AWS::IoT::Certificate::Id\",\n },\n \"status\": \"Active\",\n },\n \"type\": \"AWS::IoT::Certificate\",\n },\n \"policy\": {\n \"properties\": {\n \"policyName\": device_policy_policy.name,\n },\n \"type\": \"AWS::IoT::Policy\",\n },\n },\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iotAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"iot.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var iotFleetProvisioning = new Aws.Iam.Role(\"iot_fleet_provisioning\", new()\n {\n Name = \"IoTProvisioningServiceRole\",\n Path = \"/service-role/\",\n AssumeRolePolicy = iotAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var iotFleetProvisioningRegistration = new Aws.Iam.RolePolicyAttachment(\"iot_fleet_provisioning_registration\", new()\n {\n Role = iotFleetProvisioning.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\",\n });\n\n var devicePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"iot:Subscribe\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var devicePolicyPolicy = new Aws.Iot.Policy(\"device_policy\", new()\n {\n Name = \"DevicePolicy\",\n PolicyDocument = devicePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fleet = new Aws.Iot.ProvisioningTemplate(\"fleet\", new()\n {\n Name = \"FleetTemplate\",\n Description = \"My provisioning template\",\n ProvisioningRoleArn = iotFleetProvisioning.Arn,\n Enabled = true,\n TemplateBody = Output.JsonSerialize(Output.Create(new Dictionary\u003cstring, object?\u003e\n {\n [\"parameters\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"serialNumber\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"String\",\n },\n },\n [\"resources\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"certificate\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"properties\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"certificateId\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"ref\"] = \"AWS::IoT::Certificate::Id\",\n },\n [\"status\"] = \"Active\",\n },\n [\"type\"] = \"AWS::IoT::Certificate\",\n },\n [\"policy\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"properties\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"policyName\"] = devicePolicyPolicy.Name,\n },\n [\"type\"] = \"AWS::IoT::Policy\",\n },\n },\n })),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tiotAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"iot.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiotFleetProvisioning, err := iam.NewRole(ctx, \"iot_fleet_provisioning\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"IoTProvisioningServiceRole\"),\n\t\t\tPath: pulumi.String(\"/service-role/\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(iotAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"iot_fleet_provisioning_registration\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: iotFleetProvisioning.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdevicePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"iot:Subscribe\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdevicePolicyPolicy, err := iot.NewPolicy(ctx, \"device_policy\", \u0026iot.PolicyArgs{\n\t\t\tName: pulumi.String(\"DevicePolicy\"),\n\t\t\tPolicy: *pulumi.String(devicePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewProvisioningTemplate(ctx, \"fleet\", \u0026iot.ProvisioningTemplateArgs{\n\t\t\tName: pulumi.String(\"FleetTemplate\"),\n\t\t\tDescription: pulumi.String(\"My provisioning template\"),\n\t\t\tProvisioningRoleArn: iotFleetProvisioning.Arn,\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTemplateBody: devicePolicyPolicy.Name.ApplyT(func(name string) (pulumi.String, error) {\n\t\t\t\tvar _zero pulumi.String\n\t\t\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\t\t\"parameters\": map[string]interface{}{\n\t\t\t\t\t\t\"serialNumber\": map[string]interface{}{\n\t\t\t\t\t\t\t\"type\": \"String\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"resources\": map[string]interface{}{\n\t\t\t\t\t\t\"certificate\": map[string]interface{}{\n\t\t\t\t\t\t\t\"properties\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\"certificateId\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"ref\": \"AWS::IoT::Certificate::Id\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\"status\": \"Active\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"type\": \"AWS::IoT::Certificate\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"policy\": map[string]interface{}{\n\t\t\t\t\t\t\t\"properties\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\"policyName\": name,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"type\": \"AWS::IoT::Policy\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t})\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn _zero, err\n\t\t\t\t}\n\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\treturn pulumi.String(json0), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.iot.Policy;\nimport com.pulumi.aws.iot.PolicyArgs;\nimport com.pulumi.aws.iot.ProvisioningTemplate;\nimport com.pulumi.aws.iot.ProvisioningTemplateArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var iotAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"iot.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var iotFleetProvisioning = new Role(\"iotFleetProvisioning\", RoleArgs.builder() \n .name(\"IoTProvisioningServiceRole\")\n .path(\"/service-role/\")\n .assumeRolePolicy(iotAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var iotFleetProvisioningRegistration = new RolePolicyAttachment(\"iotFleetProvisioningRegistration\", RolePolicyAttachmentArgs.builder() \n .role(iotFleetProvisioning.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\")\n .build());\n\n final var devicePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"iot:Subscribe\")\n .resources(\"*\")\n .build())\n .build());\n\n var devicePolicyPolicy = new Policy(\"devicePolicyPolicy\", PolicyArgs.builder() \n .name(\"DevicePolicy\")\n .policy(devicePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fleet = new ProvisioningTemplate(\"fleet\", ProvisioningTemplateArgs.builder() \n .name(\"FleetTemplate\")\n .description(\"My provisioning template\")\n .provisioningRoleArn(iotFleetProvisioning.arn())\n .enabled(true)\n .templateBody(devicePolicyPolicy.name().applyValue(name -\u003e serializeJson(\n jsonObject(\n jsonProperty(\"parameters\", jsonObject(\n jsonProperty(\"serialNumber\", jsonObject(\n jsonProperty(\"type\", \"String\")\n ))\n )),\n jsonProperty(\"resources\", jsonObject(\n jsonProperty(\"certificate\", jsonObject(\n jsonProperty(\"properties\", jsonObject(\n jsonProperty(\"certificateId\", jsonObject(\n jsonProperty(\"ref\", \"AWS::IoT::Certificate::Id\")\n )),\n jsonProperty(\"status\", \"Active\")\n )),\n jsonProperty(\"type\", \"AWS::IoT::Certificate\")\n )),\n jsonProperty(\"policy\", jsonObject(\n jsonProperty(\"properties\", jsonObject(\n jsonProperty(\"policyName\", name)\n )),\n jsonProperty(\"type\", \"AWS::IoT::Policy\")\n ))\n ))\n ))))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iotFleetProvisioning:\n type: aws:iam:Role\n name: iot_fleet_provisioning\n properties:\n name: IoTProvisioningServiceRole\n path: /service-role/\n assumeRolePolicy: ${iotAssumeRolePolicy.json}\n iotFleetProvisioningRegistration:\n type: aws:iam:RolePolicyAttachment\n name: iot_fleet_provisioning_registration\n properties:\n role: ${iotFleetProvisioning.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\n devicePolicyPolicy:\n type: aws:iot:Policy\n name: device_policy\n properties:\n name: DevicePolicy\n policy: ${devicePolicy.json}\n fleet:\n type: aws:iot:ProvisioningTemplate\n properties:\n name: FleetTemplate\n description: My provisioning template\n provisioningRoleArn: ${iotFleetProvisioning.arn}\n enabled: true\n templateBody:\n fn::toJSON:\n parameters:\n serialNumber:\n type: String\n resources:\n certificate:\n properties:\n certificateId:\n ref: AWS::IoT::Certificate::Id\n status: Active\n type: AWS::IoT::Certificate\n policy:\n properties:\n policyName: ${devicePolicyPolicy.name}\n type: AWS::IoT::Policy\nvariables:\n iotAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - iot.amazonaws.com\n devicePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - iot:Subscribe\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IoT fleet provisioning templates using the `name`. For example:\n\n```sh\n$ pulumi import aws:iot/provisioningTemplate:ProvisioningTemplate fleet FleetProvisioningTemplate\n```\n", + "description": "Manages an IoT fleet provisioning template. For more info, see the AWS documentation on [fleet provisioning](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst iotAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"iot.amazonaws.com\"],\n }],\n }],\n});\nconst iotFleetProvisioning = new aws.iam.Role(\"iot_fleet_provisioning\", {\n name: \"IoTProvisioningServiceRole\",\n path: \"/service-role/\",\n assumeRolePolicy: iotAssumeRolePolicy.then(iotAssumeRolePolicy =\u003e iotAssumeRolePolicy.json),\n});\nconst iotFleetProvisioningRegistration = new aws.iam.RolePolicyAttachment(\"iot_fleet_provisioning_registration\", {\n role: iotFleetProvisioning.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\",\n});\nconst devicePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"iot:Subscribe\"],\n resources: [\"*\"],\n }],\n});\nconst devicePolicyPolicy = new aws.iot.Policy(\"device_policy\", {\n name: \"DevicePolicy\",\n policy: devicePolicy.then(devicePolicy =\u003e devicePolicy.json),\n});\nconst fleet = new aws.iot.ProvisioningTemplate(\"fleet\", {\n name: \"FleetTemplate\",\n description: \"My provisioning template\",\n provisioningRoleArn: iotFleetProvisioning.arn,\n enabled: true,\n templateBody: pulumi.jsonStringify({\n parameters: {\n serialNumber: {\n type: \"String\",\n },\n },\n resources: {\n certificate: {\n properties: {\n certificateId: {\n ref: \"AWS::IoT::Certificate::Id\",\n },\n status: \"Active\",\n },\n type: \"AWS::IoT::Certificate\",\n },\n policy: {\n properties: {\n policyName: devicePolicyPolicy.name,\n },\n type: \"AWS::IoT::Policy\",\n },\n },\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\niot_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"iot.amazonaws.com\"],\n )],\n)])\niot_fleet_provisioning = aws.iam.Role(\"iot_fleet_provisioning\",\n name=\"IoTProvisioningServiceRole\",\n path=\"/service-role/\",\n assume_role_policy=iot_assume_role_policy.json)\niot_fleet_provisioning_registration = aws.iam.RolePolicyAttachment(\"iot_fleet_provisioning_registration\",\n role=iot_fleet_provisioning.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\")\ndevice_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"iot:Subscribe\"],\n resources=[\"*\"],\n)])\ndevice_policy_policy = aws.iot.Policy(\"device_policy\",\n name=\"DevicePolicy\",\n policy=device_policy.json)\nfleet = aws.iot.ProvisioningTemplate(\"fleet\",\n name=\"FleetTemplate\",\n description=\"My provisioning template\",\n provisioning_role_arn=iot_fleet_provisioning.arn,\n enabled=True,\n template_body=pulumi.Output.json_dumps({\n \"parameters\": {\n \"serialNumber\": {\n \"type\": \"String\",\n },\n },\n \"resources\": {\n \"certificate\": {\n \"properties\": {\n \"certificateId\": {\n \"ref\": \"AWS::IoT::Certificate::Id\",\n },\n \"status\": \"Active\",\n },\n \"type\": \"AWS::IoT::Certificate\",\n },\n \"policy\": {\n \"properties\": {\n \"policyName\": device_policy_policy.name,\n },\n \"type\": \"AWS::IoT::Policy\",\n },\n },\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iotAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"iot.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var iotFleetProvisioning = new Aws.Iam.Role(\"iot_fleet_provisioning\", new()\n {\n Name = \"IoTProvisioningServiceRole\",\n Path = \"/service-role/\",\n AssumeRolePolicy = iotAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var iotFleetProvisioningRegistration = new Aws.Iam.RolePolicyAttachment(\"iot_fleet_provisioning_registration\", new()\n {\n Role = iotFleetProvisioning.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\",\n });\n\n var devicePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"iot:Subscribe\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var devicePolicyPolicy = new Aws.Iot.Policy(\"device_policy\", new()\n {\n Name = \"DevicePolicy\",\n PolicyDocument = devicePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fleet = new Aws.Iot.ProvisioningTemplate(\"fleet\", new()\n {\n Name = \"FleetTemplate\",\n Description = \"My provisioning template\",\n ProvisioningRoleArn = iotFleetProvisioning.Arn,\n Enabled = true,\n TemplateBody = Output.JsonSerialize(Output.Create(new Dictionary\u003cstring, object?\u003e\n {\n [\"parameters\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"serialNumber\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"type\"] = \"String\",\n },\n },\n [\"resources\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"certificate\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"properties\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"certificateId\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"ref\"] = \"AWS::IoT::Certificate::Id\",\n },\n [\"status\"] = \"Active\",\n },\n [\"type\"] = \"AWS::IoT::Certificate\",\n },\n [\"policy\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"properties\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"policyName\"] = devicePolicyPolicy.Name,\n },\n [\"type\"] = \"AWS::IoT::Policy\",\n },\n },\n })),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tiotAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"iot.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiotFleetProvisioning, err := iam.NewRole(ctx, \"iot_fleet_provisioning\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"IoTProvisioningServiceRole\"),\n\t\t\tPath: pulumi.String(\"/service-role/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(iotAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"iot_fleet_provisioning_registration\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: iotFleetProvisioning.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdevicePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"iot:Subscribe\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdevicePolicyPolicy, err := iot.NewPolicy(ctx, \"device_policy\", \u0026iot.PolicyArgs{\n\t\t\tName: pulumi.String(\"DevicePolicy\"),\n\t\t\tPolicy: pulumi.String(devicePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewProvisioningTemplate(ctx, \"fleet\", \u0026iot.ProvisioningTemplateArgs{\n\t\t\tName: pulumi.String(\"FleetTemplate\"),\n\t\t\tDescription: pulumi.String(\"My provisioning template\"),\n\t\t\tProvisioningRoleArn: iotFleetProvisioning.Arn,\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTemplateBody: devicePolicyPolicy.Name.ApplyT(func(name string) (pulumi.String, error) {\n\t\t\t\tvar _zero pulumi.String\n\t\t\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\t\t\"parameters\": map[string]interface{}{\n\t\t\t\t\t\t\"serialNumber\": map[string]interface{}{\n\t\t\t\t\t\t\t\"type\": \"String\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"resources\": map[string]interface{}{\n\t\t\t\t\t\t\"certificate\": map[string]interface{}{\n\t\t\t\t\t\t\t\"properties\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\"certificateId\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"ref\": \"AWS::IoT::Certificate::Id\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\"status\": \"Active\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"type\": \"AWS::IoT::Certificate\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"policy\": map[string]interface{}{\n\t\t\t\t\t\t\t\"properties\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\"policyName\": name,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"type\": \"AWS::IoT::Policy\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t})\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn _zero, err\n\t\t\t\t}\n\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\treturn pulumi.String(json0), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.iot.Policy;\nimport com.pulumi.aws.iot.PolicyArgs;\nimport com.pulumi.aws.iot.ProvisioningTemplate;\nimport com.pulumi.aws.iot.ProvisioningTemplateArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var iotAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"iot.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var iotFleetProvisioning = new Role(\"iotFleetProvisioning\", RoleArgs.builder() \n .name(\"IoTProvisioningServiceRole\")\n .path(\"/service-role/\")\n .assumeRolePolicy(iotAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var iotFleetProvisioningRegistration = new RolePolicyAttachment(\"iotFleetProvisioningRegistration\", RolePolicyAttachmentArgs.builder() \n .role(iotFleetProvisioning.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\")\n .build());\n\n final var devicePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"iot:Subscribe\")\n .resources(\"*\")\n .build())\n .build());\n\n var devicePolicyPolicy = new Policy(\"devicePolicyPolicy\", PolicyArgs.builder() \n .name(\"DevicePolicy\")\n .policy(devicePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fleet = new ProvisioningTemplate(\"fleet\", ProvisioningTemplateArgs.builder() \n .name(\"FleetTemplate\")\n .description(\"My provisioning template\")\n .provisioningRoleArn(iotFleetProvisioning.arn())\n .enabled(true)\n .templateBody(devicePolicyPolicy.name().applyValue(name -\u003e serializeJson(\n jsonObject(\n jsonProperty(\"parameters\", jsonObject(\n jsonProperty(\"serialNumber\", jsonObject(\n jsonProperty(\"type\", \"String\")\n ))\n )),\n jsonProperty(\"resources\", jsonObject(\n jsonProperty(\"certificate\", jsonObject(\n jsonProperty(\"properties\", jsonObject(\n jsonProperty(\"certificateId\", jsonObject(\n jsonProperty(\"ref\", \"AWS::IoT::Certificate::Id\")\n )),\n jsonProperty(\"status\", \"Active\")\n )),\n jsonProperty(\"type\", \"AWS::IoT::Certificate\")\n )),\n jsonProperty(\"policy\", jsonObject(\n jsonProperty(\"properties\", jsonObject(\n jsonProperty(\"policyName\", name)\n )),\n jsonProperty(\"type\", \"AWS::IoT::Policy\")\n ))\n ))\n ))))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iotFleetProvisioning:\n type: aws:iam:Role\n name: iot_fleet_provisioning\n properties:\n name: IoTProvisioningServiceRole\n path: /service-role/\n assumeRolePolicy: ${iotAssumeRolePolicy.json}\n iotFleetProvisioningRegistration:\n type: aws:iam:RolePolicyAttachment\n name: iot_fleet_provisioning_registration\n properties:\n role: ${iotFleetProvisioning.name}\n policyArn: arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration\n devicePolicyPolicy:\n type: aws:iot:Policy\n name: device_policy\n properties:\n name: DevicePolicy\n policy: ${devicePolicy.json}\n fleet:\n type: aws:iot:ProvisioningTemplate\n properties:\n name: FleetTemplate\n description: My provisioning template\n provisioningRoleArn: ${iotFleetProvisioning.arn}\n enabled: true\n templateBody:\n fn::toJSON:\n parameters:\n serialNumber:\n type: String\n resources:\n certificate:\n properties:\n certificateId:\n ref: AWS::IoT::Certificate::Id\n status: Active\n type: AWS::IoT::Certificate\n policy:\n properties:\n policyName: ${devicePolicyPolicy.name}\n type: AWS::IoT::Policy\nvariables:\n iotAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - iot.amazonaws.com\n devicePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - iot:Subscribe\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IoT fleet provisioning templates using the `name`. For example:\n\n```sh\n$ pulumi import aws:iot/provisioningTemplate:ProvisioningTemplate fleet FleetProvisioningTemplate\n```\n", "properties": { "arn": { "type": "string", @@ -258678,7 +258678,7 @@ } }, "aws:iot/topicRule:TopicRule": { - "description": "Creates and manages an AWS IoT topic rule.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mytopic = new aws.sns.Topic(\"mytopic\", {name: \"mytopic\"});\nconst myerrortopic = new aws.sns.Topic(\"myerrortopic\", {name: \"myerrortopic\"});\nconst rule = new aws.iot.TopicRule(\"rule\", {\n name: \"MyRule\",\n description: \"Example rule\",\n enabled: true,\n sql: \"SELECT * FROM 'topic/test'\",\n sqlVersion: \"2016-03-23\",\n sns: [{\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: mytopic.arn,\n }],\n errorAction: {\n sns: {\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: myerrortopic.arn,\n },\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"iot.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst myrole = new aws.iam.Role(\"myrole\", {\n name: \"myrole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst mypolicy = mytopic.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"sns:Publish\"],\n resources: [arn],\n }],\n}));\nconst mypolicyRolePolicy = new aws.iam.RolePolicy(\"mypolicy\", {\n name: \"mypolicy\",\n role: myrole.id,\n policy: mypolicy.apply(mypolicy =\u003e mypolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmytopic = aws.sns.Topic(\"mytopic\", name=\"mytopic\")\nmyerrortopic = aws.sns.Topic(\"myerrortopic\", name=\"myerrortopic\")\nrule = aws.iot.TopicRule(\"rule\",\n name=\"MyRule\",\n description=\"Example rule\",\n enabled=True,\n sql=\"SELECT * FROM 'topic/test'\",\n sql_version=\"2016-03-23\",\n sns=[aws.iot.TopicRuleSnsArgs(\n message_format=\"RAW\",\n role_arn=role[\"arn\"],\n target_arn=mytopic.arn,\n )],\n error_action=aws.iot.TopicRuleErrorActionArgs(\n sns=aws.iot.TopicRuleErrorActionSnsArgs(\n message_format=\"RAW\",\n role_arn=role[\"arn\"],\n target_arn=myerrortopic.arn,\n ),\n ))\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"iot.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nmyrole = aws.iam.Role(\"myrole\",\n name=\"myrole\",\n assume_role_policy=assume_role.json)\nmypolicy = mytopic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"sns:Publish\"],\n resources=[arn],\n)]))\nmypolicy_role_policy = aws.iam.RolePolicy(\"mypolicy\",\n name=\"mypolicy\",\n role=myrole.id,\n policy=mypolicy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mytopic = new Aws.Sns.Topic(\"mytopic\", new()\n {\n Name = \"mytopic\",\n });\n\n var myerrortopic = new Aws.Sns.Topic(\"myerrortopic\", new()\n {\n Name = \"myerrortopic\",\n });\n\n var rule = new Aws.Iot.TopicRule(\"rule\", new()\n {\n Name = \"MyRule\",\n Description = \"Example rule\",\n Enabled = true,\n Sql = \"SELECT * FROM 'topic/test'\",\n SqlVersion = \"2016-03-23\",\n Sns = new[]\n {\n new Aws.Iot.Inputs.TopicRuleSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = mytopic.Arn,\n },\n },\n ErrorAction = new Aws.Iot.Inputs.TopicRuleErrorActionArgs\n {\n Sns = new Aws.Iot.Inputs.TopicRuleErrorActionSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = myerrortopic.Arn,\n },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"iot.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var myrole = new Aws.Iam.Role(\"myrole\", new()\n {\n Name = \"myrole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var mypolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"sns:Publish\",\n },\n Resources = new[]\n {\n mytopic.Arn,\n },\n },\n },\n });\n\n var mypolicyRolePolicy = new Aws.Iam.RolePolicy(\"mypolicy\", new()\n {\n Name = \"mypolicy\",\n Role = myrole.Id,\n Policy = mypolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmytopic, err := sns.NewTopic(ctx, \"mytopic\", \u0026sns.TopicArgs{\nName: pulumi.String(\"mytopic\"),\n})\nif err != nil {\nreturn err\n}\nmyerrortopic, err := sns.NewTopic(ctx, \"myerrortopic\", \u0026sns.TopicArgs{\nName: pulumi.String(\"myerrortopic\"),\n})\nif err != nil {\nreturn err\n}\n_, err = iot.NewTopicRule(ctx, \"rule\", \u0026iot.TopicRuleArgs{\nName: pulumi.String(\"MyRule\"),\nDescription: pulumi.String(\"Example rule\"),\nEnabled: pulumi.Bool(true),\nSql: pulumi.String(\"SELECT * FROM 'topic/test'\"),\nSqlVersion: pulumi.String(\"2016-03-23\"),\nSns: iot.TopicRuleSnsArray{\n\u0026iot.TopicRuleSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: pulumi.Any(role.Arn),\nTargetArn: mytopic.Arn,\n},\n},\nErrorAction: \u0026iot.TopicRuleErrorActionArgs{\nSns: \u0026iot.TopicRuleErrorActionSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: pulumi.Any(role.Arn),\nTargetArn: myerrortopic.Arn,\n},\n},\n})\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"iot.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nmyrole, err := iam.NewRole(ctx, \"myrole\", \u0026iam.RoleArgs{\nName: pulumi.String(\"myrole\"),\nAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nmypolicy := mytopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"sns:Publish\",\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"mypolicy\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"mypolicy\"),\nRole: myrole.ID(),\nPolicy: mypolicy.ApplyT(func(mypolicy iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026mypolicy.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iot.TopicRule;\nimport com.pulumi.aws.iot.TopicRuleArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleSnsArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionSnsArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mytopic = new Topic(\"mytopic\", TopicArgs.builder() \n .name(\"mytopic\")\n .build());\n\n var myerrortopic = new Topic(\"myerrortopic\", TopicArgs.builder() \n .name(\"myerrortopic\")\n .build());\n\n var rule = new TopicRule(\"rule\", TopicRuleArgs.builder() \n .name(\"MyRule\")\n .description(\"Example rule\")\n .enabled(true)\n .sql(\"SELECT * FROM 'topic/test'\")\n .sqlVersion(\"2016-03-23\")\n .sns(TopicRuleSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(mytopic.arn())\n .build())\n .errorAction(TopicRuleErrorActionArgs.builder()\n .sns(TopicRuleErrorActionSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(myerrortopic.arn())\n .build())\n .build())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"iot.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var myrole = new Role(\"myrole\", RoleArgs.builder() \n .name(\"myrole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var mypolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"sns:Publish\")\n .resources(mytopic.arn())\n .build())\n .build());\n\n var mypolicyRolePolicy = new RolePolicy(\"mypolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"mypolicy\")\n .role(myrole.id())\n .policy(mypolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(mypolicy -\u003e mypolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n rule:\n type: aws:iot:TopicRule\n properties:\n name: MyRule\n description: Example rule\n enabled: true\n sql: SELECT * FROM 'topic/test'\n sqlVersion: 2016-03-23\n sns:\n - messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${mytopic.arn}\n errorAction:\n sns:\n messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${myerrortopic.arn}\n mytopic:\n type: aws:sns:Topic\n properties:\n name: mytopic\n myerrortopic:\n type: aws:sns:Topic\n properties:\n name: myerrortopic\n myrole:\n type: aws:iam:Role\n properties:\n name: myrole\n assumeRolePolicy: ${assumeRole.json}\n mypolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: mypolicy\n properties:\n name: mypolicy\n role: ${myrole.id}\n policy: ${mypolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - iot.amazonaws.com\n actions:\n - sts:AssumeRole\n mypolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - sns:Publish\n resources:\n - ${mytopic.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IoT Topic Rules using the `name`. For example:\n\n```sh\n$ pulumi import aws:iot/topicRule:TopicRule rule \u003cname\u003e\n```\n", + "description": "Creates and manages an AWS IoT topic rule.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mytopic = new aws.sns.Topic(\"mytopic\", {name: \"mytopic\"});\nconst myerrortopic = new aws.sns.Topic(\"myerrortopic\", {name: \"myerrortopic\"});\nconst rule = new aws.iot.TopicRule(\"rule\", {\n name: \"MyRule\",\n description: \"Example rule\",\n enabled: true,\n sql: \"SELECT * FROM 'topic/test'\",\n sqlVersion: \"2016-03-23\",\n sns: [{\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: mytopic.arn,\n }],\n errorAction: {\n sns: {\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: myerrortopic.arn,\n },\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"iot.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst myrole = new aws.iam.Role(\"myrole\", {\n name: \"myrole\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst mypolicy = mytopic.arn.apply(arn =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n actions: [\"sns:Publish\"],\n resources: [arn],\n }],\n}));\nconst mypolicyRolePolicy = new aws.iam.RolePolicy(\"mypolicy\", {\n name: \"mypolicy\",\n role: myrole.id,\n policy: mypolicy.apply(mypolicy =\u003e mypolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmytopic = aws.sns.Topic(\"mytopic\", name=\"mytopic\")\nmyerrortopic = aws.sns.Topic(\"myerrortopic\", name=\"myerrortopic\")\nrule = aws.iot.TopicRule(\"rule\",\n name=\"MyRule\",\n description=\"Example rule\",\n enabled=True,\n sql=\"SELECT * FROM 'topic/test'\",\n sql_version=\"2016-03-23\",\n sns=[aws.iot.TopicRuleSnsArgs(\n message_format=\"RAW\",\n role_arn=role[\"arn\"],\n target_arn=mytopic.arn,\n )],\n error_action=aws.iot.TopicRuleErrorActionArgs(\n sns=aws.iot.TopicRuleErrorActionSnsArgs(\n message_format=\"RAW\",\n role_arn=role[\"arn\"],\n target_arn=myerrortopic.arn,\n ),\n ))\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"iot.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nmyrole = aws.iam.Role(\"myrole\",\n name=\"myrole\",\n assume_role_policy=assume_role.json)\nmypolicy = mytopic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"sns:Publish\"],\n resources=[arn],\n)]))\nmypolicy_role_policy = aws.iam.RolePolicy(\"mypolicy\",\n name=\"mypolicy\",\n role=myrole.id,\n policy=mypolicy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mytopic = new Aws.Sns.Topic(\"mytopic\", new()\n {\n Name = \"mytopic\",\n });\n\n var myerrortopic = new Aws.Sns.Topic(\"myerrortopic\", new()\n {\n Name = \"myerrortopic\",\n });\n\n var rule = new Aws.Iot.TopicRule(\"rule\", new()\n {\n Name = \"MyRule\",\n Description = \"Example rule\",\n Enabled = true,\n Sql = \"SELECT * FROM 'topic/test'\",\n SqlVersion = \"2016-03-23\",\n Sns = new[]\n {\n new Aws.Iot.Inputs.TopicRuleSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = mytopic.Arn,\n },\n },\n ErrorAction = new Aws.Iot.Inputs.TopicRuleErrorActionArgs\n {\n Sns = new Aws.Iot.Inputs.TopicRuleErrorActionSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = myerrortopic.Arn,\n },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"iot.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var myrole = new Aws.Iam.Role(\"myrole\", new()\n {\n Name = \"myrole\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var mypolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"sns:Publish\",\n },\n Resources = new[]\n {\n mytopic.Arn,\n },\n },\n },\n });\n\n var mypolicyRolePolicy = new Aws.Iam.RolePolicy(\"mypolicy\", new()\n {\n Name = \"mypolicy\",\n Role = myrole.Id,\n Policy = mypolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nmytopic, err := sns.NewTopic(ctx, \"mytopic\", \u0026sns.TopicArgs{\nName: pulumi.String(\"mytopic\"),\n})\nif err != nil {\nreturn err\n}\nmyerrortopic, err := sns.NewTopic(ctx, \"myerrortopic\", \u0026sns.TopicArgs{\nName: pulumi.String(\"myerrortopic\"),\n})\nif err != nil {\nreturn err\n}\n_, err = iot.NewTopicRule(ctx, \"rule\", \u0026iot.TopicRuleArgs{\nName: pulumi.String(\"MyRule\"),\nDescription: pulumi.String(\"Example rule\"),\nEnabled: pulumi.Bool(true),\nSql: pulumi.String(\"SELECT * FROM 'topic/test'\"),\nSqlVersion: pulumi.String(\"2016-03-23\"),\nSns: iot.TopicRuleSnsArray{\n\u0026iot.TopicRuleSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: pulumi.Any(role.Arn),\nTargetArn: mytopic.Arn,\n},\n},\nErrorAction: \u0026iot.TopicRuleErrorActionArgs{\nSns: \u0026iot.TopicRuleErrorActionSnsArgs{\nMessageFormat: pulumi.String(\"RAW\"),\nRoleArn: pulumi.Any(role.Arn),\nTargetArn: myerrortopic.Arn,\n},\n},\n})\nif err != nil {\nreturn err\n}\nassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"iot.amazonaws.com\",\n},\n},\n},\nActions: []string{\n\"sts:AssumeRole\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nmyrole, err := iam.NewRole(ctx, \"myrole\", \u0026iam.RoleArgs{\nName: pulumi.String(\"myrole\"),\nAssumeRolePolicy: pulumi.String(assumeRole.Json),\n})\nif err != nil {\nreturn err\n}\nmypolicy := mytopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nActions: []string{\n\"sns:Publish\",\n},\nResources: interface{}{\narn,\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = iam.NewRolePolicy(ctx, \"mypolicy\", \u0026iam.RolePolicyArgs{\nName: pulumi.String(\"mypolicy\"),\nRole: myrole.ID(),\nPolicy: mypolicy.ApplyT(func(mypolicy iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026mypolicy.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iot.TopicRule;\nimport com.pulumi.aws.iot.TopicRuleArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleSnsArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionArgs;\nimport com.pulumi.aws.iot.inputs.TopicRuleErrorActionSnsArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mytopic = new Topic(\"mytopic\", TopicArgs.builder() \n .name(\"mytopic\")\n .build());\n\n var myerrortopic = new Topic(\"myerrortopic\", TopicArgs.builder() \n .name(\"myerrortopic\")\n .build());\n\n var rule = new TopicRule(\"rule\", TopicRuleArgs.builder() \n .name(\"MyRule\")\n .description(\"Example rule\")\n .enabled(true)\n .sql(\"SELECT * FROM 'topic/test'\")\n .sqlVersion(\"2016-03-23\")\n .sns(TopicRuleSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(mytopic.arn())\n .build())\n .errorAction(TopicRuleErrorActionArgs.builder()\n .sns(TopicRuleErrorActionSnsArgs.builder()\n .messageFormat(\"RAW\")\n .roleArn(role.arn())\n .targetArn(myerrortopic.arn())\n .build())\n .build())\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"iot.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var myrole = new Role(\"myrole\", RoleArgs.builder() \n .name(\"myrole\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var mypolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"sns:Publish\")\n .resources(mytopic.arn())\n .build())\n .build());\n\n var mypolicyRolePolicy = new RolePolicy(\"mypolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"mypolicy\")\n .role(myrole.id())\n .policy(mypolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(mypolicy -\u003e mypolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n rule:\n type: aws:iot:TopicRule\n properties:\n name: MyRule\n description: Example rule\n enabled: true\n sql: SELECT * FROM 'topic/test'\n sqlVersion: 2016-03-23\n sns:\n - messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${mytopic.arn}\n errorAction:\n sns:\n messageFormat: RAW\n roleArn: ${role.arn}\n targetArn: ${myerrortopic.arn}\n mytopic:\n type: aws:sns:Topic\n properties:\n name: mytopic\n myerrortopic:\n type: aws:sns:Topic\n properties:\n name: myerrortopic\n myrole:\n type: aws:iam:Role\n properties:\n name: myrole\n assumeRolePolicy: ${assumeRole.json}\n mypolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: mypolicy\n properties:\n name: mypolicy\n role: ${myrole.id}\n policy: ${mypolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - iot.amazonaws.com\n actions:\n - sts:AssumeRole\n mypolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - sns:Publish\n resources:\n - ${mytopic.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IoT Topic Rules using the `name`. For example:\n\n```sh\n$ pulumi import aws:iot/topicRule:TopicRule rule \u003cname\u003e\n```\n", "properties": { "arn": { "type": "string", @@ -259608,7 +259608,7 @@ } }, "aws:ivschat/loggingConfiguration:LoggingConfiguration": { - "description": "Resource for managing an AWS IVS (Interactive Video) Chat Logging Configuration.\n\n## Example Usage\n\n### Basic Usage - Logging to CloudWatch\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {});\nconst exampleLoggingConfiguration = new aws.ivschat.LoggingConfiguration(\"example\", {destinationConfiguration: {\n cloudwatchLogs: {\n logGroupName: example.name,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\")\nexample_logging_configuration = aws.ivschat.LoggingConfiguration(\"example\", destination_configuration=aws.ivschat.LoggingConfigurationDestinationConfigurationArgs(\n cloudwatch_logs=aws.ivschat.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs(\n log_group_name=example.name,\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\");\n\n var exampleLoggingConfiguration = new Aws.IvsChat.LoggingConfiguration(\"example\", new()\n {\n DestinationConfiguration = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationArgs\n {\n CloudwatchLogs = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs\n {\n LogGroupName = example.Name,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ivschat\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ivschat.NewLoggingConfiguration(ctx, \"example\", \u0026ivschat.LoggingConfigurationArgs{\n\t\t\tDestinationConfiguration: \u0026ivschat.LoggingConfigurationDestinationConfigurationArgs{\n\t\t\t\tCloudwatchLogs: \u0026ivschat.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs{\n\t\t\t\t\tLogGroupName: example.Name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.ivschat.LoggingConfiguration;\nimport com.pulumi.aws.ivschat.LoggingConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\");\n\n var exampleLoggingConfiguration = new LoggingConfiguration(\"exampleLoggingConfiguration\", LoggingConfigurationArgs.builder() \n .destinationConfiguration(LoggingConfigurationDestinationConfigurationArgs.builder()\n .cloudwatchLogs(LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs.builder()\n .logGroupName(example.name())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n exampleLoggingConfiguration:\n type: aws:ivschat:LoggingConfiguration\n name: example\n properties:\n destinationConfiguration:\n cloudwatchLogs:\n logGroupName: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Basic Usage - Logging to Kinesis Firehose with Extended S3\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucketPrefix: \"tf-ivschat-logging-bucket\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"firehose_example_role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = new aws.kinesis.FirehoseDeliveryStream(\"example\", {\n name: \"pulumi-kinesis-firehose-extended-s3-example-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: exampleRole.arn,\n bucketArn: exampleBucketV2.arn,\n },\n tags: {\n LogDeliveryEnabled: \"true\",\n },\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst exampleLoggingConfiguration = new aws.ivschat.LoggingConfiguration(\"example\", {destinationConfiguration: {\n firehose: {\n deliveryStreamName: example.name,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket_prefix=\"tf-ivschat-logging-bucket\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"firehose_example_role\",\n assume_role_policy=assume_role.json)\nexample = aws.kinesis.FirehoseDeliveryStream(\"example\",\n name=\"pulumi-kinesis-firehose-extended-s3-example-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=example_role.arn,\n bucket_arn=example_bucket_v2.arn,\n ),\n tags={\n \"LogDeliveryEnabled\": \"true\",\n })\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nexample_logging_configuration = aws.ivschat.LoggingConfiguration(\"example\", destination_configuration=aws.ivschat.LoggingConfigurationDestinationConfigurationArgs(\n firehose=aws.ivschat.LoggingConfigurationDestinationConfigurationFirehoseArgs(\n delivery_stream_name=example.name,\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n BucketPrefix = \"tf-ivschat-logging-bucket\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"firehose_example_role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.Kinesis.FirehoseDeliveryStream(\"example\", new()\n {\n Name = \"pulumi-kinesis-firehose-extended-s3-example-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = exampleRole.Arn,\n BucketArn = exampleBucketV2.Arn,\n },\n Tags = \n {\n { \"LogDeliveryEnabled\", \"true\" },\n },\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var exampleLoggingConfiguration = new Aws.IvsChat.LoggingConfiguration(\"example\", new()\n {\n DestinationConfiguration = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationArgs\n {\n Firehose = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationFirehoseArgs\n {\n DeliveryStreamName = example.Name,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ivschat\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucketPrefix: pulumi.String(\"tf-ivschat-logging-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_example_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := kinesis.NewFirehoseDeliveryStream(ctx, \"example\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"pulumi-kinesis-firehose-extended-s3-example-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: exampleRole.Arn,\n\t\t\t\tBucketArn: exampleBucketV2.Arn,\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"LogDeliveryEnabled\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ivschat.NewLoggingConfiguration(ctx, \"example\", \u0026ivschat.LoggingConfigurationArgs{\n\t\t\tDestinationConfiguration: \u0026ivschat.LoggingConfigurationDestinationConfigurationArgs{\n\t\t\t\tFirehose: \u0026ivschat.LoggingConfigurationDestinationConfigurationFirehoseArgs{\n\t\t\t\t\tDeliveryStreamName: example.Name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.ivschat.LoggingConfiguration;\nimport com.pulumi.aws.ivschat.LoggingConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationFirehoseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucketPrefix(\"tf-ivschat-logging-bucket\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"firehose_example_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new FirehoseDeliveryStream(\"example\", FirehoseDeliveryStreamArgs.builder() \n .name(\"pulumi-kinesis-firehose-extended-s3-example-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(exampleRole.arn())\n .bucketArn(exampleBucketV2.arn())\n .build())\n .tags(Map.of(\"LogDeliveryEnabled\", \"true\"))\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n var exampleLoggingConfiguration = new LoggingConfiguration(\"exampleLoggingConfiguration\", LoggingConfigurationArgs.builder() \n .destinationConfiguration(LoggingConfigurationDestinationConfigurationArgs.builder()\n .firehose(LoggingConfigurationDestinationConfigurationFirehoseArgs.builder()\n .deliveryStreamName(example.name())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: pulumi-kinesis-firehose-extended-s3-example-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${exampleRole.arn}\n bucketArn: ${exampleBucketV2.arn}\n tags:\n LogDeliveryEnabled: 'true'\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucketPrefix: tf-ivschat-logging-bucket\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: firehose_example_role\n assumeRolePolicy: ${assumeRole.json}\n exampleLoggingConfiguration:\n type: aws:ivschat:LoggingConfiguration\n name: example\n properties:\n destinationConfiguration:\n firehose:\n deliveryStreamName: ${example.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Basic Usage - Logging to S3\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.ivschat.LoggingConfiguration;\nimport com.pulumi.aws.ivschat.LoggingConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationS3Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucketName(\"tf-ivschat-logging\")\n .forceDestroy(true)\n .build());\n\n var exampleLoggingConfiguration = new LoggingConfiguration(\"exampleLoggingConfiguration\", LoggingConfigurationArgs.builder() \n .destinationConfiguration(LoggingConfigurationDestinationConfigurationArgs.builder()\n .s3(LoggingConfigurationDestinationConfigurationS3Args.builder()\n .bucketName(example.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucketName: tf-ivschat-logging\n forceDestroy: true\n exampleLoggingConfiguration:\n type: aws:ivschat:LoggingConfiguration\n name: example\n properties:\n destinationConfiguration:\n s3:\n bucketName: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IVS (Interactive Video) Chat Logging Configuration using the ARN. For example:\n\n```sh\n$ pulumi import aws:ivschat/loggingConfiguration:LoggingConfiguration example arn:aws:ivschat:us-west-2:326937407773:logging-configuration/MMUQc8wcqZmC\n```\n", + "description": "Resource for managing an AWS IVS (Interactive Video) Chat Logging Configuration.\n\n## Example Usage\n\n### Basic Usage - Logging to CloudWatch\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {});\nconst exampleLoggingConfiguration = new aws.ivschat.LoggingConfiguration(\"example\", {destinationConfiguration: {\n cloudwatchLogs: {\n logGroupName: example.name,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\")\nexample_logging_configuration = aws.ivschat.LoggingConfiguration(\"example\", destination_configuration=aws.ivschat.LoggingConfigurationDestinationConfigurationArgs(\n cloudwatch_logs=aws.ivschat.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs(\n log_group_name=example.name,\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\");\n\n var exampleLoggingConfiguration = new Aws.IvsChat.LoggingConfiguration(\"example\", new()\n {\n DestinationConfiguration = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationArgs\n {\n CloudwatchLogs = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs\n {\n LogGroupName = example.Name,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ivschat\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ivschat.NewLoggingConfiguration(ctx, \"example\", \u0026ivschat.LoggingConfigurationArgs{\n\t\t\tDestinationConfiguration: \u0026ivschat.LoggingConfigurationDestinationConfigurationArgs{\n\t\t\t\tCloudwatchLogs: \u0026ivschat.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs{\n\t\t\t\t\tLogGroupName: example.Name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.ivschat.LoggingConfiguration;\nimport com.pulumi.aws.ivschat.LoggingConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\");\n\n var exampleLoggingConfiguration = new LoggingConfiguration(\"exampleLoggingConfiguration\", LoggingConfigurationArgs.builder() \n .destinationConfiguration(LoggingConfigurationDestinationConfigurationArgs.builder()\n .cloudwatchLogs(LoggingConfigurationDestinationConfigurationCloudwatchLogsArgs.builder()\n .logGroupName(example.name())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n exampleLoggingConfiguration:\n type: aws:ivschat:LoggingConfiguration\n name: example\n properties:\n destinationConfiguration:\n cloudwatchLogs:\n logGroupName: ${example.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Basic Usage - Logging to Kinesis Firehose with Extended S3\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucketPrefix: \"tf-ivschat-logging-bucket\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"firehose_example_role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = new aws.kinesis.FirehoseDeliveryStream(\"example\", {\n name: \"pulumi-kinesis-firehose-extended-s3-example-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: exampleRole.arn,\n bucketArn: exampleBucketV2.arn,\n },\n tags: {\n LogDeliveryEnabled: \"true\",\n },\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst exampleLoggingConfiguration = new aws.ivschat.LoggingConfiguration(\"example\", {destinationConfiguration: {\n firehose: {\n deliveryStreamName: example.name,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket_prefix=\"tf-ivschat-logging-bucket\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"firehose_example_role\",\n assume_role_policy=assume_role.json)\nexample = aws.kinesis.FirehoseDeliveryStream(\"example\",\n name=\"pulumi-kinesis-firehose-extended-s3-example-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=example_role.arn,\n bucket_arn=example_bucket_v2.arn,\n ),\n tags={\n \"LogDeliveryEnabled\": \"true\",\n })\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nexample_logging_configuration = aws.ivschat.LoggingConfiguration(\"example\", destination_configuration=aws.ivschat.LoggingConfigurationDestinationConfigurationArgs(\n firehose=aws.ivschat.LoggingConfigurationDestinationConfigurationFirehoseArgs(\n delivery_stream_name=example.name,\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n BucketPrefix = \"tf-ivschat-logging-bucket\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"firehose_example_role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = new Aws.Kinesis.FirehoseDeliveryStream(\"example\", new()\n {\n Name = \"pulumi-kinesis-firehose-extended-s3-example-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = exampleRole.Arn,\n BucketArn = exampleBucketV2.Arn,\n },\n Tags = \n {\n { \"LogDeliveryEnabled\", \"true\" },\n },\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var exampleLoggingConfiguration = new Aws.IvsChat.LoggingConfiguration(\"example\", new()\n {\n DestinationConfiguration = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationArgs\n {\n Firehose = new Aws.IvsChat.Inputs.LoggingConfigurationDestinationConfigurationFirehoseArgs\n {\n DeliveryStreamName = example.Name,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ivschat\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucketPrefix: pulumi.String(\"tf-ivschat-logging-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_example_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := kinesis.NewFirehoseDeliveryStream(ctx, \"example\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"pulumi-kinesis-firehose-extended-s3-example-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: exampleRole.Arn,\n\t\t\t\tBucketArn: exampleBucketV2.Arn,\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"LogDeliveryEnabled\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ivschat.NewLoggingConfiguration(ctx, \"example\", \u0026ivschat.LoggingConfigurationArgs{\n\t\t\tDestinationConfiguration: \u0026ivschat.LoggingConfigurationDestinationConfigurationArgs{\n\t\t\t\tFirehose: \u0026ivschat.LoggingConfigurationDestinationConfigurationFirehoseArgs{\n\t\t\t\t\tDeliveryStreamName: example.Name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.ivschat.LoggingConfiguration;\nimport com.pulumi.aws.ivschat.LoggingConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationFirehoseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucketPrefix(\"tf-ivschat-logging-bucket\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"firehose_example_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example = new FirehoseDeliveryStream(\"example\", FirehoseDeliveryStreamArgs.builder() \n .name(\"pulumi-kinesis-firehose-extended-s3-example-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(exampleRole.arn())\n .bucketArn(exampleBucketV2.arn())\n .build())\n .tags(Map.of(\"LogDeliveryEnabled\", \"true\"))\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n var exampleLoggingConfiguration = new LoggingConfiguration(\"exampleLoggingConfiguration\", LoggingConfigurationArgs.builder() \n .destinationConfiguration(LoggingConfigurationDestinationConfigurationArgs.builder()\n .firehose(LoggingConfigurationDestinationConfigurationFirehoseArgs.builder()\n .deliveryStreamName(example.name())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: pulumi-kinesis-firehose-extended-s3-example-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${exampleRole.arn}\n bucketArn: ${exampleBucketV2.arn}\n tags:\n LogDeliveryEnabled: 'true'\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucketPrefix: tf-ivschat-logging-bucket\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: firehose_example_role\n assumeRolePolicy: ${assumeRole.json}\n exampleLoggingConfiguration:\n type: aws:ivschat:LoggingConfiguration\n name: example\n properties:\n destinationConfiguration:\n firehose:\n deliveryStreamName: ${example.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Basic Usage - Logging to S3\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.ivschat.LoggingConfiguration;\nimport com.pulumi.aws.ivschat.LoggingConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationArgs;\nimport com.pulumi.aws.ivschat.inputs.LoggingConfigurationDestinationConfigurationS3Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucketName(\"tf-ivschat-logging\")\n .forceDestroy(true)\n .build());\n\n var exampleLoggingConfiguration = new LoggingConfiguration(\"exampleLoggingConfiguration\", LoggingConfigurationArgs.builder() \n .destinationConfiguration(LoggingConfigurationDestinationConfigurationArgs.builder()\n .s3(LoggingConfigurationDestinationConfigurationS3Args.builder()\n .bucketName(example.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucketName: tf-ivschat-logging\n forceDestroy: true\n exampleLoggingConfiguration:\n type: aws:ivschat:LoggingConfiguration\n name: example\n properties:\n destinationConfiguration:\n s3:\n bucketName: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IVS (Interactive Video) Chat Logging Configuration using the ARN. For example:\n\n```sh\n$ pulumi import aws:ivschat/loggingConfiguration:LoggingConfiguration example arn:aws:ivschat:us-west-2:326937407773:logging-configuration/MMUQc8wcqZmC\n```\n", "properties": { "arn": { "type": "string", @@ -261445,7 +261445,7 @@ } }, "aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream": { - "description": "Provides a Kinesis Firehose Delivery Stream resource. Amazon Kinesis Firehose is a fully managed, elastic service to easily deliver real-time data streams to destinations such as Amazon S3 and Amazon Redshift.\n\nFor more details, see the [Amazon Kinesis Firehose Documentation](https://aws.amazon.com/documentation/firehose/).\n\n## Example Usage\n\n### Extended S3 Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"tf-test-bucket\"});\nconst firehoseAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseRole = new aws.iam.Role(\"firehose_role\", {\n name: \"firehose_test_role\",\n assumeRolePolicy: firehoseAssumeRole.then(firehoseAssumeRole =\u003e firehoseAssumeRole.json),\n});\nconst lambdaAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst lambdaIam = new aws.iam.Role(\"lambda_iam\", {\n name: \"lambda_iam\",\n assumeRolePolicy: lambdaAssumeRole.then(lambdaAssumeRole =\u003e lambdaAssumeRole.json),\n});\nconst lambdaProcessor = new aws.lambda.Function(\"lambda_processor\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"firehose_lambda_processor\",\n role: lambdaIam.arn,\n handler: \"exports.handler\",\n runtime: \"nodejs16.x\",\n});\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: pulumi.interpolate`${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"tf-test-bucket\")\nfirehose_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfirehose_role = aws.iam.Role(\"firehose_role\",\n name=\"firehose_test_role\",\n assume_role_policy=firehose_assume_role.json)\nlambda_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nlambda_iam = aws.iam.Role(\"lambda_iam\",\n name=\"lambda_iam\",\n assume_role_policy=lambda_assume_role.json)\nlambda_processor = aws.lambda_.Function(\"lambda_processor\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"firehose_lambda_processor\",\n role=lambda_iam.arn,\n handler=\"exports.handler\",\n runtime=\"nodejs16.x\")\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role.arn,\n bucket_arn=bucket.arn,\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=lambda_processor.arn.apply(lambda arn: f\"{arn}:$LATEST\"),\n )],\n )],\n ),\n ))\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"tf-test-bucket\",\n });\n\n var firehoseAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseRole = new Aws.Iam.Role(\"firehose_role\", new()\n {\n Name = \"firehose_test_role\",\n AssumeRolePolicy = firehoseAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var lambdaIam = new Aws.Iam.Role(\"lambda_iam\", new()\n {\n Name = \"lambda_iam\",\n AssumeRolePolicy = lambdaAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaProcessor = new Aws.Lambda.Function(\"lambda_processor\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"firehose_lambda_processor\",\n Role = lambdaIam.Arn,\n Handler = \"exports.handler\",\n Runtime = \"nodejs16.x\",\n });\n\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = lambdaProcessor.Arn.Apply(arn =\u003e $\"{arn}:$LATEST\"),\n },\n },\n },\n },\n },\n },\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehose_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_test_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(firehoseAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaIam, err := iam.NewRole(ctx, \"lambda_iam\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"lambda_iam\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(lambdaAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaProcessor, err := lambda.NewFunction(ctx, \"lambda_processor\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"firehose_lambda_processor\"),\n\t\t\tRole: lambdaIam.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(\"nodejs16.x\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: lambdaProcessor.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:$LATEST\", arn), nil\n\t\t\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket\")\n .build());\n\n final var firehoseAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseRole = new Role(\"firehoseRole\", RoleArgs.builder() \n .name(\"firehose_test_role\")\n .assumeRolePolicy(firehoseAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambdaAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var lambdaIam = new Role(\"lambdaIam\", RoleArgs.builder() \n .name(\"lambda_iam\")\n .assumeRolePolicy(lambdaAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaProcessor = new Function(\"lambdaProcessor\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda.zip\"))\n .name(\"firehose_lambda_processor\")\n .role(lambdaIam.arn())\n .handler(\"exports.handler\")\n .runtime(\"nodejs16.x\")\n .build());\n\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(lambdaProcessor.arn().applyValue(arn -\u003e String.format(\"%s:$LATEST\", arn)))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder() \n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseRole:\n type: aws:iam:Role\n name: firehose_role\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${firehoseAssumeRole.json}\n lambdaIam:\n type: aws:iam:Role\n name: lambda_iam\n properties:\n name: lambda_iam\n assumeRolePolicy: ${lambdaAssumeRole.json}\n lambdaProcessor:\n type: aws:lambda:Function\n name: lambda_processor\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: firehose_lambda_processor\n role: ${lambdaIam.arn}\n handler: exports.handler\n runtime: nodejs16.x\nvariables:\n firehoseAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n lambdaAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Extended S3 Destination with dynamic partitioning\n\nThese examples use built-in Firehose functionality, rather than requiring a lambda.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [\n {\n type: \"RecordDeAggregation\",\n parameters: [{\n parameterName: \"SubRecordType\",\n parameterValue: \"JSON\",\n }],\n },\n {\n type: \"AppendDelimiterToRecord\",\n },\n {\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{customer_id:.customer_id}\",\n },\n ],\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=64,\n dynamic_partitioning_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs(\n enabled=True,\n ),\n prefix=\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n error_output_prefix=\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"RecordDeAggregation\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"SubRecordType\",\n parameter_value=\"JSON\",\n )],\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"AppendDelimiterToRecord\",\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"MetadataExtraction\",\n parameters=[\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"JsonParsingEngine\",\n parameter_value=\"JQ-1.6\",\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"MetadataExtractionQuery\",\n parameter_value=\"{customer_id:.customer_id}\",\n ),\n ],\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"RecordDeAggregation\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"SubRecordType\",\n ParameterValue = \"JSON\",\n },\n },\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"AppendDelimiterToRecord\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"RecordDeAggregation\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"SubRecordType\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JSON\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AppendDelimiterToRecord\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"RecordDeAggregation\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"SubRecordType\")\n .parameterValue(\"JSON\")\n .build())\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"AppendDelimiterToRecord\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: RecordDeAggregation\n parameters:\n - parameterName: SubRecordType\n parameterValue: JSON\n - type: AppendDelimiterToRecord\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nMultiple Dynamic Partitioning Keys (maximum of 50) can be added by comma separating the `parameter_value`.\n\nThe following example adds the Dynamic Partitioning Keys: `store_id` and `customer_id` to the S3 prefix.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n ],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=64,\n dynamic_partitioning_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs(\n enabled=True,\n ),\n prefix=\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n error_output_prefix=\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"MetadataExtraction\",\n parameters=[\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"JsonParsingEngine\",\n parameter_value=\"JQ-1.6\",\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"MetadataExtractionQuery\",\n parameter_value=\"{store_id:.store_id,customer_id:.customer_id}\",\n ),\n ],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{store_id:.store_id,customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{store_id:.store_id,customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{store_id:.store_id,customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Redshift Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.redshift.Cluster(\"test_cluster\", {\n clusterIdentifier: \"tf-redshift-cluster\",\n databaseName: \"test\",\n masterUsername: \"testuser\",\n masterPassword: \"T3stPass\",\n nodeType: \"dc1.large\",\n clusterType: \"single-node\",\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"redshift\",\n redshiftConfiguration: {\n roleArn: firehoseRole.arn,\n clusterJdbcurl: pulumi.interpolate`jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}`,\n username: \"testuser\",\n password: \"T3stPass\",\n dataTableName: \"test-table\",\n copyOptions: \"delimiter '|'\",\n dataTableColumns: \"test-col\",\n s3BackupMode: \"Enabled\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n s3BackupConfiguration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 15,\n bufferingInterval: 300,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.redshift.Cluster(\"test_cluster\",\n cluster_identifier=\"tf-redshift-cluster\",\n database_name=\"test\",\n master_username=\"testuser\",\n master_password=\"T3stPass\",\n node_type=\"dc1.large\",\n cluster_type=\"single-node\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"redshift\",\n redshift_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n cluster_jdbcurl=pulumi.Output.all(test_cluster.endpoint, test_cluster.database_name).apply(lambda endpoint, database_name: f\"jdbc:redshift://{endpoint}/{database_name}\"),\n username=\"testuser\",\n password=\"T3stPass\",\n data_table_name=\"test-table\",\n copy_options=\"delimiter '|'\",\n data_table_columns=\"test-col\",\n s3_backup_mode=\"Enabled\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n s3_backup_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=15,\n buffering_interval=300,\n compression_format=\"GZIP\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.RedShift.Cluster(\"test_cluster\", new()\n {\n ClusterIdentifier = \"tf-redshift-cluster\",\n DatabaseName = \"test\",\n MasterUsername = \"testuser\",\n MasterPassword = \"T3stPass\",\n NodeType = \"dc1.large\",\n ClusterType = \"single-node\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"redshift\",\n RedshiftConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n ClusterJdbcurl = Output.Tuple(testCluster.Endpoint, testCluster.DatabaseName).Apply(values =\u003e\n {\n var endpoint = values.Item1;\n var databaseName = values.Item2;\n return $\"jdbc:redshift://{endpoint}/{databaseName}\";\n }),\n Username = \"testuser\",\n Password = \"T3stPass\",\n DataTableName = \"test-table\",\n CopyOptions = \"delimiter '|'\",\n DataTableColumns = \"test-col\",\n S3BackupMode = \"Enabled\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n S3BackupConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 15,\n BufferingInterval = 300,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := redshift.NewCluster(ctx, \"test_cluster\", \u0026redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift-cluster\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tMasterUsername: pulumi.String(\"testuser\"),\n\t\t\tMasterPassword: pulumi.String(\"T3stPass\"),\n\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\tClusterType: pulumi.String(\"single-node\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"redshift\"),\n\t\t\tRedshiftConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tClusterJdbcurl: pulumi.All(testCluster.Endpoint, testCluster.DatabaseName).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tendpoint := _args[0].(string)\n\t\t\t\t\tdatabaseName := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"jdbc:redshift://%v/%v\", endpoint, databaseName), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tUsername: pulumi.String(\"testuser\"),\n\t\t\t\tPassword: pulumi.String(\"T3stPass\"),\n\t\t\t\tDataTableName: pulumi.String(\"test-table\"),\n\t\t\t\tCopyOptions: pulumi.String(\"delimiter '|'\"),\n\t\t\t\tDataTableColumns: pulumi.String(\"test-col\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"Enabled\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tS3BackupConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\t\tBufferingInterval: pulumi.Int(300),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.redshift.Cluster;\nimport com.pulumi.aws.redshift.ClusterArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Cluster(\"testCluster\", ClusterArgs.builder() \n .clusterIdentifier(\"tf-redshift-cluster\")\n .databaseName(\"test\")\n .masterUsername(\"testuser\")\n .masterPassword(\"T3stPass\")\n .nodeType(\"dc1.large\")\n .clusterType(\"single-node\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"redshift\")\n .redshiftConfiguration(FirehoseDeliveryStreamRedshiftConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .clusterJdbcurl(Output.tuple(testCluster.endpoint(), testCluster.databaseName()).applyValue(values -\u003e {\n var endpoint = values.t1;\n var databaseName = values.t2;\n return String.format(\"jdbc:redshift://%s/%s\", endpoint,databaseName);\n }))\n .username(\"testuser\")\n .password(\"T3stPass\")\n .dataTableName(\"test-table\")\n .copyOptions(\"delimiter '|'\")\n .dataTableColumns(\"test-col\")\n .s3BackupMode(\"Enabled\")\n .s3Configuration(FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .s3BackupConfiguration(FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(15)\n .bufferingInterval(300)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:redshift:Cluster\n name: test_cluster\n properties:\n clusterIdentifier: tf-redshift-cluster\n databaseName: test\n masterUsername: testuser\n masterPassword: T3stPass\n nodeType: dc1.large\n clusterType: single-node\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: redshift\n redshiftConfiguration:\n roleArn: ${firehoseRole.arn}\n clusterJdbcurl: jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}\n username: testuser\n password: T3stPass\n dataTableName: test-table\n copyOptions: delimiter '|'\n dataTableColumns: test-col\n s3BackupMode: Enabled\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n s3BackupConfiguration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 15\n bufferingInterval: 300\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {domainName: \"firehose-es-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\", domain_name=\"firehose-es-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"elasticsearch\",\n elasticsearch_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose_role[\"arn\"],\n index_name=\"test\",\n type_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=f\"{lambda_processor['arn']}:$LATEST\",\n )],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-es-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-es-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(fmt.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn)),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"firehose-es-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-es-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"t2.small.elasticsearch\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose-elasticsearch = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"es:*\"],\n resources: [\n testCluster.arn,\n pulumi.interpolate`${testCluster.arn}/*`,\n ],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n resources: [\"*\"],\n },\n ],\n});\nconst firehose_elasticsearchRolePolicy = new aws.iam.RolePolicy(\"firehose-elasticsearch\", {\n name: \"elasticsearch\",\n role: firehose.id,\n policy: firehose_elasticsearch.apply(firehose_elasticsearch =\u003e firehose_elasticsearch.json),\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"kinesis-firehose-es\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_count=2,\n zone_awareness_enabled=True,\n instance_type=\"t2.small.elasticsearch\",\n ),\n ebs_options=aws.elasticsearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n security_group_ids=[first[\"id\"]],\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n ))\nfirehose_elasticsearch = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"es:*\"],\n resources=[\n test_cluster.arn,\n test_cluster.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n resources=[\"*\"],\n ),\n])\nfirehose_elasticsearch_role_policy = aws.iam.RolePolicy(\"firehose-elasticsearch\",\n name=\"elasticsearch\",\n role=firehose[\"id\"],\n policy=firehose_elasticsearch.json)\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"kinesis-firehose-es\",\n destination=\"elasticsearch\",\n elasticsearch_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose[\"arn\"],\n index_name=\"test\",\n type_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n ),\n vpc_config=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs(\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n security_group_ids=[first[\"id\"]],\n role_arn=firehose[\"arn\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"t2.small.elasticsearch\",\n },\n EbsOptions = new Aws.ElasticSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_elasticsearch = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n testCluster.Arn,\n $\"{testCluster.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var firehose_elasticsearchRolePolicy = new Aws.Iam.RolePolicy(\"firehose-elasticsearch\", new()\n {\n Name = \"elasticsearch\",\n Role = firehose.Id,\n Policy = firehose_elasticsearch.Apply(firehose_elasticsearch =\u003e firehose_elasticsearch.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"kinesis-firehose-es\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"t2.small.elasticsearch\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026elasticsearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehose_elasticsearch := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"es:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ttestCluster.Arn,\n\t\t\t\t\t\ttestCluster.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcs\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcAttribute\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSubnets\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSecurityGroups\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeNetworkInterfaces\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterface\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterfacePermission\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DeleteNetworkInterface\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-elasticsearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"elasticsearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: firehose_elasticsearch.ApplyT(func(firehose_elasticsearch iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026firehose_elasticsearch.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-es\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"t2.small.elasticsearch\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n final var firehose-elasticsearch = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"es:*\")\n .resources( \n testCluster.arn(),\n testCluster.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\")\n .resources(\"*\")\n .build())\n .build());\n\n var firehose_elasticsearchRolePolicy = new RolePolicy(\"firehose-elasticsearchRolePolicy\", RolePolicyArgs.builder() \n .name(\"elasticsearch\")\n .role(firehose.id())\n .policy(firehose_elasticsearch.applyValue(firehose_elasticsearch -\u003e firehose_elasticsearch.json()))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-es\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: t2.small.elasticsearch\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-elasticsearchRolePolicy:\n type: aws:iam:RolePolicy\n name: firehose-elasticsearch\n properties:\n name: elasticsearch\n role: ${firehose.id}\n policy: ${[\"firehose-elasticsearch\"].json}\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: kinesis-firehose-es\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\nvariables:\n firehose-elasticsearch:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - es:*\n resources:\n - ${testCluster.arn}\n - ${testCluster.arn}/*\n - effect: Allow\n actions:\n - ec2:DescribeVpcs\n - ec2:DescribeVpcAttribute\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeNetworkInterfaces\n - ec2:CreateNetworkInterface\n - ec2:CreateNetworkInterfacePermission\n - ec2:DeleteNetworkInterface\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {domainName: \"firehose-os-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\", domain_name=\"firehose-os-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearch\",\n opensearch_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose_role[\"arn\"],\n index_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=f\"{lambda_processor['arn']}:$LATEST\",\n )],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-os-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-os-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(fmt.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn)),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"firehose-os-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-os-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"m4.large.search\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose_opensearch = new aws.iam.RolePolicy(\"firehose-opensearch\", {\n name: \"opensearch\",\n role: firehose.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`,\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"pulumi-kinesis-firehose-os\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_count=2,\n zone_awareness_enabled=True,\n instance_type=\"m4.large.search\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n security_group_ids=[first[\"id\"]],\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n ))\nfirehose_opensearch = aws.iam.RolePolicy(\"firehose-opensearch\",\n name=\"opensearch\",\n role=firehose[\"id\"],\n policy=pulumi.Output.all(test_cluster.arn, test_cluster.arn).apply(lambda testClusterArn, testClusterArn1: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"{test_cluster_arn}\",\n \"{test_cluster_arn1}/*\"\n ]\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }}\n ]\n}}\n\"\"\"))\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"pulumi-kinesis-firehose-os\",\n destination=\"opensearch\",\n opensearch_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose[\"arn\"],\n index_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n ),\n vpc_config=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs(\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n security_group_ids=[first[\"id\"]],\n role_arn=firehose[\"arn\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"m4.large.search\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_opensearch = new Aws.Iam.RolePolicy(\"firehose-opensearch\", new()\n {\n Name = \"opensearch\",\n Role = firehose.Id,\n Policy = Output.Tuple(testCluster.Arn, testCluster.Arn).Apply(values =\u003e\n {\n var testClusterArn = values.Item1;\n var testClusterArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"es:*\"\"\n ],\n \"\"Resource\"\": [\n \"\"{testClusterArn}\"\",\n \"\"{testClusterArn1}/*\"\"\n ]\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:DescribeVpcs\"\",\n \"\"ec2:DescribeVpcAttribute\"\",\n \"\"ec2:DescribeSubnets\"\",\n \"\"ec2:DescribeSecurityGroups\"\",\n \"\"ec2:DescribeNetworkInterfaces\"\",\n \"\"ec2:CreateNetworkInterface\"\",\n \"\"ec2:CreateNetworkInterfacePermission\"\",\n \"\"ec2:DeleteNetworkInterface\"\"\n ],\n \"\"Resource\"\": [\n \"\"*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"pulumi-kinesis-firehose-os\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"m4.large.search\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-opensearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"opensearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: pulumi.All(testCluster.Arn, testCluster.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\ttestClusterArn := _args[0].(string)\n\t\t\t\ttestClusterArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%v\",\n \"%v/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`, testClusterArn, testClusterArn1), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"pulumi-kinesis-firehose-os\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"m4.large.search\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n var firehose_opensearch = new RolePolicy(\"firehose-opensearch\", RolePolicyArgs.builder() \n .name(\"opensearch\")\n .role(firehose.id())\n .policy(Output.tuple(testCluster.arn(), testCluster.arn()).applyValue(values -\u003e {\n var testClusterArn = values.t1;\n var testClusterArn1 = values.t2;\n return \"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%s\",\n \"%s/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n\", testClusterArn,testClusterArn1);\n }))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder() \n .name(\"pulumi-kinesis-firehose-os\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: m4.large.search\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-opensearch:\n type: aws:iam:RolePolicy\n properties:\n name: opensearch\n role: ${firehose.id}\n policy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n }\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: pulumi-kinesis-firehose-os\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Serverless Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCollection = new aws.opensearch.ServerlessCollection(\"test_collection\", {name: \"firehose-osserverless-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearchserverless\",\n opensearchserverlessConfiguration: {\n collectionEndpoint: testCollection.collectionEndpoint,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_collection = aws.opensearch.ServerlessCollection(\"test_collection\", name=\"firehose-osserverless-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearchserverless\",\n opensearchserverless_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs(\n collection_endpoint=test_collection.collection_endpoint,\n role_arn=firehose_role[\"arn\"],\n index_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=f\"{lambda_processor['arn']}:$LATEST\",\n )],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCollection = new Aws.OpenSearch.ServerlessCollection(\"test_collection\", new()\n {\n Name = \"firehose-osserverless-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearchserverless\",\n OpensearchserverlessConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs\n {\n CollectionEndpoint = testCollection.CollectionEndpoint,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCollection, err := opensearch.NewServerlessCollection(ctx, \"test_collection\", \u0026opensearch.ServerlessCollectionArgs{\n\t\t\tName: pulumi.String(\"firehose-osserverless-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearchserverless\"),\n\t\t\tOpensearchserverlessConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs{\n\t\t\t\tCollectionEndpoint: testCollection.CollectionEndpoint,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(fmt.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn)),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.ServerlessCollection;\nimport com.pulumi.aws.opensearch.ServerlessCollectionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCollection = new ServerlessCollection(\"testCollection\", ServerlessCollectionArgs.builder() \n .name(\"firehose-osserverless-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearchserverless\")\n .opensearchserverlessConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs.builder()\n .collectionEndpoint(testCollection.collectionEndpoint())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCollection:\n type: aws:opensearch:ServerlessCollection\n name: test_collection\n properties:\n name: firehose-osserverless-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearchserverless\n opensearchserverlessConfiguration:\n collectionEndpoint: ${testCollection.collectionEndpoint}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Splunk Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"splunk\",\n splunkConfiguration: {\n hecEndpoint: \"https://http-inputs-mydomain.splunkcloud.com:443\",\n hecToken: \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hecAcknowledgmentTimeout: 600,\n hecEndpointType: \"Event\",\n s3BackupMode: \"FailedEventsOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"splunk\",\n splunk_configuration=aws.kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs(\n hec_endpoint=\"https://http-inputs-mydomain.splunkcloud.com:443\",\n hec_token=\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hec_acknowledgment_timeout=600,\n hec_endpoint_type=\"Event\",\n s3_backup_mode=\"FailedEventsOnly\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"splunk\",\n SplunkConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationArgs\n {\n HecEndpoint = \"https://http-inputs-mydomain.splunkcloud.com:443\",\n HecToken = \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n HecAcknowledgmentTimeout = 600,\n HecEndpointType = \"Event\",\n S3BackupMode = \"FailedEventsOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"splunk\"),\n\t\t\tSplunkConfiguration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs{\n\t\t\t\tHecEndpoint: pulumi.String(\"https://http-inputs-mydomain.splunkcloud.com:443\"),\n\t\t\t\tHecToken: pulumi.String(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\"),\n\t\t\t\tHecAcknowledgmentTimeout: pulumi.Int(600),\n\t\t\t\tHecEndpointType: pulumi.String(\"Event\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedEventsOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"splunk\")\n .splunkConfiguration(FirehoseDeliveryStreamSplunkConfigurationArgs.builder()\n .hecEndpoint(\"https://http-inputs-mydomain.splunkcloud.com:443\")\n .hecToken(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\")\n .hecAcknowledgmentTimeout(600)\n .hecEndpointType(\"Event\")\n .s3BackupMode(\"FailedEventsOnly\")\n .s3Configuration(FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: splunk\n splunkConfiguration:\n hecEndpoint: https://http-inputs-mydomain.splunkcloud.com:443\n hecToken: 51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\n hecAcknowledgmentTimeout: 600\n hecEndpointType: Event\n s3BackupMode: FailedEventsOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### HTTP Endpoint (e.g., New Relic) Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"http_endpoint\",\n httpEndpointConfiguration: {\n url: \"https://aws-api.newrelic.com/firehose/v1\",\n name: \"New Relic\",\n accessKey: \"my-key\",\n bufferingSize: 15,\n bufferingInterval: 600,\n roleArn: firehose.arn,\n s3BackupMode: \"FailedDataOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n requestConfiguration: {\n contentEncoding: \"GZIP\",\n commonAttributes: [\n {\n name: \"testname\",\n value: \"testvalue\",\n },\n {\n name: \"testname2\",\n value: \"testvalue2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"http_endpoint\",\n http_endpoint_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs(\n url=\"https://aws-api.newrelic.com/firehose/v1\",\n name=\"New Relic\",\n access_key=\"my-key\",\n buffering_size=15,\n buffering_interval=600,\n role_arn=firehose[\"arn\"],\n s3_backup_mode=\"FailedDataOnly\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n request_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs(\n content_encoding=\"GZIP\",\n common_attributes=[\n aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs(\n name=\"testname\",\n value=\"testvalue\",\n ),\n aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs(\n name=\"testname2\",\n value=\"testvalue2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"http_endpoint\",\n HttpEndpointConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs\n {\n Url = \"https://aws-api.newrelic.com/firehose/v1\",\n Name = \"New Relic\",\n AccessKey = \"my-key\",\n BufferingSize = 15,\n BufferingInterval = 600,\n RoleArn = firehose.Arn,\n S3BackupMode = \"FailedDataOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n RequestConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs\n {\n ContentEncoding = \"GZIP\",\n CommonAttributes = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname\",\n Value = \"testvalue\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname2\",\n Value = \"testvalue2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"http_endpoint\"),\n\t\t\tHttpEndpointConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs{\n\t\t\t\tUrl: pulumi.String(\"https://aws-api.newrelic.com/firehose/v1\"),\n\t\t\t\tName: pulumi.String(\"New Relic\"),\n\t\t\t\tAccessKey: pulumi.String(\"my-key\"),\n\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\tBufferingInterval: pulumi.Int(600),\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedDataOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tRequestConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs{\n\t\t\t\t\tContentEncoding: pulumi.String(\"GZIP\"),\n\t\t\t\t\tCommonAttributes: kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname2\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"http_endpoint\")\n .httpEndpointConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationArgs.builder()\n .url(\"https://aws-api.newrelic.com/firehose/v1\")\n .name(\"New Relic\")\n .accessKey(\"my-key\")\n .bufferingSize(15)\n .bufferingInterval(600)\n .roleArn(firehose.arn())\n .s3BackupMode(\"FailedDataOnly\")\n .s3Configuration(FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .requestConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs.builder()\n .contentEncoding(\"GZIP\")\n .commonAttributes( \n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname\")\n .value(\"testvalue\")\n .build(),\n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname2\")\n .value(\"testvalue2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: http_endpoint\n httpEndpointConfiguration:\n url: https://aws-api.newrelic.com/firehose/v1\n name: New Relic\n accessKey: my-key\n bufferingSize: 15\n bufferingInterval: 600\n roleArn: ${firehose.arn}\n s3BackupMode: FailedDataOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n requestConfiguration:\n contentEncoding: GZIP\n commonAttributes:\n - name: testname\n value: testvalue\n - name: testname2\n value: testvalue2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Kinesis Firehose Delivery streams using the stream ARN. For example:\n\n```sh\n$ pulumi import aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream foo arn:aws:firehose:us-east-1:XXX:deliverystream/example\n```\nNote: Import does not work for stream destination `s3`. Consider using `extended_s3` since `s3` destination is deprecated.\n\n", + "description": "Provides a Kinesis Firehose Delivery Stream resource. Amazon Kinesis Firehose is a fully managed, elastic service to easily deliver real-time data streams to destinations such as Amazon S3 and Amazon Redshift.\n\nFor more details, see the [Amazon Kinesis Firehose Documentation](https://aws.amazon.com/documentation/firehose/).\n\n## Example Usage\n\n### Extended S3 Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"tf-test-bucket\"});\nconst firehoseAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseRole = new aws.iam.Role(\"firehose_role\", {\n name: \"firehose_test_role\",\n assumeRolePolicy: firehoseAssumeRole.then(firehoseAssumeRole =\u003e firehoseAssumeRole.json),\n});\nconst lambdaAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst lambdaIam = new aws.iam.Role(\"lambda_iam\", {\n name: \"lambda_iam\",\n assumeRolePolicy: lambdaAssumeRole.then(lambdaAssumeRole =\u003e lambdaAssumeRole.json),\n});\nconst lambdaProcessor = new aws.lambda.Function(\"lambda_processor\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"firehose_lambda_processor\",\n role: lambdaIam.arn,\n handler: \"exports.handler\",\n runtime: aws.lambda.Runtime.NodeJS16dX,\n});\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: pulumi.interpolate`${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"tf-test-bucket\")\nfirehose_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfirehose_role = aws.iam.Role(\"firehose_role\",\n name=\"firehose_test_role\",\n assume_role_policy=firehose_assume_role.json)\nlambda_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nlambda_iam = aws.iam.Role(\"lambda_iam\",\n name=\"lambda_iam\",\n assume_role_policy=lambda_assume_role.json)\nlambda_processor = aws.lambda_.Function(\"lambda_processor\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"firehose_lambda_processor\",\n role=lambda_iam.arn,\n handler=\"exports.handler\",\n runtime=aws.lambda_.Runtime.NODE_JS16D_X)\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role.arn,\n bucket_arn=bucket.arn,\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=lambda_processor.arn.apply(lambda arn: f\"{arn}:$LATEST\"),\n )],\n )],\n ),\n ))\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"tf-test-bucket\",\n });\n\n var firehoseAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseRole = new Aws.Iam.Role(\"firehose_role\", new()\n {\n Name = \"firehose_test_role\",\n AssumeRolePolicy = firehoseAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var lambdaIam = new Aws.Iam.Role(\"lambda_iam\", new()\n {\n Name = \"lambda_iam\",\n AssumeRolePolicy = lambdaAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaProcessor = new Aws.Lambda.Function(\"lambda_processor\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"firehose_lambda_processor\",\n Role = lambdaIam.Arn,\n Handler = \"exports.handler\",\n Runtime = Aws.Lambda.Runtime.NodeJS16dX,\n });\n\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = lambdaProcessor.Arn.Apply(arn =\u003e $\"{arn}:$LATEST\"),\n },\n },\n },\n },\n },\n },\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehose_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(firehoseAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaIam, err := iam.NewRole(ctx, \"lambda_iam\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"lambda_iam\"),\n\t\t\tAssumeRolePolicy: pulumi.String(lambdaAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaProcessor, err := lambda.NewFunction(ctx, \"lambda_processor\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"firehose_lambda_processor\"),\n\t\t\tRole: lambdaIam.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeNodeJS16dX),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: lambdaProcessor.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:$LATEST\", arn), nil\n\t\t\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket\")\n .build());\n\n final var firehoseAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseRole = new Role(\"firehoseRole\", RoleArgs.builder() \n .name(\"firehose_test_role\")\n .assumeRolePolicy(firehoseAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambdaAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var lambdaIam = new Role(\"lambdaIam\", RoleArgs.builder() \n .name(\"lambda_iam\")\n .assumeRolePolicy(lambdaAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaProcessor = new Function(\"lambdaProcessor\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda.zip\"))\n .name(\"firehose_lambda_processor\")\n .role(lambdaIam.arn())\n .handler(\"exports.handler\")\n .runtime(\"nodejs16.x\")\n .build());\n\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(lambdaProcessor.arn().applyValue(arn -\u003e String.format(\"%s:$LATEST\", arn)))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder() \n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseRole:\n type: aws:iam:Role\n name: firehose_role\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${firehoseAssumeRole.json}\n lambdaIam:\n type: aws:iam:Role\n name: lambda_iam\n properties:\n name: lambda_iam\n assumeRolePolicy: ${lambdaAssumeRole.json}\n lambdaProcessor:\n type: aws:lambda:Function\n name: lambda_processor\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: firehose_lambda_processor\n role: ${lambdaIam.arn}\n handler: exports.handler\n runtime: nodejs16.x\nvariables:\n firehoseAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n lambdaAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Extended S3 Destination with dynamic partitioning\n\nThese examples use built-in Firehose functionality, rather than requiring a lambda.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [\n {\n type: \"RecordDeAggregation\",\n parameters: [{\n parameterName: \"SubRecordType\",\n parameterValue: \"JSON\",\n }],\n },\n {\n type: \"AppendDelimiterToRecord\",\n },\n {\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{customer_id:.customer_id}\",\n },\n ],\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=64,\n dynamic_partitioning_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs(\n enabled=True,\n ),\n prefix=\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n error_output_prefix=\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"RecordDeAggregation\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"SubRecordType\",\n parameter_value=\"JSON\",\n )],\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"AppendDelimiterToRecord\",\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"MetadataExtraction\",\n parameters=[\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"JsonParsingEngine\",\n parameter_value=\"JQ-1.6\",\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"MetadataExtractionQuery\",\n parameter_value=\"{customer_id:.customer_id}\",\n ),\n ],\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"RecordDeAggregation\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"SubRecordType\",\n ParameterValue = \"JSON\",\n },\n },\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"AppendDelimiterToRecord\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"RecordDeAggregation\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"SubRecordType\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JSON\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AppendDelimiterToRecord\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"RecordDeAggregation\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"SubRecordType\")\n .parameterValue(\"JSON\")\n .build())\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"AppendDelimiterToRecord\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: RecordDeAggregation\n parameters:\n - parameterName: SubRecordType\n parameterValue: JSON\n - type: AppendDelimiterToRecord\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nMultiple Dynamic Partitioning Keys (maximum of 50) can be added by comma separating the `parameter_value`.\n\nThe following example adds the Dynamic Partitioning Keys: `store_id` and `customer_id` to the S3 prefix.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n ],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=64,\n dynamic_partitioning_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs(\n enabled=True,\n ),\n prefix=\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n error_output_prefix=\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"MetadataExtraction\",\n parameters=[\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"JsonParsingEngine\",\n parameter_value=\"JQ-1.6\",\n ),\n aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"MetadataExtractionQuery\",\n parameter_value=\"{store_id:.store_id,customer_id:.customer_id}\",\n ),\n ],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{store_id:.store_id,customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{store_id:.store_id,customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{store_id:.store_id,customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Redshift Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.redshift.Cluster(\"test_cluster\", {\n clusterIdentifier: \"tf-redshift-cluster\",\n databaseName: \"test\",\n masterUsername: \"testuser\",\n masterPassword: \"T3stPass\",\n nodeType: \"dc1.large\",\n clusterType: \"single-node\",\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"redshift\",\n redshiftConfiguration: {\n roleArn: firehoseRole.arn,\n clusterJdbcurl: pulumi.interpolate`jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}`,\n username: \"testuser\",\n password: \"T3stPass\",\n dataTableName: \"test-table\",\n copyOptions: \"delimiter '|'\",\n dataTableColumns: \"test-col\",\n s3BackupMode: \"Enabled\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n s3BackupConfiguration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 15,\n bufferingInterval: 300,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.redshift.Cluster(\"test_cluster\",\n cluster_identifier=\"tf-redshift-cluster\",\n database_name=\"test\",\n master_username=\"testuser\",\n master_password=\"T3stPass\",\n node_type=\"dc1.large\",\n cluster_type=\"single-node\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"redshift\",\n redshift_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n cluster_jdbcurl=pulumi.Output.all(test_cluster.endpoint, test_cluster.database_name).apply(lambda endpoint, database_name: f\"jdbc:redshift://{endpoint}/{database_name}\"),\n username=\"testuser\",\n password=\"T3stPass\",\n data_table_name=\"test-table\",\n copy_options=\"delimiter '|'\",\n data_table_columns=\"test-col\",\n s3_backup_mode=\"Enabled\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n s3_backup_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=15,\n buffering_interval=300,\n compression_format=\"GZIP\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.RedShift.Cluster(\"test_cluster\", new()\n {\n ClusterIdentifier = \"tf-redshift-cluster\",\n DatabaseName = \"test\",\n MasterUsername = \"testuser\",\n MasterPassword = \"T3stPass\",\n NodeType = \"dc1.large\",\n ClusterType = \"single-node\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"redshift\",\n RedshiftConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n ClusterJdbcurl = Output.Tuple(testCluster.Endpoint, testCluster.DatabaseName).Apply(values =\u003e\n {\n var endpoint = values.Item1;\n var databaseName = values.Item2;\n return $\"jdbc:redshift://{endpoint}/{databaseName}\";\n }),\n Username = \"testuser\",\n Password = \"T3stPass\",\n DataTableName = \"test-table\",\n CopyOptions = \"delimiter '|'\",\n DataTableColumns = \"test-col\",\n S3BackupMode = \"Enabled\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n S3BackupConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 15,\n BufferingInterval = 300,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := redshift.NewCluster(ctx, \"test_cluster\", \u0026redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift-cluster\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tMasterUsername: pulumi.String(\"testuser\"),\n\t\t\tMasterPassword: pulumi.String(\"T3stPass\"),\n\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\tClusterType: pulumi.String(\"single-node\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"redshift\"),\n\t\t\tRedshiftConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tClusterJdbcurl: pulumi.All(testCluster.Endpoint, testCluster.DatabaseName).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tendpoint := _args[0].(string)\n\t\t\t\t\tdatabaseName := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"jdbc:redshift://%v/%v\", endpoint, databaseName), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tUsername: pulumi.String(\"testuser\"),\n\t\t\t\tPassword: pulumi.String(\"T3stPass\"),\n\t\t\t\tDataTableName: pulumi.String(\"test-table\"),\n\t\t\t\tCopyOptions: pulumi.String(\"delimiter '|'\"),\n\t\t\t\tDataTableColumns: pulumi.String(\"test-col\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"Enabled\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tS3BackupConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\t\tBufferingInterval: pulumi.Int(300),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.redshift.Cluster;\nimport com.pulumi.aws.redshift.ClusterArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Cluster(\"testCluster\", ClusterArgs.builder() \n .clusterIdentifier(\"tf-redshift-cluster\")\n .databaseName(\"test\")\n .masterUsername(\"testuser\")\n .masterPassword(\"T3stPass\")\n .nodeType(\"dc1.large\")\n .clusterType(\"single-node\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"redshift\")\n .redshiftConfiguration(FirehoseDeliveryStreamRedshiftConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .clusterJdbcurl(Output.tuple(testCluster.endpoint(), testCluster.databaseName()).applyValue(values -\u003e {\n var endpoint = values.t1;\n var databaseName = values.t2;\n return String.format(\"jdbc:redshift://%s/%s\", endpoint,databaseName);\n }))\n .username(\"testuser\")\n .password(\"T3stPass\")\n .dataTableName(\"test-table\")\n .copyOptions(\"delimiter '|'\")\n .dataTableColumns(\"test-col\")\n .s3BackupMode(\"Enabled\")\n .s3Configuration(FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .s3BackupConfiguration(FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(15)\n .bufferingInterval(300)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:redshift:Cluster\n name: test_cluster\n properties:\n clusterIdentifier: tf-redshift-cluster\n databaseName: test\n masterUsername: testuser\n masterPassword: T3stPass\n nodeType: dc1.large\n clusterType: single-node\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: redshift\n redshiftConfiguration:\n roleArn: ${firehoseRole.arn}\n clusterJdbcurl: jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}\n username: testuser\n password: T3stPass\n dataTableName: test-table\n copyOptions: delimiter '|'\n dataTableColumns: test-col\n s3BackupMode: Enabled\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n s3BackupConfiguration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 15\n bufferingInterval: 300\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {domainName: \"firehose-es-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\", domain_name=\"firehose-es-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"elasticsearch\",\n elasticsearch_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose_role[\"arn\"],\n index_name=\"test\",\n type_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=f\"{lambda_processor['arn']}:$LATEST\",\n )],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-es-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-es-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(fmt.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn)),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"firehose-es-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-es-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"t2.small.elasticsearch\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose-elasticsearch = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"es:*\"],\n resources: [\n testCluster.arn,\n pulumi.interpolate`${testCluster.arn}/*`,\n ],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n resources: [\"*\"],\n },\n ],\n});\nconst firehose_elasticsearchRolePolicy = new aws.iam.RolePolicy(\"firehose-elasticsearch\", {\n name: \"elasticsearch\",\n role: firehose.id,\n policy: firehose_elasticsearch.apply(firehose_elasticsearch =\u003e firehose_elasticsearch.json),\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"kinesis-firehose-es\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_count=2,\n zone_awareness_enabled=True,\n instance_type=\"t2.small.elasticsearch\",\n ),\n ebs_options=aws.elasticsearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n security_group_ids=[first[\"id\"]],\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n ))\nfirehose_elasticsearch = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"es:*\"],\n resources=[\n test_cluster.arn,\n test_cluster.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n resources=[\"*\"],\n ),\n])\nfirehose_elasticsearch_role_policy = aws.iam.RolePolicy(\"firehose-elasticsearch\",\n name=\"elasticsearch\",\n role=firehose[\"id\"],\n policy=firehose_elasticsearch.json)\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"kinesis-firehose-es\",\n destination=\"elasticsearch\",\n elasticsearch_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose[\"arn\"],\n index_name=\"test\",\n type_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n ),\n vpc_config=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs(\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n security_group_ids=[first[\"id\"]],\n role_arn=firehose[\"arn\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"t2.small.elasticsearch\",\n },\n EbsOptions = new Aws.ElasticSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_elasticsearch = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n testCluster.Arn,\n $\"{testCluster.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var firehose_elasticsearchRolePolicy = new Aws.Iam.RolePolicy(\"firehose-elasticsearch\", new()\n {\n Name = \"elasticsearch\",\n Role = firehose.Id,\n Policy = firehose_elasticsearch.Apply(firehose_elasticsearch =\u003e firehose_elasticsearch.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"kinesis-firehose-es\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"t2.small.elasticsearch\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026elasticsearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehose_elasticsearch := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"es:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ttestCluster.Arn,\n\t\t\t\t\t\ttestCluster.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcs\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcAttribute\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSubnets\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSecurityGroups\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeNetworkInterfaces\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterface\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterfacePermission\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DeleteNetworkInterface\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-elasticsearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"elasticsearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: firehose_elasticsearch.ApplyT(func(firehose_elasticsearch iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026firehose_elasticsearch.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-es\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"t2.small.elasticsearch\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n final var firehose-elasticsearch = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"es:*\")\n .resources( \n testCluster.arn(),\n testCluster.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\")\n .resources(\"*\")\n .build())\n .build());\n\n var firehose_elasticsearchRolePolicy = new RolePolicy(\"firehose-elasticsearchRolePolicy\", RolePolicyArgs.builder() \n .name(\"elasticsearch\")\n .role(firehose.id())\n .policy(firehose_elasticsearch.applyValue(firehose_elasticsearch -\u003e firehose_elasticsearch.json()))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-es\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: t2.small.elasticsearch\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-elasticsearchRolePolicy:\n type: aws:iam:RolePolicy\n name: firehose-elasticsearch\n properties:\n name: elasticsearch\n role: ${firehose.id}\n policy: ${[\"firehose-elasticsearch\"].json}\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: kinesis-firehose-es\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\nvariables:\n firehose-elasticsearch:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - es:*\n resources:\n - ${testCluster.arn}\n - ${testCluster.arn}/*\n - effect: Allow\n actions:\n - ec2:DescribeVpcs\n - ec2:DescribeVpcAttribute\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeNetworkInterfaces\n - ec2:CreateNetworkInterface\n - ec2:CreateNetworkInterfacePermission\n - ec2:DeleteNetworkInterface\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {domainName: \"firehose-os-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\", domain_name=\"firehose-os-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearch\",\n opensearch_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose_role[\"arn\"],\n index_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=f\"{lambda_processor['arn']}:$LATEST\",\n )],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-os-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-os-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(fmt.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn)),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"firehose-os-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-os-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"m4.large.search\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose_opensearch = new aws.iam.RolePolicy(\"firehose-opensearch\", {\n name: \"opensearch\",\n role: firehose.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`,\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"pulumi-kinesis-firehose-os\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_count=2,\n zone_awareness_enabled=True,\n instance_type=\"m4.large.search\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n security_group_ids=[first[\"id\"]],\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n ))\nfirehose_opensearch = aws.iam.RolePolicy(\"firehose-opensearch\",\n name=\"opensearch\",\n role=firehose[\"id\"],\n policy=pulumi.Output.all(test_cluster.arn, test_cluster.arn).apply(lambda testClusterArn, testClusterArn1: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"{test_cluster_arn}\",\n \"{test_cluster_arn1}/*\"\n ]\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }}\n ]\n}}\n\"\"\"))\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"pulumi-kinesis-firehose-os\",\n destination=\"opensearch\",\n opensearch_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=firehose[\"arn\"],\n index_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n ),\n vpc_config=aws.kinesis.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs(\n subnet_ids=[\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n security_group_ids=[first[\"id\"]],\n role_arn=firehose[\"arn\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"m4.large.search\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_opensearch = new Aws.Iam.RolePolicy(\"firehose-opensearch\", new()\n {\n Name = \"opensearch\",\n Role = firehose.Id,\n Policy = Output.Tuple(testCluster.Arn, testCluster.Arn).Apply(values =\u003e\n {\n var testClusterArn = values.Item1;\n var testClusterArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"es:*\"\"\n ],\n \"\"Resource\"\": [\n \"\"{testClusterArn}\"\",\n \"\"{testClusterArn1}/*\"\"\n ]\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:DescribeVpcs\"\",\n \"\"ec2:DescribeVpcAttribute\"\",\n \"\"ec2:DescribeSubnets\"\",\n \"\"ec2:DescribeSecurityGroups\"\",\n \"\"ec2:DescribeNetworkInterfaces\"\",\n \"\"ec2:CreateNetworkInterface\"\",\n \"\"ec2:CreateNetworkInterfacePermission\"\",\n \"\"ec2:DeleteNetworkInterface\"\"\n ],\n \"\"Resource\"\": [\n \"\"*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"pulumi-kinesis-firehose-os\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"m4.large.search\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-opensearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"opensearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: pulumi.All(testCluster.Arn, testCluster.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\ttestClusterArn := _args[0].(string)\n\t\t\t\ttestClusterArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%v\",\n \"%v/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`, testClusterArn, testClusterArn1), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"pulumi-kinesis-firehose-os\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder() \n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"m4.large.search\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n var firehose_opensearch = new RolePolicy(\"firehose-opensearch\", RolePolicyArgs.builder() \n .name(\"opensearch\")\n .role(firehose.id())\n .policy(Output.tuple(testCluster.arn(), testCluster.arn()).applyValue(values -\u003e {\n var testClusterArn = values.t1;\n var testClusterArn1 = values.t2;\n return \"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%s\",\n \"%s/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n\", testClusterArn,testClusterArn1);\n }))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder() \n .name(\"pulumi-kinesis-firehose-os\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: m4.large.search\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-opensearch:\n type: aws:iam:RolePolicy\n properties:\n name: opensearch\n role: ${firehose.id}\n policy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n }\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: pulumi-kinesis-firehose-os\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Serverless Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCollection = new aws.opensearch.ServerlessCollection(\"test_collection\", {name: \"firehose-osserverless-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearchserverless\",\n opensearchserverlessConfiguration: {\n collectionEndpoint: testCollection.collectionEndpoint,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_collection = aws.opensearch.ServerlessCollection(\"test_collection\", name=\"firehose-osserverless-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearchserverless\",\n opensearchserverless_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs(\n collection_endpoint=test_collection.collection_endpoint,\n role_arn=firehose_role[\"arn\"],\n index_name=\"test\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs(\n role_arn=firehose_role[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=f\"{lambda_processor['arn']}:$LATEST\",\n )],\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCollection = new Aws.OpenSearch.ServerlessCollection(\"test_collection\", new()\n {\n Name = \"firehose-osserverless-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearchserverless\",\n OpensearchserverlessConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs\n {\n CollectionEndpoint = testCollection.CollectionEndpoint,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCollection, err := opensearch.NewServerlessCollection(ctx, \"test_collection\", \u0026opensearch.ServerlessCollectionArgs{\n\t\t\tName: pulumi.String(\"firehose-osserverless-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearchserverless\"),\n\t\t\tOpensearchserverlessConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs{\n\t\t\t\tCollectionEndpoint: testCollection.CollectionEndpoint,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(fmt.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn)),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.ServerlessCollection;\nimport com.pulumi.aws.opensearch.ServerlessCollectionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCollection = new ServerlessCollection(\"testCollection\", ServerlessCollectionArgs.builder() \n .name(\"firehose-osserverless-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearchserverless\")\n .opensearchserverlessConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs.builder()\n .collectionEndpoint(testCollection.collectionEndpoint())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCollection:\n type: aws:opensearch:ServerlessCollection\n name: test_collection\n properties:\n name: firehose-osserverless-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearchserverless\n opensearchserverlessConfiguration:\n collectionEndpoint: ${testCollection.collectionEndpoint}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Splunk Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"splunk\",\n splunkConfiguration: {\n hecEndpoint: \"https://http-inputs-mydomain.splunkcloud.com:443\",\n hecToken: \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hecAcknowledgmentTimeout: 600,\n hecEndpointType: \"Event\",\n s3BackupMode: \"FailedEventsOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"splunk\",\n splunk_configuration=aws.kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs(\n hec_endpoint=\"https://http-inputs-mydomain.splunkcloud.com:443\",\n hec_token=\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hec_acknowledgment_timeout=600,\n hec_endpoint_type=\"Event\",\n s3_backup_mode=\"FailedEventsOnly\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"splunk\",\n SplunkConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationArgs\n {\n HecEndpoint = \"https://http-inputs-mydomain.splunkcloud.com:443\",\n HecToken = \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n HecAcknowledgmentTimeout = 600,\n HecEndpointType = \"Event\",\n S3BackupMode = \"FailedEventsOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"splunk\"),\n\t\t\tSplunkConfiguration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs{\n\t\t\t\tHecEndpoint: pulumi.String(\"https://http-inputs-mydomain.splunkcloud.com:443\"),\n\t\t\t\tHecToken: pulumi.String(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\"),\n\t\t\t\tHecAcknowledgmentTimeout: pulumi.Int(600),\n\t\t\t\tHecEndpointType: pulumi.String(\"Event\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedEventsOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"splunk\")\n .splunkConfiguration(FirehoseDeliveryStreamSplunkConfigurationArgs.builder()\n .hecEndpoint(\"https://http-inputs-mydomain.splunkcloud.com:443\")\n .hecToken(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\")\n .hecAcknowledgmentTimeout(600)\n .hecEndpointType(\"Event\")\n .s3BackupMode(\"FailedEventsOnly\")\n .s3Configuration(FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: splunk\n splunkConfiguration:\n hecEndpoint: https://http-inputs-mydomain.splunkcloud.com:443\n hecToken: 51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\n hecAcknowledgmentTimeout: 600\n hecEndpointType: Event\n s3BackupMode: FailedEventsOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### HTTP Endpoint (e.g., New Relic) Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"http_endpoint\",\n httpEndpointConfiguration: {\n url: \"https://aws-api.newrelic.com/firehose/v1\",\n name: \"New Relic\",\n accessKey: \"my-key\",\n bufferingSize: 15,\n bufferingInterval: 600,\n roleArn: firehose.arn,\n s3BackupMode: \"FailedDataOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n requestConfiguration: {\n contentEncoding: \"GZIP\",\n commonAttributes: [\n {\n name: \"testname\",\n value: \"testvalue\",\n },\n {\n name: \"testname2\",\n value: \"testvalue2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"http_endpoint\",\n http_endpoint_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs(\n url=\"https://aws-api.newrelic.com/firehose/v1\",\n name=\"New Relic\",\n access_key=\"my-key\",\n buffering_size=15,\n buffering_interval=600,\n role_arn=firehose[\"arn\"],\n s3_backup_mode=\"FailedDataOnly\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs(\n role_arn=firehose[\"arn\"],\n bucket_arn=bucket[\"arn\"],\n buffering_size=10,\n buffering_interval=400,\n compression_format=\"GZIP\",\n ),\n request_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs(\n content_encoding=\"GZIP\",\n common_attributes=[\n aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs(\n name=\"testname\",\n value=\"testvalue\",\n ),\n aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs(\n name=\"testname2\",\n value=\"testvalue2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"http_endpoint\",\n HttpEndpointConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs\n {\n Url = \"https://aws-api.newrelic.com/firehose/v1\",\n Name = \"New Relic\",\n AccessKey = \"my-key\",\n BufferingSize = 15,\n BufferingInterval = 600,\n RoleArn = firehose.Arn,\n S3BackupMode = \"FailedDataOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n RequestConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs\n {\n ContentEncoding = \"GZIP\",\n CommonAttributes = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname\",\n Value = \"testvalue\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname2\",\n Value = \"testvalue2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"http_endpoint\"),\n\t\t\tHttpEndpointConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs{\n\t\t\t\tUrl: pulumi.String(\"https://aws-api.newrelic.com/firehose/v1\"),\n\t\t\t\tName: pulumi.String(\"New Relic\"),\n\t\t\t\tAccessKey: pulumi.String(\"my-key\"),\n\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\tBufferingInterval: pulumi.Int(600),\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedDataOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tRequestConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs{\n\t\t\t\t\tContentEncoding: pulumi.String(\"GZIP\"),\n\t\t\t\t\tCommonAttributes: kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname2\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-test-stream\")\n .destination(\"http_endpoint\")\n .httpEndpointConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationArgs.builder()\n .url(\"https://aws-api.newrelic.com/firehose/v1\")\n .name(\"New Relic\")\n .accessKey(\"my-key\")\n .bufferingSize(15)\n .bufferingInterval(600)\n .roleArn(firehose.arn())\n .s3BackupMode(\"FailedDataOnly\")\n .s3Configuration(FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .requestConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs.builder()\n .contentEncoding(\"GZIP\")\n .commonAttributes( \n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname\")\n .value(\"testvalue\")\n .build(),\n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname2\")\n .value(\"testvalue2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: http_endpoint\n httpEndpointConfiguration:\n url: https://aws-api.newrelic.com/firehose/v1\n name: New Relic\n accessKey: my-key\n bufferingSize: 15\n bufferingInterval: 600\n roleArn: ${firehose.arn}\n s3BackupMode: FailedDataOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n requestConfiguration:\n contentEncoding: GZIP\n commonAttributes:\n - name: testname\n value: testvalue\n - name: testname2\n value: testvalue2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Kinesis Firehose Delivery streams using the stream ARN. For example:\n\n```sh\n$ pulumi import aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream foo arn:aws:firehose:us-east-1:XXX:deliverystream/example\n```\nNote: Import does not work for stream destination `s3`. Consider using `extended_s3` since `s3` destination is deprecated.\n\n", "properties": { "arn": { "type": "string", @@ -263937,7 +263937,7 @@ } }, "aws:lakeformation/permissions:Permissions": { - "description": "Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html).\n\n!\u003e **WARNING:** Lake Formation permissions are not in effect by default within AWS. Using this resource will not secure your data and will result in errors if you do not change the security settings for existing resources and the default security settings for new resources. See Default Behavior and `IAMAllowedPrincipals` for additional details.\n\n\u003e **NOTE:** In general, the `principal` should _NOT_ be a Lake Formation administrator or the entity (e.g., IAM role) that is running the deployment. Administrators have implicit permissions. These should be managed by granting or not granting administrator rights using `aws.lakeformation.DataLakeSettings`, _not_ with this resource.\n\n## Default Behavior and `IAMAllowedPrincipals`\n\n**_Lake Formation permissions are not in effect by default within AWS._** `IAMAllowedPrincipals` (i.e., `IAM_ALLOWED_PRINCIPALS`) conflicts with individual Lake Formation permissions (i.e., non-`IAMAllowedPrincipals` permissions), will cause unexpected behavior, and may result in errors.\n\nWhen using Lake Formation, choose ONE of the following options as they are mutually exclusive:\n\n1. Use this resource (`aws.lakeformation.Permissions`), change the default security settings using `aws.lakeformation.DataLakeSettings`, and remove existing `IAMAllowedPrincipals` permissions\n2. Use `IAMAllowedPrincipals` without `aws.lakeformation.Permissions`\n\nThis example shows removing the `IAMAllowedPrincipals` default security settings and making the caller a Lake Formation admin. Since `create_database_default_permissions` and `create_table_default_permissions` are not set in the `aws.lakeformation.DataLakeSettings` resource, they are cleared.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetSessionContext = current.then(current =\u003e aws.iam.getSessionContext({\n arn: current.arn,\n}));\nconst test = new aws.lakeformation.DataLakeSettings(\"test\", {admins: [currentGetSessionContext.then(currentGetSessionContext =\u003e currentGetSessionContext.issuerArn)]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_session_context = aws.iam.get_session_context(arn=current.arn)\ntest = aws.lakeformation.DataLakeSettings(\"test\", admins=[current_get_session_context.issuer_arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetSessionContext = Aws.Iam.GetSessionContext.Invoke(new()\n {\n Arn = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n });\n\n var test = new Aws.LakeFormation.DataLakeSettings(\"test\", new()\n {\n Admins = new[]\n {\n currentGetSessionContext.Apply(getSessionContextResult =\u003e getSessionContextResult.IssuerArn),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetSessionContext, err := iam.GetSessionContext(ctx, \u0026iam.GetSessionContextArgs{\n\t\t\tArn: current.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewDataLakeSettings(ctx, \"test\", \u0026lakeformation.DataLakeSettingsArgs{\n\t\t\tAdmins: pulumi.StringArray{\n\t\t\t\t*pulumi.String(currentGetSessionContext.IssuerArn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetSessionContextArgs;\nimport com.pulumi.aws.lakeformation.DataLakeSettings;\nimport com.pulumi.aws.lakeformation.DataLakeSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetSessionContext = IamFunctions.getSessionContext(GetSessionContextArgs.builder()\n .arn(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .build());\n\n var test = new DataLakeSettings(\"test\", DataLakeSettingsArgs.builder() \n .admins(currentGetSessionContext.applyValue(getSessionContextResult -\u003e getSessionContextResult.issuerArn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:DataLakeSettings\n properties:\n admins:\n - ${currentGetSessionContext.issuerArn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetSessionContext:\n fn::invoke:\n Function: aws:iam:getSessionContext\n Arguments:\n arn: ${current.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nTo remove existing `IAMAllowedPrincipals` permissions, use the [AWS Lake Formation Console](https://console.aws.amazon.com/lakeformation/) or [AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lakeformation/batch-revoke-permissions.html).\n\n`IAMAllowedPrincipals` is a hook to maintain backwards compatibility with AWS Glue. `IAMAllowedPrincipals` is a pseudo-entity group that acts like a Lake Formation principal. The group includes any IAM users and roles that are allowed access to your Data Catalog resources by your IAM policies.\n\nThis is Lake Formation's default behavior:\n\n* Lake Formation grants `Super` permission to `IAMAllowedPrincipals` on all existing AWS Glue Data Catalog resources.\n* Lake Formation enables \"Use only IAM access control\" for new Data Catalog resources.\n\nFor more details, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html).\n\n### Problem Using `IAMAllowedPrincipals`\n\nAWS does not support combining `IAMAllowedPrincipals` permissions and non-`IAMAllowedPrincipals` permissions. Doing so results in unexpected permissions and behaviors. For example, this configuration grants a user `SELECT` on a column in a table.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.CatalogDatabase(\"example\", {name: \"sadabate\"});\nconst exampleCatalogTable = new aws.glue.CatalogTable(\"example\", {\n name: \"abelt\",\n databaseName: test.name,\n storageDescriptor: {\n columns: [{\n name: \"event\",\n type: \"string\",\n }],\n },\n});\nconst examplePermissions = new aws.lakeformation.Permissions(\"example\", {\n permissions: [\"SELECT\"],\n principal: \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n tableWithColumns: {\n databaseName: exampleCatalogTable.databaseName,\n name: exampleCatalogTable.name,\n columnNames: [\"event\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.CatalogDatabase(\"example\", name=\"sadabate\")\nexample_catalog_table = aws.glue.CatalogTable(\"example\",\n name=\"abelt\",\n database_name=test[\"name\"],\n storage_descriptor=aws.glue.CatalogTableStorageDescriptorArgs(\n columns=[aws.glue.CatalogTableStorageDescriptorColumnArgs(\n name=\"event\",\n type=\"string\",\n )],\n ))\nexample_permissions = aws.lakeformation.Permissions(\"example\",\n permissions=[\"SELECT\"],\n principal=\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n table_with_columns=aws.lakeformation.PermissionsTableWithColumnsArgs(\n database_name=example_catalog_table.database_name,\n name=example_catalog_table.name,\n column_names=[\"event\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.CatalogDatabase(\"example\", new()\n {\n Name = \"sadabate\",\n });\n\n var exampleCatalogTable = new Aws.Glue.CatalogTable(\"example\", new()\n {\n Name = \"abelt\",\n DatabaseName = test.Name,\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n Columns = new[]\n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"event\",\n Type = \"string\",\n },\n },\n },\n });\n\n var examplePermissions = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n PermissionDetails = new[]\n {\n \"SELECT\",\n },\n Principal = \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n TableWithColumns = new Aws.LakeFormation.Inputs.PermissionsTableWithColumnsArgs\n {\n DatabaseName = exampleCatalogTable.DatabaseName,\n Name = exampleCatalogTable.Name,\n ColumnNames = new[]\n {\n \"event\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCatalogDatabase(ctx, \"example\", \u0026glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"sadabate\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCatalogTable, err := glue.NewCatalogTable(ctx, \"example\", \u0026glue.CatalogTableArgs{\n\t\t\tName: pulumi.String(\"abelt\"),\n\t\t\tDatabaseName: pulumi.Any(test.Name),\n\t\t\tStorageDescriptor: \u0026glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t\u0026glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"event\"),\n\t\t\t\t\t\tType: pulumi.String(\"string\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t\tPrincipal: pulumi.String(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\"),\n\t\t\tTableWithColumns: \u0026lakeformation.PermissionsTableWithColumnsArgs{\n\t\t\t\tDatabaseName: exampleCatalogTable.DatabaseName,\n\t\t\t\tName: exampleCatalogTable.Name,\n\t\t\t\tColumnNames: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"event\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.CatalogDatabase;\nimport com.pulumi.aws.glue.CatalogDatabaseArgs;\nimport com.pulumi.aws.glue.CatalogTable;\nimport com.pulumi.aws.glue.CatalogTableArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableStorageDescriptorArgs;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsTableWithColumnsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CatalogDatabase(\"example\", CatalogDatabaseArgs.builder() \n .name(\"sadabate\")\n .build());\n\n var exampleCatalogTable = new CatalogTable(\"exampleCatalogTable\", CatalogTableArgs.builder() \n .name(\"abelt\")\n .databaseName(test.name())\n .storageDescriptor(CatalogTableStorageDescriptorArgs.builder()\n .columns(CatalogTableStorageDescriptorColumnArgs.builder()\n .name(\"event\")\n .type(\"string\")\n .build())\n .build())\n .build());\n\n var examplePermissions = new Permissions(\"examplePermissions\", PermissionsArgs.builder() \n .permissions(\"SELECT\")\n .principal(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\")\n .tableWithColumns(PermissionsTableWithColumnsArgs.builder()\n .databaseName(exampleCatalogTable.databaseName())\n .name(exampleCatalogTable.name())\n .columnNames(\"event\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:CatalogDatabase\n properties:\n name: sadabate\n exampleCatalogTable:\n type: aws:glue:CatalogTable\n name: example\n properties:\n name: abelt\n databaseName: ${test.name}\n storageDescriptor:\n columns:\n - name: event\n type: string\n examplePermissions:\n type: aws:lakeformation:Permissions\n name: example\n properties:\n permissions:\n - SELECT\n principal: arn:aws:iam:us-east-1:123456789012:user/SanHolo\n tableWithColumns:\n databaseName: ${exampleCatalogTable.databaseName}\n name: ${exampleCatalogTable.name}\n columnNames:\n - event\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe resulting permissions depend on whether the table had `IAMAllowedPrincipals` (IAP) permissions or not.\n\n| Result With IAP | Result Without IAP |\n| ---- | ---- |\n| `SELECT` column wildcard (i.e., all columns) | `SELECT` on `\"event\"` (as expected) |\n\n## Using Lake Formation Permissions\n\nLake Formation grants implicit permissions to data lake administrators, database creators, and table creators. These implicit permissions cannot be revoked _per se_. If this resource reads implicit permissions, it will attempt to revoke them, which causes an error when the resource is destroyed.\n\nThere are two ways to avoid these errors. First, and the way we recommend, is to avoid using this resource with principals that have implicit permissions. A second, error-prone option, is to grant explicit permissions (and `permissions_with_grant_option`) to \"overwrite\" a principal's implicit permissions, which you can then revoke with this resource. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html).\n\nIf the `principal` is also a data lake administrator, AWS grants implicit permissions that can cause errors using this resource. For example, AWS implicitly grants a `principal`/administrator `permissions` and `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on a table. If you use this resource to explicitly grant the `principal`/administrator `permissions` but _not_ `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on the table, this resource will read the implicit `permissions_with_grant_option` and attempt to revoke them when the resource is destroyed. Doing so will cause an `InvalidInputException: No permissions revoked` error because you cannot revoke implicit permissions _per se_. To workaround this problem, explicitly grant the `principal`/administrator `permissions` _and_ `permissions_with_grant_option`, which can then be revoked. Similarly, granting a `principal`/administrator permissions on a table with columns and providing `column_names`, will result in a `InvalidInputException: Permissions modification is invalid` error because you are narrowing the implicit permissions. Instead, set `wildcard` to `true` and remove the `column_names`.\n\n## Example Usage\n\n### Grant Permissions For A Lake Formation S3 Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\"DATA_LOCATION_ACCESS\"],\n dataLocation: {\n arn: exampleAwsLakeformationResource.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\"DATA_LOCATION_ACCESS\"],\n data_location=aws.lakeformation.PermissionsDataLocationArgs(\n arn=example_aws_lakeformation_resource[\"arn\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"DATA_LOCATION_ACCESS\",\n },\n DataLocation = new Aws.LakeFormation.Inputs.PermissionsDataLocationArgs\n {\n Arn = exampleAwsLakeformationResource.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DATA_LOCATION_ACCESS\"),\n\t\t\t},\n\t\t\tDataLocation: \u0026lakeformation.PermissionsDataLocationArgs{\n\t\t\t\tArn: pulumi.Any(exampleAwsLakeformationResource.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDataLocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder() \n .principal(workflowRole.arn())\n .permissions(\"DATA_LOCATION_ACCESS\")\n .dataLocation(PermissionsDataLocationArgs.builder()\n .arn(exampleAwsLakeformationResource.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - DATA_LOCATION_ACCESS\n dataLocation:\n arn: ${exampleAwsLakeformationResource.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions For A Glue Catalog Database\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database: {\n name: exampleAwsGlueCatalogDatabase.name,\n catalogId: \"110376042874\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database=aws.lakeformation.PermissionsDatabaseArgs(\n name=example_aws_glue_catalog_database[\"name\"],\n catalog_id=\"110376042874\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n Database = new Aws.LakeFormation.Inputs.PermissionsDatabaseArgs\n {\n Name = exampleAwsGlueCatalogDatabase.Name,\n CatalogId = \"110376042874\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tDatabase: \u0026lakeformation.PermissionsDatabaseArgs{\n\t\t\t\tName: pulumi.Any(exampleAwsGlueCatalogDatabase.Name),\n\t\t\t\tCatalogId: pulumi.String(\"110376042874\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder() \n .principal(workflowRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .database(PermissionsDatabaseArgs.builder()\n .name(exampleAwsGlueCatalogDatabase.name())\n .catalogId(\"110376042874\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n database:\n name: ${exampleAwsGlueCatalogDatabase.name}\n catalogId: '110376042874'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions Using Tag-Based Access Control\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lakeformation.Permissions(\"test\", {\n principal: salesRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lfTagPolicy: {\n resourceType: \"DATABASE\",\n expressions: [\n {\n key: \"Team\",\n values: [\"Sales\"],\n },\n {\n key: \"Environment\",\n values: [\n \"Dev\",\n \"Production\",\n ],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lakeformation.Permissions(\"test\",\n principal=sales_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lf_tag_policy=aws.lakeformation.PermissionsLfTagPolicyArgs(\n resource_type=\"DATABASE\",\n expressions=[\n aws.lakeformation.PermissionsLfTagPolicyExpressionArgs(\n key=\"Team\",\n values=[\"Sales\"],\n ),\n aws.lakeformation.PermissionsLfTagPolicyExpressionArgs(\n key=\"Environment\",\n values=[\n \"Dev\",\n \"Production\",\n ],\n ),\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LakeFormation.Permissions(\"test\", new()\n {\n Principal = salesRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n LfTagPolicy = new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyArgs\n {\n ResourceType = \"DATABASE\",\n Expressions = new[]\n {\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Team\",\n Values = new[]\n {\n \"Sales\",\n },\n },\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Environment\",\n Values = new[]\n {\n \"Dev\",\n \"Production\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"test\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(salesRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tLfTagPolicy: \u0026lakeformation.PermissionsLfTagPolicyArgs{\n\t\t\t\tResourceType: pulumi.String(\"DATABASE\"),\n\t\t\t\tExpressions: lakeformation.PermissionsLfTagPolicyExpressionArray{\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Team\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Sales\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Environment\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Dev\"),\n\t\t\t\t\t\t\tpulumi.String(\"Production\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsLfTagPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Permissions(\"test\", PermissionsArgs.builder() \n .principal(salesRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .lfTagPolicy(PermissionsLfTagPolicyArgs.builder()\n .resourceType(\"DATABASE\")\n .expressions( \n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Team\")\n .values(\"Sales\")\n .build(),\n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Environment\")\n .values( \n \"Dev\",\n \"Production\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${salesRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n lfTagPolicy:\n resourceType: DATABASE\n expressions:\n - key: Team\n values:\n - Sales\n - key: Environment\n values:\n - Dev\n - Production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html).\n\n!\u003e **WARNING:** Lake Formation permissions are not in effect by default within AWS. Using this resource will not secure your data and will result in errors if you do not change the security settings for existing resources and the default security settings for new resources. See Default Behavior and `IAMAllowedPrincipals` for additional details.\n\n\u003e **NOTE:** In general, the `principal` should _NOT_ be a Lake Formation administrator or the entity (e.g., IAM role) that is running the deployment. Administrators have implicit permissions. These should be managed by granting or not granting administrator rights using `aws.lakeformation.DataLakeSettings`, _not_ with this resource.\n\n## Default Behavior and `IAMAllowedPrincipals`\n\n**_Lake Formation permissions are not in effect by default within AWS._** `IAMAllowedPrincipals` (i.e., `IAM_ALLOWED_PRINCIPALS`) conflicts with individual Lake Formation permissions (i.e., non-`IAMAllowedPrincipals` permissions), will cause unexpected behavior, and may result in errors.\n\nWhen using Lake Formation, choose ONE of the following options as they are mutually exclusive:\n\n1. Use this resource (`aws.lakeformation.Permissions`), change the default security settings using `aws.lakeformation.DataLakeSettings`, and remove existing `IAMAllowedPrincipals` permissions\n2. Use `IAMAllowedPrincipals` without `aws.lakeformation.Permissions`\n\nThis example shows removing the `IAMAllowedPrincipals` default security settings and making the caller a Lake Formation admin. Since `create_database_default_permissions` and `create_table_default_permissions` are not set in the `aws.lakeformation.DataLakeSettings` resource, they are cleared.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetSessionContext = current.then(current =\u003e aws.iam.getSessionContext({\n arn: current.arn,\n}));\nconst test = new aws.lakeformation.DataLakeSettings(\"test\", {admins: [currentGetSessionContext.then(currentGetSessionContext =\u003e currentGetSessionContext.issuerArn)]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_session_context = aws.iam.get_session_context(arn=current.arn)\ntest = aws.lakeformation.DataLakeSettings(\"test\", admins=[current_get_session_context.issuer_arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetSessionContext = Aws.Iam.GetSessionContext.Invoke(new()\n {\n Arn = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.Arn),\n });\n\n var test = new Aws.LakeFormation.DataLakeSettings(\"test\", new()\n {\n Admins = new[]\n {\n currentGetSessionContext.Apply(getSessionContextResult =\u003e getSessionContextResult.IssuerArn),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetSessionContext, err := iam.GetSessionContext(ctx, \u0026iam.GetSessionContextArgs{\n\t\t\tArn: current.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewDataLakeSettings(ctx, \"test\", \u0026lakeformation.DataLakeSettingsArgs{\n\t\t\tAdmins: pulumi.StringArray{\n\t\t\t\tpulumi.String(currentGetSessionContext.IssuerArn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetSessionContextArgs;\nimport com.pulumi.aws.lakeformation.DataLakeSettings;\nimport com.pulumi.aws.lakeformation.DataLakeSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetSessionContext = IamFunctions.getSessionContext(GetSessionContextArgs.builder()\n .arn(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.arn()))\n .build());\n\n var test = new DataLakeSettings(\"test\", DataLakeSettingsArgs.builder() \n .admins(currentGetSessionContext.applyValue(getSessionContextResult -\u003e getSessionContextResult.issuerArn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:DataLakeSettings\n properties:\n admins:\n - ${currentGetSessionContext.issuerArn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetSessionContext:\n fn::invoke:\n Function: aws:iam:getSessionContext\n Arguments:\n arn: ${current.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nTo remove existing `IAMAllowedPrincipals` permissions, use the [AWS Lake Formation Console](https://console.aws.amazon.com/lakeformation/) or [AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lakeformation/batch-revoke-permissions.html).\n\n`IAMAllowedPrincipals` is a hook to maintain backwards compatibility with AWS Glue. `IAMAllowedPrincipals` is a pseudo-entity group that acts like a Lake Formation principal. The group includes any IAM users and roles that are allowed access to your Data Catalog resources by your IAM policies.\n\nThis is Lake Formation's default behavior:\n\n* Lake Formation grants `Super` permission to `IAMAllowedPrincipals` on all existing AWS Glue Data Catalog resources.\n* Lake Formation enables \"Use only IAM access control\" for new Data Catalog resources.\n\nFor more details, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html).\n\n### Problem Using `IAMAllowedPrincipals`\n\nAWS does not support combining `IAMAllowedPrincipals` permissions and non-`IAMAllowedPrincipals` permissions. Doing so results in unexpected permissions and behaviors. For example, this configuration grants a user `SELECT` on a column in a table.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.CatalogDatabase(\"example\", {name: \"sadabate\"});\nconst exampleCatalogTable = new aws.glue.CatalogTable(\"example\", {\n name: \"abelt\",\n databaseName: test.name,\n storageDescriptor: {\n columns: [{\n name: \"event\",\n type: \"string\",\n }],\n },\n});\nconst examplePermissions = new aws.lakeformation.Permissions(\"example\", {\n permissions: [\"SELECT\"],\n principal: \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n tableWithColumns: {\n databaseName: exampleCatalogTable.databaseName,\n name: exampleCatalogTable.name,\n columnNames: [\"event\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.CatalogDatabase(\"example\", name=\"sadabate\")\nexample_catalog_table = aws.glue.CatalogTable(\"example\",\n name=\"abelt\",\n database_name=test[\"name\"],\n storage_descriptor=aws.glue.CatalogTableStorageDescriptorArgs(\n columns=[aws.glue.CatalogTableStorageDescriptorColumnArgs(\n name=\"event\",\n type=\"string\",\n )],\n ))\nexample_permissions = aws.lakeformation.Permissions(\"example\",\n permissions=[\"SELECT\"],\n principal=\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n table_with_columns=aws.lakeformation.PermissionsTableWithColumnsArgs(\n database_name=example_catalog_table.database_name,\n name=example_catalog_table.name,\n column_names=[\"event\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.CatalogDatabase(\"example\", new()\n {\n Name = \"sadabate\",\n });\n\n var exampleCatalogTable = new Aws.Glue.CatalogTable(\"example\", new()\n {\n Name = \"abelt\",\n DatabaseName = test.Name,\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n Columns = new[]\n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"event\",\n Type = \"string\",\n },\n },\n },\n });\n\n var examplePermissions = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n PermissionDetails = new[]\n {\n \"SELECT\",\n },\n Principal = \"arn:aws:iam:us-east-1:123456789012:user/SanHolo\",\n TableWithColumns = new Aws.LakeFormation.Inputs.PermissionsTableWithColumnsArgs\n {\n DatabaseName = exampleCatalogTable.DatabaseName,\n Name = exampleCatalogTable.Name,\n ColumnNames = new[]\n {\n \"event\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCatalogDatabase(ctx, \"example\", \u0026glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"sadabate\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCatalogTable, err := glue.NewCatalogTable(ctx, \"example\", \u0026glue.CatalogTableArgs{\n\t\t\tName: pulumi.String(\"abelt\"),\n\t\t\tDatabaseName: pulumi.Any(test.Name),\n\t\t\tStorageDescriptor: \u0026glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t\u0026glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"event\"),\n\t\t\t\t\t\tType: pulumi.String(\"string\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t\tPrincipal: pulumi.String(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\"),\n\t\t\tTableWithColumns: \u0026lakeformation.PermissionsTableWithColumnsArgs{\n\t\t\t\tDatabaseName: exampleCatalogTable.DatabaseName,\n\t\t\t\tName: exampleCatalogTable.Name,\n\t\t\t\tColumnNames: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"event\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.CatalogDatabase;\nimport com.pulumi.aws.glue.CatalogDatabaseArgs;\nimport com.pulumi.aws.glue.CatalogTable;\nimport com.pulumi.aws.glue.CatalogTableArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableStorageDescriptorArgs;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsTableWithColumnsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CatalogDatabase(\"example\", CatalogDatabaseArgs.builder() \n .name(\"sadabate\")\n .build());\n\n var exampleCatalogTable = new CatalogTable(\"exampleCatalogTable\", CatalogTableArgs.builder() \n .name(\"abelt\")\n .databaseName(test.name())\n .storageDescriptor(CatalogTableStorageDescriptorArgs.builder()\n .columns(CatalogTableStorageDescriptorColumnArgs.builder()\n .name(\"event\")\n .type(\"string\")\n .build())\n .build())\n .build());\n\n var examplePermissions = new Permissions(\"examplePermissions\", PermissionsArgs.builder() \n .permissions(\"SELECT\")\n .principal(\"arn:aws:iam:us-east-1:123456789012:user/SanHolo\")\n .tableWithColumns(PermissionsTableWithColumnsArgs.builder()\n .databaseName(exampleCatalogTable.databaseName())\n .name(exampleCatalogTable.name())\n .columnNames(\"event\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:CatalogDatabase\n properties:\n name: sadabate\n exampleCatalogTable:\n type: aws:glue:CatalogTable\n name: example\n properties:\n name: abelt\n databaseName: ${test.name}\n storageDescriptor:\n columns:\n - name: event\n type: string\n examplePermissions:\n type: aws:lakeformation:Permissions\n name: example\n properties:\n permissions:\n - SELECT\n principal: arn:aws:iam:us-east-1:123456789012:user/SanHolo\n tableWithColumns:\n databaseName: ${exampleCatalogTable.databaseName}\n name: ${exampleCatalogTable.name}\n columnNames:\n - event\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe resulting permissions depend on whether the table had `IAMAllowedPrincipals` (IAP) permissions or not.\n\n| Result With IAP | Result Without IAP |\n| ---- | ---- |\n| `SELECT` column wildcard (i.e., all columns) | `SELECT` on `\"event\"` (as expected) |\n\n## Using Lake Formation Permissions\n\nLake Formation grants implicit permissions to data lake administrators, database creators, and table creators. These implicit permissions cannot be revoked _per se_. If this resource reads implicit permissions, it will attempt to revoke them, which causes an error when the resource is destroyed.\n\nThere are two ways to avoid these errors. First, and the way we recommend, is to avoid using this resource with principals that have implicit permissions. A second, error-prone option, is to grant explicit permissions (and `permissions_with_grant_option`) to \"overwrite\" a principal's implicit permissions, which you can then revoke with this resource. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html).\n\nIf the `principal` is also a data lake administrator, AWS grants implicit permissions that can cause errors using this resource. For example, AWS implicitly grants a `principal`/administrator `permissions` and `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on a table. If you use this resource to explicitly grant the `principal`/administrator `permissions` but _not_ `permissions_with_grant_option` of `ALL`, `ALTER`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT` on the table, this resource will read the implicit `permissions_with_grant_option` and attempt to revoke them when the resource is destroyed. Doing so will cause an `InvalidInputException: No permissions revoked` error because you cannot revoke implicit permissions _per se_. To workaround this problem, explicitly grant the `principal`/administrator `permissions` _and_ `permissions_with_grant_option`, which can then be revoked. Similarly, granting a `principal`/administrator permissions on a table with columns and providing `column_names`, will result in a `InvalidInputException: Permissions modification is invalid` error because you are narrowing the implicit permissions. Instead, set `wildcard` to `true` and remove the `column_names`.\n\n## Example Usage\n\n### Grant Permissions For A Lake Formation S3 Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\"DATA_LOCATION_ACCESS\"],\n dataLocation: {\n arn: exampleAwsLakeformationResource.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\"DATA_LOCATION_ACCESS\"],\n data_location=aws.lakeformation.PermissionsDataLocationArgs(\n arn=example_aws_lakeformation_resource[\"arn\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"DATA_LOCATION_ACCESS\",\n },\n DataLocation = new Aws.LakeFormation.Inputs.PermissionsDataLocationArgs\n {\n Arn = exampleAwsLakeformationResource.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DATA_LOCATION_ACCESS\"),\n\t\t\t},\n\t\t\tDataLocation: \u0026lakeformation.PermissionsDataLocationArgs{\n\t\t\t\tArn: pulumi.Any(exampleAwsLakeformationResource.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDataLocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder() \n .principal(workflowRole.arn())\n .permissions(\"DATA_LOCATION_ACCESS\")\n .dataLocation(PermissionsDataLocationArgs.builder()\n .arn(exampleAwsLakeformationResource.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - DATA_LOCATION_ACCESS\n dataLocation:\n arn: ${exampleAwsLakeformationResource.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions For A Glue Catalog Database\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.Permissions(\"example\", {\n principal: workflowRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database: {\n name: exampleAwsGlueCatalogDatabase.name,\n catalogId: \"110376042874\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.Permissions(\"example\",\n principal=workflow_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n database=aws.lakeformation.PermissionsDatabaseArgs(\n name=example_aws_glue_catalog_database[\"name\"],\n catalog_id=\"110376042874\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.LakeFormation.Permissions(\"example\", new()\n {\n Principal = workflowRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n Database = new Aws.LakeFormation.Inputs.PermissionsDatabaseArgs\n {\n Name = exampleAwsGlueCatalogDatabase.Name,\n CatalogId = \"110376042874\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"example\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(workflowRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tDatabase: \u0026lakeformation.PermissionsDatabaseArgs{\n\t\t\t\tName: pulumi.Any(exampleAwsGlueCatalogDatabase.Name),\n\t\t\t\tCatalogId: pulumi.String(\"110376042874\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsDatabaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Permissions(\"example\", PermissionsArgs.builder() \n .principal(workflowRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .database(PermissionsDatabaseArgs.builder()\n .name(exampleAwsGlueCatalogDatabase.name())\n .catalogId(\"110376042874\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${workflowRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n database:\n name: ${exampleAwsGlueCatalogDatabase.name}\n catalogId: '110376042874'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Grant Permissions Using Tag-Based Access Control\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lakeformation.Permissions(\"test\", {\n principal: salesRole.arn,\n permissions: [\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lfTagPolicy: {\n resourceType: \"DATABASE\",\n expressions: [\n {\n key: \"Team\",\n values: [\"Sales\"],\n },\n {\n key: \"Environment\",\n values: [\n \"Dev\",\n \"Production\",\n ],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lakeformation.Permissions(\"test\",\n principal=sales_role[\"arn\"],\n permissions=[\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n ],\n lf_tag_policy=aws.lakeformation.PermissionsLfTagPolicyArgs(\n resource_type=\"DATABASE\",\n expressions=[\n aws.lakeformation.PermissionsLfTagPolicyExpressionArgs(\n key=\"Team\",\n values=[\"Sales\"],\n ),\n aws.lakeformation.PermissionsLfTagPolicyExpressionArgs(\n key=\"Environment\",\n values=[\n \"Dev\",\n \"Production\",\n ],\n ),\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LakeFormation.Permissions(\"test\", new()\n {\n Principal = salesRole.Arn,\n PermissionDetails = new[]\n {\n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\",\n },\n LfTagPolicy = new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyArgs\n {\n ResourceType = \"DATABASE\",\n Expressions = new[]\n {\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Team\",\n Values = new[]\n {\n \"Sales\",\n },\n },\n new Aws.LakeFormation.Inputs.PermissionsLfTagPolicyExpressionArgs\n {\n Key = \"Environment\",\n Values = new[]\n {\n \"Dev\",\n \"Production\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewPermissions(ctx, \"test\", \u0026lakeformation.PermissionsArgs{\n\t\t\tPrincipal: pulumi.Any(salesRole.Arn),\n\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE_TABLE\"),\n\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t},\n\t\t\tLfTagPolicy: \u0026lakeformation.PermissionsLfTagPolicyArgs{\n\t\t\t\tResourceType: pulumi.String(\"DATABASE\"),\n\t\t\t\tExpressions: lakeformation.PermissionsLfTagPolicyExpressionArray{\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Team\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Sales\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026lakeformation.PermissionsLfTagPolicyExpressionArgs{\n\t\t\t\t\t\tKey: pulumi.String(\"Environment\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Dev\"),\n\t\t\t\t\t\t\tpulumi.String(\"Production\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lakeformation.Permissions;\nimport com.pulumi.aws.lakeformation.PermissionsArgs;\nimport com.pulumi.aws.lakeformation.inputs.PermissionsLfTagPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Permissions(\"test\", PermissionsArgs.builder() \n .principal(salesRole.arn())\n .permissions( \n \"CREATE_TABLE\",\n \"ALTER\",\n \"DROP\")\n .lfTagPolicy(PermissionsLfTagPolicyArgs.builder()\n .resourceType(\"DATABASE\")\n .expressions( \n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Team\")\n .values(\"Sales\")\n .build(),\n PermissionsLfTagPolicyExpressionArgs.builder()\n .key(\"Environment\")\n .values( \n \"Dev\",\n \"Production\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lakeformation:Permissions\n properties:\n principal: ${salesRole.arn}\n permissions:\n - CREATE_TABLE\n - ALTER\n - DROP\n lfTagPolicy:\n resourceType: DATABASE\n expressions:\n - key: Team\n values:\n - Sales\n - key: Environment\n values:\n - Dev\n - Production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "catalogId": { "type": "string", @@ -264152,7 +264152,7 @@ } }, "aws:lakeformation/resource:Resource": { - "description": "Registers a Lake Formation resource (e.g., S3 bucket) as managed by the Data Catalog. In other words, the S3 path is added to the data lake.\n\nChoose a role that has read/write access to the chosen Amazon S3 path or use the service-linked role.\nWhen you register the S3 path, the service-linked role and a new inline policy are created on your behalf.\nLake Formation adds the first path to the inline policy and attaches it to the service-linked role.\nWhen you register subsequent paths, Lake Formation adds the path to the existing policy.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.s3.getBucket({\n bucket: \"an-example-bucket\",\n});\nconst exampleResource = new aws.lakeformation.Resource(\"example\", {arn: example.then(example =\u003e example.arn)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.get_bucket(bucket=\"an-example-bucket\")\nexample_resource = aws.lakeformation.Resource(\"example\", arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"an-example-bucket\",\n });\n\n var exampleResource = new Aws.LakeFormation.Resource(\"example\", new()\n {\n Arn = example.Apply(getBucketResult =\u003e getBucketResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"an-example-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewResource(ctx, \"example\", \u0026lakeformation.ResourceArgs{\n\t\t\tArn: *pulumi.String(example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.lakeformation.Resource;\nimport com.pulumi.aws.lakeformation.ResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"an-example-bucket\")\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder() \n .arn(example.applyValue(getBucketResult -\u003e getBucketResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleResource:\n type: aws:lakeformation:Resource\n name: example\n properties:\n arn: ${example.arn}\nvariables:\n example:\n fn::invoke:\n Function: aws:s3:getBucket\n Arguments:\n bucket: an-example-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Registers a Lake Formation resource (e.g., S3 bucket) as managed by the Data Catalog. In other words, the S3 path is added to the data lake.\n\nChoose a role that has read/write access to the chosen Amazon S3 path or use the service-linked role.\nWhen you register the S3 path, the service-linked role and a new inline policy are created on your behalf.\nLake Formation adds the first path to the inline policy and attaches it to the service-linked role.\nWhen you register subsequent paths, Lake Formation adds the path to the existing policy.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.s3.getBucket({\n bucket: \"an-example-bucket\",\n});\nconst exampleResource = new aws.lakeformation.Resource(\"example\", {arn: example.then(example =\u003e example.arn)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.get_bucket(bucket=\"an-example-bucket\")\nexample_resource = aws.lakeformation.Resource(\"example\", arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"an-example-bucket\",\n });\n\n var exampleResource = new Aws.LakeFormation.Resource(\"example\", new()\n {\n Arn = example.Apply(getBucketResult =\u003e getBucketResult.Arn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"an-example-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewResource(ctx, \"example\", \u0026lakeformation.ResourceArgs{\n\t\t\tArn: pulumi.String(example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.lakeformation.Resource;\nimport com.pulumi.aws.lakeformation.ResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"an-example-bucket\")\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder() \n .arn(example.applyValue(getBucketResult -\u003e getBucketResult.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleResource:\n type: aws:lakeformation:Resource\n name: example\n properties:\n arn: ${example.arn}\nvariables:\n example:\n fn::invoke:\n Function: aws:s3:getBucket\n Arguments:\n bucket: an-example-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "arn": { "type": "string", @@ -264936,7 +264936,7 @@ } }, "aws:lambda/function:Function": { - "description": "Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\n\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an `aws.lambda.Function` with environment variables, the IAM role associated with the function may have been deleted and recreated _after_ the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role, or 2) by using Pulumi to `taint` the function and `apply` your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.)\n\n\u003e To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda Permission Model](https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html) for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as archive from \"@pulumi/archive\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = archive.getFile({\n type: \"zip\",\n sourceFile: \"lambda.js\",\n outputPath: \"lambda_function_payload.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n sourceCodeHash: lambda.then(lambda =\u003e lambda.outputBase64sha256),\n runtime: \"nodejs18.x\",\n environment: {\n variables: {\n foo: \"bar\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_archive as archive\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nlambda_ = archive.get_file(type=\"zip\",\n source_file=\"lambda.js\",\n output_path=\"lambda_function_payload.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n source_code_hash=lambda_.output_base64sha256,\n runtime=\"nodejs18.x\",\n environment=aws.lambda_.FunctionEnvironmentArgs(\n variables={\n \"foo\": \"bar\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Archive = Pulumi.Archive;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = Archive.GetFile.Invoke(new()\n {\n Type = \"zip\",\n SourceFile = \"lambda.js\",\n OutputPath = \"lambda_function_payload.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n SourceCodeHash = lambda.Apply(getFileResult =\u003e getFileResult.OutputBase64sha256),\n Runtime = \"nodejs18.x\",\n Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs\n {\n Variables = \n {\n { \"foo\", \"bar\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-archive/sdk/go/archive\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := archive.LookupFile(ctx, \u0026archive.LookupFileArgs{\n\t\t\tType: \"zip\",\n\t\t\tSourceFile: pulumi.StringRef(\"lambda.js\"),\n\t\t\tOutputPath: \"lambda_function_payload.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tSourceCodeHash: *pulumi.String(lambda.OutputBase64sha256),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEnvironment: \u0026lambda.FunctionEnvironmentArgs{\n\t\t\t\tVariables: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.archive.ArchiveFunctions;\nimport com.pulumi.archive.inputs.GetFileArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()\n .type(\"zip\")\n .sourceFile(\"lambda.js\")\n .outputPath(\"lambda_function_payload.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .sourceCodeHash(lambda.applyValue(getFileResult -\u003e getFileResult.outputBase64sha256()))\n .runtime(\"nodejs18.x\")\n .environment(FunctionEnvironmentArgs.builder()\n .variables(Map.of(\"foo\", \"bar\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n sourceCodeHash: ${lambda.outputBase64sha256}\n runtime: nodejs18.x\n environment:\n variables:\n foo: bar\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n lambda:\n fn::invoke:\n Function: archive:getFile\n Arguments:\n type: zip\n sourceFile: lambda.js\n outputPath: lambda_function_payload.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Layers\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.LayerVersion(\"example\", {});\nconst exampleFunction = new aws.lambda.Function(\"example\", {layers: [example.arn]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.LayerVersion(\"example\")\nexample_function = aws.lambda_.Function(\"example\", layers=[example.arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Lambda.LayerVersion(\"example\");\n\n var exampleFunction = new Aws.Lambda.Function(\"example\", new()\n {\n Layers = new[]\n {\n example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := lambda.NewLayerVersion(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tLayers: pulumi.StringArray{\n\t\t\t\texample.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.LayerVersion;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LayerVersion(\"example\");\n\n var exampleFunction = new Function(\"exampleFunction\", FunctionArgs.builder() \n .layers(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lambda:LayerVersion\n exampleFunction:\n type: aws:lambda:Function\n name: example\n properties:\n layers:\n - ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Ephemeral Storage\n\nLambda Function Ephemeral Storage(`/tmp`) allows you to configure the storage upto `10` GB. The default value set to `512` MB.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: \"nodejs18.x\",\n ephemeralStorage: {\n size: 10240,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=\"nodejs18.x\",\n ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(\n size=10240,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = \"nodejs18.x\",\n EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs\n {\n Size = 10240,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEphemeralStorage: \u0026lambda.FunctionEphemeralStorageArgs{\n\t\t\t\tSize: pulumi.Int(10240),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .ephemeralStorage(FunctionEphemeralStorageArgs.builder()\n .size(10240)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n ephemeralStorage:\n size: 10240\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda File Systems\n\nLambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// EFS file system\nconst efsForLambda = new aws.efs.FileSystem(\"efs_for_lambda\", {tags: {\n Name: \"efs_for_lambda\",\n}});\n// EFS access point used by lambda file system\nconst accessPointForLambda = new aws.efs.AccessPoint(\"access_point_for_lambda\", {\n fileSystemId: efsForLambda.id,\n rootDirectory: {\n path: \"/lambda\",\n creationInfo: {\n ownerGid: 1000,\n ownerUid: 1000,\n permissions: \"777\",\n },\n },\n posixUser: {\n gid: 1000,\n uid: 1000,\n },\n});\n// A lambda function connected to an EFS file system\nconst example = new aws.lambda.Function(\"example\", {\n fileSystemConfig: {\n arn: accessPointForLambda.arn,\n localMountPath: \"/mnt/efs\",\n },\n vpcConfig: {\n subnetIds: [subnetForLambda.id],\n securityGroupIds: [sgForLambda.id],\n },\n});\n// Mount target connects the file system to the subnet\nconst alpha = new aws.efs.MountTarget(\"alpha\", {\n fileSystemId: efsForLambda.id,\n subnetId: subnetForLambda.id,\n securityGroups: [sgForLambda.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# EFS file system\nefs_for_lambda = aws.efs.FileSystem(\"efs_for_lambda\", tags={\n \"Name\": \"efs_for_lambda\",\n})\n# EFS access point used by lambda file system\naccess_point_for_lambda = aws.efs.AccessPoint(\"access_point_for_lambda\",\n file_system_id=efs_for_lambda.id,\n root_directory=aws.efs.AccessPointRootDirectoryArgs(\n path=\"/lambda\",\n creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(\n owner_gid=1000,\n owner_uid=1000,\n permissions=\"777\",\n ),\n ),\n posix_user=aws.efs.AccessPointPosixUserArgs(\n gid=1000,\n uid=1000,\n ))\n# A lambda function connected to an EFS file system\nexample = aws.lambda_.Function(\"example\",\n file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(\n arn=access_point_for_lambda.arn,\n local_mount_path=\"/mnt/efs\",\n ),\n vpc_config=aws.lambda_.FunctionVpcConfigArgs(\n subnet_ids=[subnet_for_lambda[\"id\"]],\n security_group_ids=[sg_for_lambda[\"id\"]],\n ))\n# Mount target connects the file system to the subnet\nalpha = aws.efs.MountTarget(\"alpha\",\n file_system_id=efs_for_lambda.id,\n subnet_id=subnet_for_lambda[\"id\"],\n security_groups=[sg_for_lambda[\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // EFS file system\n var efsForLambda = new Aws.Efs.FileSystem(\"efs_for_lambda\", new()\n {\n Tags = \n {\n { \"Name\", \"efs_for_lambda\" },\n },\n });\n\n // EFS access point used by lambda file system\n var accessPointForLambda = new Aws.Efs.AccessPoint(\"access_point_for_lambda\", new()\n {\n FileSystemId = efsForLambda.Id,\n RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs\n {\n Path = \"/lambda\",\n CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs\n {\n OwnerGid = 1000,\n OwnerUid = 1000,\n Permissions = \"777\",\n },\n },\n PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs\n {\n Gid = 1000,\n Uid = 1000,\n },\n });\n\n // A lambda function connected to an EFS file system\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs\n {\n Arn = accessPointForLambda.Arn,\n LocalMountPath = \"/mnt/efs\",\n },\n VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs\n {\n SubnetIds = new[]\n {\n subnetForLambda.Id,\n },\n SecurityGroupIds = new[]\n {\n sgForLambda.Id,\n },\n },\n });\n\n // Mount target connects the file system to the subnet\n var alpha = new Aws.Efs.MountTarget(\"alpha\", new()\n {\n FileSystemId = efsForLambda.Id,\n SubnetId = subnetForLambda.Id,\n SecurityGroups = new[]\n {\n sgForLambda.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// EFS file system\n\t\tefsForLambda, err := efs.NewFileSystem(ctx, \"efs_for_lambda\", \u0026efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"efs_for_lambda\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// EFS access point used by lambda file system\n\t\taccessPointForLambda, err := efs.NewAccessPoint(ctx, \"access_point_for_lambda\", \u0026efs.AccessPointArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tRootDirectory: \u0026efs.AccessPointRootDirectoryArgs{\n\t\t\t\tPath: pulumi.String(\"/lambda\"),\n\t\t\t\tCreationInfo: \u0026efs.AccessPointRootDirectoryCreationInfoArgs{\n\t\t\t\t\tOwnerGid: pulumi.Int(1000),\n\t\t\t\t\tOwnerUid: pulumi.Int(1000),\n\t\t\t\t\tPermissions: pulumi.String(\"777\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPosixUser: \u0026efs.AccessPointPosixUserArgs{\n\t\t\t\tGid: pulumi.Int(1000),\n\t\t\t\tUid: pulumi.Int(1000),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// A lambda function connected to an EFS file system\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tFileSystemConfig: \u0026lambda.FunctionFileSystemConfigArgs{\n\t\t\t\tArn: accessPointForLambda.Arn,\n\t\t\t\tLocalMountPath: pulumi.String(\"/mnt/efs\"),\n\t\t\t},\n\t\t\tVpcConfig: \u0026lambda.FunctionVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tsubnetForLambda.Id,\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsgForLambda.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Mount target connects the file system to the subnet\n\t\t_, err = efs.NewMountTarget(ctx, \"alpha\", \u0026efs.MountTargetArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tSubnetId: pulumi.Any(subnetForLambda.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tsgForLambda.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.efs.FileSystem;\nimport com.pulumi.aws.efs.FileSystemArgs;\nimport com.pulumi.aws.efs.AccessPoint;\nimport com.pulumi.aws.efs.AccessPointArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;\nimport com.pulumi.aws.efs.MountTarget;\nimport com.pulumi.aws.efs.MountTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var efsForLambda = new FileSystem(\"efsForLambda\", FileSystemArgs.builder() \n .tags(Map.of(\"Name\", \"efs_for_lambda\"))\n .build());\n\n var accessPointForLambda = new AccessPoint(\"accessPointForLambda\", AccessPointArgs.builder() \n .fileSystemId(efsForLambda.id())\n .rootDirectory(AccessPointRootDirectoryArgs.builder()\n .path(\"/lambda\")\n .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()\n .ownerGid(1000)\n .ownerUid(1000)\n .permissions(\"777\")\n .build())\n .build())\n .posixUser(AccessPointPosixUserArgs.builder()\n .gid(1000)\n .uid(1000)\n .build())\n .build());\n\n var example = new Function(\"example\", FunctionArgs.builder() \n .fileSystemConfig(FunctionFileSystemConfigArgs.builder()\n .arn(accessPointForLambda.arn())\n .localMountPath(\"/mnt/efs\")\n .build())\n .vpcConfig(FunctionVpcConfigArgs.builder()\n .subnetIds(subnetForLambda.id())\n .securityGroupIds(sgForLambda.id())\n .build())\n .build());\n\n var alpha = new MountTarget(\"alpha\", MountTargetArgs.builder() \n .fileSystemId(efsForLambda.id())\n .subnetId(subnetForLambda.id())\n .securityGroups(sgForLambda.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # A lambda function connected to an EFS file system\n example:\n type: aws:lambda:Function\n properties:\n fileSystemConfig:\n arn: ${accessPointForLambda.arn}\n localMountPath: /mnt/efs\n vpcConfig:\n subnetIds:\n - ${subnetForLambda.id}\n securityGroupIds:\n - ${sgForLambda.id}\n # EFS file system\n efsForLambda:\n type: aws:efs:FileSystem\n name: efs_for_lambda\n properties:\n tags:\n Name: efs_for_lambda\n # Mount target connects the file system to the subnet\n alpha:\n type: aws:efs:MountTarget\n properties:\n fileSystemId: ${efsForLambda.id}\n subnetId: ${subnetForLambda.id}\n securityGroups:\n - ${sgForLambda.id}\n # EFS access point used by lambda file system\n accessPointForLambda:\n type: aws:efs:AccessPoint\n name: access_point_for_lambda\n properties:\n fileSystemId: ${efsForLambda.id}\n rootDirectory:\n path: /lambda\n creationInfo:\n ownerGid: 1000\n ownerUid: 1000\n permissions: '777'\n posixUser:\n gid: 1000\n uid: 1000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda retries\n\nLambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource.\n\n### CloudWatch Logging and Permissions\n\nFor more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lambdaFunctionName = config.get(\"lambdaFunctionName\") || \"lambda_function_name\";\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n name: lambdaFunctionName,\n loggingConfig: {\n logFormat: \"Text\",\n },\n});\n// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/lambda/${lambdaFunctionName}`,\n retentionInDays: 14,\n});\n// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nconst lambdaLogging = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:*\"],\n }],\n});\nconst lambdaLoggingPolicy = new aws.iam.Policy(\"lambda_logging\", {\n name: \"lambda_logging\",\n path: \"/\",\n description: \"IAM policy for logging from a lambda\",\n policy: lambdaLogging.then(lambdaLogging =\u003e lambdaLogging.json),\n});\nconst lambdaLogs = new aws.iam.RolePolicyAttachment(\"lambda_logs\", {\n role: iamForLambda.name,\n policyArn: lambdaLoggingPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlambda_function_name = config.get(\"lambdaFunctionName\")\nif lambda_function_name is None:\n lambda_function_name = \"lambda_function_name\"\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n name=lambda_function_name,\n logging_config=aws.lambda_.FunctionLoggingConfigArgs(\n log_format=\"Text\",\n ))\n# This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n# If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/lambda/{lambda_function_name}\",\n retention_in_days=14)\n# See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nlambda_logging = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:*\"],\n)])\nlambda_logging_policy = aws.iam.Policy(\"lambda_logging\",\n name=\"lambda_logging\",\n path=\"/\",\n description=\"IAM policy for logging from a lambda\",\n policy=lambda_logging.json)\nlambda_logs = aws.iam.RolePolicyAttachment(\"lambda_logs\",\n role=iam_for_lambda[\"name\"],\n policy_arn=lambda_logging_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var lambdaFunctionName = config.Get(\"lambdaFunctionName\") ?? \"lambda_function_name\";\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Name = lambdaFunctionName,\n LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs\n {\n LogFormat = \"Text\",\n },\n });\n\n // This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n // If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/lambda/{lambdaFunctionName}\",\n RetentionInDays = 14,\n });\n\n // See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n var lambdaLogging = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:*\",\n },\n },\n },\n });\n\n var lambdaLoggingPolicy = new Aws.Iam.Policy(\"lambda_logging\", new()\n {\n Name = \"lambda_logging\",\n Path = \"/\",\n Description = \"IAM policy for logging from a lambda\",\n PolicyDocument = lambdaLogging.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaLogs = new Aws.Iam.RolePolicyAttachment(\"lambda_logs\", new()\n {\n Role = iamForLambda.Name,\n PolicyArn = lambdaLoggingPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlambdaFunctionName := \"lambda_function_name\"\n\t\tif param := cfg.Get(\"lambdaFunctionName\"); param != \"\" {\n\t\t\tlambdaFunctionName = param\n\t\t}\n\t\t_, err := lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tName: pulumi.String(lambdaFunctionName),\n\t\t\tLoggingConfig: \u0026lambda.FunctionLoggingConfigArgs{\n\t\t\t\tLogFormat: pulumi.String(\"Text\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n\t\t// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n\t\t_, err = cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(fmt.Sprintf(\"/aws/lambda/%v\", lambdaFunctionName)),\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n\t\tlambdaLogging, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicy, err := iam.NewPolicy(ctx, \"lambda_logging\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"lambda_logging\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"IAM policy for logging from a lambda\"),\n\t\t\tPolicy: *pulumi.String(lambdaLogging.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"lambda_logs\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(iamForLambda.Name),\n\t\t\tPolicyArn: lambdaLoggingPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var lambdaFunctionName = config.get(\"lambdaFunctionName\").orElse(\"lambda_function_name\");\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .name(lambdaFunctionName)\n .loggingConfig(FunctionLoggingConfigArgs.builder()\n .logFormat(\"Text\")\n .build())\n .build());\n\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .name(String.format(\"/aws/lambda/%s\", lambdaFunctionName))\n .retentionInDays(14)\n .build());\n\n final var lambdaLogging = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:*\")\n .build())\n .build());\n\n var lambdaLoggingPolicy = new Policy(\"lambdaLoggingPolicy\", PolicyArgs.builder() \n .name(\"lambda_logging\")\n .path(\"/\")\n .description(\"IAM policy for logging from a lambda\")\n .policy(lambdaLogging.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaLogs = new RolePolicyAttachment(\"lambdaLogs\", RolePolicyAttachmentArgs.builder() \n .role(iamForLambda.name())\n .policyArn(lambdaLoggingPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n lambdaFunctionName:\n type: string\n default: lambda_function_name\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n name: ${lambdaFunctionName}\n loggingConfig:\n logFormat: Text\n # This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n # If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/lambda/${lambdaFunctionName}\n retentionInDays: 14\n lambdaLoggingPolicy:\n type: aws:iam:Policy\n name: lambda_logging\n properties:\n name: lambda_logging\n path: /\n description: IAM policy for logging from a lambda\n policy: ${lambdaLogging.json}\n lambdaLogs:\n type: aws:iam:RolePolicyAttachment\n name: lambda_logs\n properties:\n role: ${iamForLambda.name}\n policyArn: ${lambdaLoggingPolicy.arn}\nvariables:\n # See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n lambdaLogging:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Specifying the Deployment Package\n\nAWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html).\n\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObjectv2` resource to upload it.\n\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.\n\n## Import\n\nUsing `pulumi import`, import Lambda Functions using the `function_name`. For example:\n\n```sh\n$ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function\n```\n", + "description": "Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\n\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an `aws.lambda.Function` with environment variables, the IAM role associated with the function may have been deleted and recreated _after_ the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role, or 2) by using Pulumi to `taint` the function and `apply` your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.)\n\n\u003e To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda Permission Model](https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html) for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as archive from \"@pulumi/archive\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = archive.getFile({\n type: \"zip\",\n sourceFile: \"lambda.js\",\n outputPath: \"lambda_function_payload.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n sourceCodeHash: lambda.then(lambda =\u003e lambda.outputBase64sha256),\n runtime: aws.lambda.Runtime.NodeJS18dX,\n environment: {\n variables: {\n foo: \"bar\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_archive as archive\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nlambda_ = archive.get_file(type=\"zip\",\n source_file=\"lambda.js\",\n output_path=\"lambda_function_payload.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n source_code_hash=lambda_.output_base64sha256,\n runtime=aws.lambda_.Runtime.NODE_JS18D_X,\n environment=aws.lambda_.FunctionEnvironmentArgs(\n variables={\n \"foo\": \"bar\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Archive = Pulumi.Archive;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = Archive.GetFile.Invoke(new()\n {\n Type = \"zip\",\n SourceFile = \"lambda.js\",\n OutputPath = \"lambda_function_payload.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n SourceCodeHash = lambda.Apply(getFileResult =\u003e getFileResult.OutputBase64sha256),\n Runtime = Aws.Lambda.Runtime.NodeJS18dX,\n Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs\n {\n Variables = \n {\n { \"foo\", \"bar\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-archive/sdk/go/archive\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := archive.LookupFile(ctx, \u0026archive.LookupFileArgs{\n\t\t\tType: \"zip\",\n\t\t\tSourceFile: pulumi.StringRef(\"lambda.js\"),\n\t\t\tOutputPath: \"lambda_function_payload.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tSourceCodeHash: pulumi.String(lambda.OutputBase64sha256),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeNodeJS18dX),\n\t\t\tEnvironment: \u0026lambda.FunctionEnvironmentArgs{\n\t\t\t\tVariables: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.archive.ArchiveFunctions;\nimport com.pulumi.archive.inputs.GetFileArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()\n .type(\"zip\")\n .sourceFile(\"lambda.js\")\n .outputPath(\"lambda_function_payload.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .sourceCodeHash(lambda.applyValue(getFileResult -\u003e getFileResult.outputBase64sha256()))\n .runtime(\"nodejs18.x\")\n .environment(FunctionEnvironmentArgs.builder()\n .variables(Map.of(\"foo\", \"bar\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n sourceCodeHash: ${lambda.outputBase64sha256}\n runtime: nodejs18.x\n environment:\n variables:\n foo: bar\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n lambda:\n fn::invoke:\n Function: archive:getFile\n Arguments:\n type: zip\n sourceFile: lambda.js\n outputPath: lambda_function_payload.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Layers\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.LayerVersion(\"example\", {});\nconst exampleFunction = new aws.lambda.Function(\"example\", {layers: [example.arn]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.LayerVersion(\"example\")\nexample_function = aws.lambda_.Function(\"example\", layers=[example.arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Lambda.LayerVersion(\"example\");\n\n var exampleFunction = new Aws.Lambda.Function(\"example\", new()\n {\n Layers = new[]\n {\n example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := lambda.NewLayerVersion(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tLayers: pulumi.StringArray{\n\t\t\t\texample.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.LayerVersion;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LayerVersion(\"example\");\n\n var exampleFunction = new Function(\"exampleFunction\", FunctionArgs.builder() \n .layers(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lambda:LayerVersion\n exampleFunction:\n type: aws:lambda:Function\n name: example\n properties:\n layers:\n - ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Ephemeral Storage\n\nLambda Function Ephemeral Storage(`/tmp`) allows you to configure the storage upto `10` GB. The default value set to `512` MB.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: aws.lambda.Runtime.NodeJS18dX,\n ephemeralStorage: {\n size: 10240,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=aws.lambda_.Runtime.NODE_JS18D_X,\n ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(\n size=10240,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = Aws.Lambda.Runtime.NodeJS18dX,\n EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs\n {\n Size = 10240,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeNodeJS18dX),\n\t\t\tEphemeralStorage: \u0026lambda.FunctionEphemeralStorageArgs{\n\t\t\t\tSize: pulumi.Int(10240),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .ephemeralStorage(FunctionEphemeralStorageArgs.builder()\n .size(10240)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n ephemeralStorage:\n size: 10240\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda File Systems\n\nLambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// EFS file system\nconst efsForLambda = new aws.efs.FileSystem(\"efs_for_lambda\", {tags: {\n Name: \"efs_for_lambda\",\n}});\n// EFS access point used by lambda file system\nconst accessPointForLambda = new aws.efs.AccessPoint(\"access_point_for_lambda\", {\n fileSystemId: efsForLambda.id,\n rootDirectory: {\n path: \"/lambda\",\n creationInfo: {\n ownerGid: 1000,\n ownerUid: 1000,\n permissions: \"777\",\n },\n },\n posixUser: {\n gid: 1000,\n uid: 1000,\n },\n});\n// A lambda function connected to an EFS file system\nconst example = new aws.lambda.Function(\"example\", {\n fileSystemConfig: {\n arn: accessPointForLambda.arn,\n localMountPath: \"/mnt/efs\",\n },\n vpcConfig: {\n subnetIds: [subnetForLambda.id],\n securityGroupIds: [sgForLambda.id],\n },\n});\n// Mount target connects the file system to the subnet\nconst alpha = new aws.efs.MountTarget(\"alpha\", {\n fileSystemId: efsForLambda.id,\n subnetId: subnetForLambda.id,\n securityGroups: [sgForLambda.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# EFS file system\nefs_for_lambda = aws.efs.FileSystem(\"efs_for_lambda\", tags={\n \"Name\": \"efs_for_lambda\",\n})\n# EFS access point used by lambda file system\naccess_point_for_lambda = aws.efs.AccessPoint(\"access_point_for_lambda\",\n file_system_id=efs_for_lambda.id,\n root_directory=aws.efs.AccessPointRootDirectoryArgs(\n path=\"/lambda\",\n creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(\n owner_gid=1000,\n owner_uid=1000,\n permissions=\"777\",\n ),\n ),\n posix_user=aws.efs.AccessPointPosixUserArgs(\n gid=1000,\n uid=1000,\n ))\n# A lambda function connected to an EFS file system\nexample = aws.lambda_.Function(\"example\",\n file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(\n arn=access_point_for_lambda.arn,\n local_mount_path=\"/mnt/efs\",\n ),\n vpc_config=aws.lambda_.FunctionVpcConfigArgs(\n subnet_ids=[subnet_for_lambda[\"id\"]],\n security_group_ids=[sg_for_lambda[\"id\"]],\n ))\n# Mount target connects the file system to the subnet\nalpha = aws.efs.MountTarget(\"alpha\",\n file_system_id=efs_for_lambda.id,\n subnet_id=subnet_for_lambda[\"id\"],\n security_groups=[sg_for_lambda[\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // EFS file system\n var efsForLambda = new Aws.Efs.FileSystem(\"efs_for_lambda\", new()\n {\n Tags = \n {\n { \"Name\", \"efs_for_lambda\" },\n },\n });\n\n // EFS access point used by lambda file system\n var accessPointForLambda = new Aws.Efs.AccessPoint(\"access_point_for_lambda\", new()\n {\n FileSystemId = efsForLambda.Id,\n RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs\n {\n Path = \"/lambda\",\n CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs\n {\n OwnerGid = 1000,\n OwnerUid = 1000,\n Permissions = \"777\",\n },\n },\n PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs\n {\n Gid = 1000,\n Uid = 1000,\n },\n });\n\n // A lambda function connected to an EFS file system\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs\n {\n Arn = accessPointForLambda.Arn,\n LocalMountPath = \"/mnt/efs\",\n },\n VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs\n {\n SubnetIds = new[]\n {\n subnetForLambda.Id,\n },\n SecurityGroupIds = new[]\n {\n sgForLambda.Id,\n },\n },\n });\n\n // Mount target connects the file system to the subnet\n var alpha = new Aws.Efs.MountTarget(\"alpha\", new()\n {\n FileSystemId = efsForLambda.Id,\n SubnetId = subnetForLambda.Id,\n SecurityGroups = new[]\n {\n sgForLambda.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// EFS file system\n\t\tefsForLambda, err := efs.NewFileSystem(ctx, \"efs_for_lambda\", \u0026efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"efs_for_lambda\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// EFS access point used by lambda file system\n\t\taccessPointForLambda, err := efs.NewAccessPoint(ctx, \"access_point_for_lambda\", \u0026efs.AccessPointArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tRootDirectory: \u0026efs.AccessPointRootDirectoryArgs{\n\t\t\t\tPath: pulumi.String(\"/lambda\"),\n\t\t\t\tCreationInfo: \u0026efs.AccessPointRootDirectoryCreationInfoArgs{\n\t\t\t\t\tOwnerGid: pulumi.Int(1000),\n\t\t\t\t\tOwnerUid: pulumi.Int(1000),\n\t\t\t\t\tPermissions: pulumi.String(\"777\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPosixUser: \u0026efs.AccessPointPosixUserArgs{\n\t\t\t\tGid: pulumi.Int(1000),\n\t\t\t\tUid: pulumi.Int(1000),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// A lambda function connected to an EFS file system\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tFileSystemConfig: \u0026lambda.FunctionFileSystemConfigArgs{\n\t\t\t\tArn: accessPointForLambda.Arn,\n\t\t\t\tLocalMountPath: pulumi.String(\"/mnt/efs\"),\n\t\t\t},\n\t\t\tVpcConfig: \u0026lambda.FunctionVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tsubnetForLambda.Id,\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsgForLambda.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Mount target connects the file system to the subnet\n\t\t_, err = efs.NewMountTarget(ctx, \"alpha\", \u0026efs.MountTargetArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tSubnetId: pulumi.Any(subnetForLambda.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tsgForLambda.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.efs.FileSystem;\nimport com.pulumi.aws.efs.FileSystemArgs;\nimport com.pulumi.aws.efs.AccessPoint;\nimport com.pulumi.aws.efs.AccessPointArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;\nimport com.pulumi.aws.efs.MountTarget;\nimport com.pulumi.aws.efs.MountTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var efsForLambda = new FileSystem(\"efsForLambda\", FileSystemArgs.builder() \n .tags(Map.of(\"Name\", \"efs_for_lambda\"))\n .build());\n\n var accessPointForLambda = new AccessPoint(\"accessPointForLambda\", AccessPointArgs.builder() \n .fileSystemId(efsForLambda.id())\n .rootDirectory(AccessPointRootDirectoryArgs.builder()\n .path(\"/lambda\")\n .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()\n .ownerGid(1000)\n .ownerUid(1000)\n .permissions(\"777\")\n .build())\n .build())\n .posixUser(AccessPointPosixUserArgs.builder()\n .gid(1000)\n .uid(1000)\n .build())\n .build());\n\n var example = new Function(\"example\", FunctionArgs.builder() \n .fileSystemConfig(FunctionFileSystemConfigArgs.builder()\n .arn(accessPointForLambda.arn())\n .localMountPath(\"/mnt/efs\")\n .build())\n .vpcConfig(FunctionVpcConfigArgs.builder()\n .subnetIds(subnetForLambda.id())\n .securityGroupIds(sgForLambda.id())\n .build())\n .build());\n\n var alpha = new MountTarget(\"alpha\", MountTargetArgs.builder() \n .fileSystemId(efsForLambda.id())\n .subnetId(subnetForLambda.id())\n .securityGroups(sgForLambda.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # A lambda function connected to an EFS file system\n example:\n type: aws:lambda:Function\n properties:\n fileSystemConfig:\n arn: ${accessPointForLambda.arn}\n localMountPath: /mnt/efs\n vpcConfig:\n subnetIds:\n - ${subnetForLambda.id}\n securityGroupIds:\n - ${sgForLambda.id}\n # EFS file system\n efsForLambda:\n type: aws:efs:FileSystem\n name: efs_for_lambda\n properties:\n tags:\n Name: efs_for_lambda\n # Mount target connects the file system to the subnet\n alpha:\n type: aws:efs:MountTarget\n properties:\n fileSystemId: ${efsForLambda.id}\n subnetId: ${subnetForLambda.id}\n securityGroups:\n - ${sgForLambda.id}\n # EFS access point used by lambda file system\n accessPointForLambda:\n type: aws:efs:AccessPoint\n name: access_point_for_lambda\n properties:\n fileSystemId: ${efsForLambda.id}\n rootDirectory:\n path: /lambda\n creationInfo:\n ownerGid: 1000\n ownerUid: 1000\n permissions: '777'\n posixUser:\n gid: 1000\n uid: 1000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda retries\n\nLambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource.\n\n### CloudWatch Logging and Permissions\n\nFor more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lambdaFunctionName = config.get(\"lambdaFunctionName\") || \"lambda_function_name\";\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n name: lambdaFunctionName,\n loggingConfig: {\n logFormat: \"Text\",\n },\n});\n// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/lambda/${lambdaFunctionName}`,\n retentionInDays: 14,\n});\n// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nconst lambdaLogging = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:*\"],\n }],\n});\nconst lambdaLoggingPolicy = new aws.iam.Policy(\"lambda_logging\", {\n name: \"lambda_logging\",\n path: \"/\",\n description: \"IAM policy for logging from a lambda\",\n policy: lambdaLogging.then(lambdaLogging =\u003e lambdaLogging.json),\n});\nconst lambdaLogs = new aws.iam.RolePolicyAttachment(\"lambda_logs\", {\n role: iamForLambda.name,\n policyArn: lambdaLoggingPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlambda_function_name = config.get(\"lambdaFunctionName\")\nif lambda_function_name is None:\n lambda_function_name = \"lambda_function_name\"\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n name=lambda_function_name,\n logging_config=aws.lambda_.FunctionLoggingConfigArgs(\n log_format=\"Text\",\n ))\n# This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n# If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/lambda/{lambda_function_name}\",\n retention_in_days=14)\n# See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nlambda_logging = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:*\"],\n)])\nlambda_logging_policy = aws.iam.Policy(\"lambda_logging\",\n name=\"lambda_logging\",\n path=\"/\",\n description=\"IAM policy for logging from a lambda\",\n policy=lambda_logging.json)\nlambda_logs = aws.iam.RolePolicyAttachment(\"lambda_logs\",\n role=iam_for_lambda[\"name\"],\n policy_arn=lambda_logging_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var lambdaFunctionName = config.Get(\"lambdaFunctionName\") ?? \"lambda_function_name\";\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Name = lambdaFunctionName,\n LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs\n {\n LogFormat = \"Text\",\n },\n });\n\n // This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n // If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/lambda/{lambdaFunctionName}\",\n RetentionInDays = 14,\n });\n\n // See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n var lambdaLogging = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:*\",\n },\n },\n },\n });\n\n var lambdaLoggingPolicy = new Aws.Iam.Policy(\"lambda_logging\", new()\n {\n Name = \"lambda_logging\",\n Path = \"/\",\n Description = \"IAM policy for logging from a lambda\",\n PolicyDocument = lambdaLogging.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaLogs = new Aws.Iam.RolePolicyAttachment(\"lambda_logs\", new()\n {\n Role = iamForLambda.Name,\n PolicyArn = lambdaLoggingPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlambdaFunctionName := \"lambda_function_name\"\n\t\tif param := cfg.Get(\"lambdaFunctionName\"); param != \"\" {\n\t\t\tlambdaFunctionName = param\n\t\t}\n\t\t_, err := lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tName: pulumi.String(lambdaFunctionName),\n\t\t\tLoggingConfig: \u0026lambda.FunctionLoggingConfigArgs{\n\t\t\t\tLogFormat: pulumi.String(\"Text\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n\t\t// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n\t\t_, err = cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(fmt.Sprintf(\"/aws/lambda/%v\", lambdaFunctionName)),\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n\t\tlambdaLogging, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicy, err := iam.NewPolicy(ctx, \"lambda_logging\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"lambda_logging\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"IAM policy for logging from a lambda\"),\n\t\t\tPolicy: pulumi.String(lambdaLogging.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"lambda_logs\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(iamForLambda.Name),\n\t\t\tPolicyArn: lambdaLoggingPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var lambdaFunctionName = config.get(\"lambdaFunctionName\").orElse(\"lambda_function_name\");\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .name(lambdaFunctionName)\n .loggingConfig(FunctionLoggingConfigArgs.builder()\n .logFormat(\"Text\")\n .build())\n .build());\n\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .name(String.format(\"/aws/lambda/%s\", lambdaFunctionName))\n .retentionInDays(14)\n .build());\n\n final var lambdaLogging = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:*\")\n .build())\n .build());\n\n var lambdaLoggingPolicy = new Policy(\"lambdaLoggingPolicy\", PolicyArgs.builder() \n .name(\"lambda_logging\")\n .path(\"/\")\n .description(\"IAM policy for logging from a lambda\")\n .policy(lambdaLogging.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaLogs = new RolePolicyAttachment(\"lambdaLogs\", RolePolicyAttachmentArgs.builder() \n .role(iamForLambda.name())\n .policyArn(lambdaLoggingPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n lambdaFunctionName:\n type: string\n default: lambda_function_name\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n name: ${lambdaFunctionName}\n loggingConfig:\n logFormat: Text\n # This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n # If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/lambda/${lambdaFunctionName}\n retentionInDays: 14\n lambdaLoggingPolicy:\n type: aws:iam:Policy\n name: lambda_logging\n properties:\n name: lambda_logging\n path: /\n description: IAM policy for logging from a lambda\n policy: ${lambdaLogging.json}\n lambdaLogs:\n type: aws:iam:RolePolicyAttachment\n name: lambda_logs\n properties:\n role: ${iamForLambda.name}\n policyArn: ${lambdaLoggingPolicy.arn}\nvariables:\n # See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n lambdaLogging:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Specifying the Deployment Package\n\nAWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html).\n\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObjectv2` resource to upload it.\n\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.\n\n## Import\n\nUsing `pulumi import`, import Lambda Functions using the `function_name`. For example:\n\n```sh\n$ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function\n```\n", "properties": { "architectures": { "type": "array", @@ -266239,7 +266239,7 @@ } }, "aws:lambda/permission:Permission": { - "description": "Gives an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"lambda.amazonaws.com\",\n },\n }],\n }),\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambdatest.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"exports.handler\",\n runtime: \"nodejs16.x\",\n});\nconst testAlias = new aws.lambda.Alias(\"test_alias\", {\n name: \"testalias\",\n description: \"a sample description\",\n functionName: testLambda.name,\n functionVersion: \"$LATEST\",\n});\nconst allowCloudwatch = new aws.lambda.Permission(\"allow_cloudwatch\", {\n statementId: \"AllowExecutionFromCloudWatch\",\n action: \"lambda:InvokeFunction\",\n \"function\": testLambda.name,\n principal: \"events.amazonaws.com\",\n sourceArn: \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n qualifier: testAlias.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"lambda.amazonaws.com\",\n },\n }],\n }))\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambdatest.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"exports.handler\",\n runtime=\"nodejs16.x\")\ntest_alias = aws.lambda_.Alias(\"test_alias\",\n name=\"testalias\",\n description=\"a sample description\",\n function_name=test_lambda.name,\n function_version=\"$LATEST\")\nallow_cloudwatch = aws.lambda_.Permission(\"allow_cloudwatch\",\n statement_id=\"AllowExecutionFromCloudWatch\",\n action=\"lambda:InvokeFunction\",\n function=test_lambda.name,\n principal=\"events.amazonaws.com\",\n source_arn=\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n qualifier=test_alias.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"lambda.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambdatest.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.handler\",\n Runtime = \"nodejs16.x\",\n });\n\n var testAlias = new Aws.Lambda.Alias(\"test_alias\", new()\n {\n Name = \"testalias\",\n Description = \"a sample description\",\n FunctionName = testLambda.Name,\n FunctionVersion = \"$LATEST\",\n });\n\n var allowCloudwatch = new Aws.Lambda.Permission(\"allow_cloudwatch\", new()\n {\n StatementId = \"AllowExecutionFromCloudWatch\",\n Action = \"lambda:InvokeFunction\",\n Function = testLambda.Name,\n Principal = \"events.amazonaws.com\",\n SourceArn = \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n Qualifier = testAlias.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"lambda.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestLambda, err := lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambdatest.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(\"nodejs16.x\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestAlias, err := lambda.NewAlias(ctx, \"test_alias\", \u0026lambda.AliasArgs{\n\t\t\tName: pulumi.String(\"testalias\"),\n\t\t\tDescription: pulumi.String(\"a sample description\"),\n\t\t\tFunctionName: testLambda.Name,\n\t\t\tFunctionVersion: pulumi.String(\"$LATEST\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_cloudwatch\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromCloudWatch\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: testLambda.Name,\n\t\t\tPrincipal: pulumi.String(\"events.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.String(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\"),\n\t\t\tQualifier: testAlias.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.Alias;\nimport com.pulumi.aws.lambda.AliasArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"lambda.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambdatest.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.handler\")\n .runtime(\"nodejs16.x\")\n .build());\n\n var testAlias = new Alias(\"testAlias\", AliasArgs.builder() \n .name(\"testalias\")\n .description(\"a sample description\")\n .functionName(testLambda.name())\n .functionVersion(\"$LATEST\")\n .build());\n\n var allowCloudwatch = new Permission(\"allowCloudwatch\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromCloudWatch\")\n .action(\"lambda:InvokeFunction\")\n .function(testLambda.name())\n .principal(\"events.amazonaws.com\")\n .sourceArn(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\")\n .qualifier(testAlias.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowCloudwatch:\n type: aws:lambda:Permission\n name: allow_cloudwatch\n properties:\n statementId: AllowExecutionFromCloudWatch\n action: lambda:InvokeFunction\n function: ${testLambda.name}\n principal: events.amazonaws.com\n sourceArn: arn:aws:events:eu-west-1:111122223333:rule/RunDaily\n qualifier: ${testAlias.name}\n testAlias:\n type: aws:lambda:Alias\n name: test_alias\n properties:\n name: testalias\n description: a sample description\n functionName: ${testLambda.name}\n functionVersion: $LATEST\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambdatest.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: exports.handler\n runtime: nodejs16.x\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: lambda.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With SNS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.sns.Topic(\"default\", {name: \"call-lambda-maybe\"});\nconst defaultRole = new aws.iam.Role(\"default\", {\n name: \"iam_for_lambda_with_sns\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"lambda.amazonaws.com\",\n },\n }],\n }),\n});\nconst func = new aws.lambda.Function(\"func\", {\n code: new pulumi.asset.FileArchive(\"lambdatest.zip\"),\n name: \"lambda_called_from_sns\",\n role: defaultRole.arn,\n handler: \"exports.handler\",\n runtime: \"python3.7\",\n});\nconst withSns = new aws.lambda.Permission(\"with_sns\", {\n statementId: \"AllowExecutionFromSNS\",\n action: \"lambda:InvokeFunction\",\n \"function\": func.name,\n principal: \"sns.amazonaws.com\",\n sourceArn: _default.arn,\n});\nconst lambda = new aws.sns.TopicSubscription(\"lambda\", {\n topic: _default.arn,\n protocol: \"lambda\",\n endpoint: func.arn,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ndefault = aws.sns.Topic(\"default\", name=\"call-lambda-maybe\")\ndefault_role = aws.iam.Role(\"default\",\n name=\"iam_for_lambda_with_sns\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"lambda.amazonaws.com\",\n },\n }],\n }))\nfunc = aws.lambda_.Function(\"func\",\n code=pulumi.FileArchive(\"lambdatest.zip\"),\n name=\"lambda_called_from_sns\",\n role=default_role.arn,\n handler=\"exports.handler\",\n runtime=\"python3.7\")\nwith_sns = aws.lambda_.Permission(\"with_sns\",\n statement_id=\"AllowExecutionFromSNS\",\n action=\"lambda:InvokeFunction\",\n function=func.name,\n principal=\"sns.amazonaws.com\",\n source_arn=default.arn)\nlambda_ = aws.sns.TopicSubscription(\"lambda\",\n topic=default.arn,\n protocol=\"lambda\",\n endpoint=func.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Sns.Topic(\"default\", new()\n {\n Name = \"call-lambda-maybe\",\n });\n\n var defaultRole = new Aws.Iam.Role(\"default\", new()\n {\n Name = \"iam_for_lambda_with_sns\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"lambda.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var func = new Aws.Lambda.Function(\"func\", new()\n {\n Code = new FileArchive(\"lambdatest.zip\"),\n Name = \"lambda_called_from_sns\",\n Role = defaultRole.Arn,\n Handler = \"exports.handler\",\n Runtime = \"python3.7\",\n });\n\n var withSns = new Aws.Lambda.Permission(\"with_sns\", new()\n {\n StatementId = \"AllowExecutionFromSNS\",\n Action = \"lambda:InvokeFunction\",\n Function = func.Name,\n Principal = \"sns.amazonaws.com\",\n SourceArn = @default.Arn,\n });\n\n var lambda = new Aws.Sns.TopicSubscription(\"lambda\", new()\n {\n Topic = @default.Arn,\n Protocol = \"lambda\",\n Endpoint = func.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopic(ctx, \"default\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"call-lambda-maybe\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"lambda.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tdefaultRole, err := iam.NewRole(ctx, \"default\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda_with_sns\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"func\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambdatest.zip\"),\n\t\t\tName: pulumi.String(\"lambda_called_from_sns\"),\n\t\t\tRole: defaultRole.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(\"python3.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"with_sns\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromSNS\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: _func.Name,\n\t\t\tPrincipal: pulumi.String(\"sns.amazonaws.com\"),\n\t\t\tSourceArn: _default.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"lambda\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: _default.Arn,\n\t\t\tProtocol: pulumi.String(\"lambda\"),\n\t\t\tEndpoint: _func.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Topic(\"default\", TopicArgs.builder() \n .name(\"call-lambda-maybe\")\n .build());\n\n var defaultRole = new Role(\"defaultRole\", RoleArgs.builder() \n .name(\"iam_for_lambda_with_sns\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"lambda.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var func = new Function(\"func\", FunctionArgs.builder() \n .code(new FileArchive(\"lambdatest.zip\"))\n .name(\"lambda_called_from_sns\")\n .role(defaultRole.arn())\n .handler(\"exports.handler\")\n .runtime(\"python3.7\")\n .build());\n\n var withSns = new Permission(\"withSns\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromSNS\")\n .action(\"lambda:InvokeFunction\")\n .function(func.name())\n .principal(\"sns.amazonaws.com\")\n .sourceArn(default_.arn())\n .build());\n\n var lambda = new TopicSubscription(\"lambda\", TopicSubscriptionArgs.builder() \n .topic(default_.arn())\n .protocol(\"lambda\")\n .endpoint(func.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n withSns:\n type: aws:lambda:Permission\n name: with_sns\n properties:\n statementId: AllowExecutionFromSNS\n action: lambda:InvokeFunction\n function: ${func.name}\n principal: sns.amazonaws.com\n sourceArn: ${default.arn}\n default:\n type: aws:sns:Topic\n properties:\n name: call-lambda-maybe\n lambda:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${default.arn}\n protocol: lambda\n endpoint: ${func.arn}\n func:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambdatest.zip\n name: lambda_called_from_sns\n role: ${defaultRole.arn}\n handler: exports.handler\n runtime: python3.7\n defaultRole:\n type: aws:iam:Role\n name: default\n properties:\n name: iam_for_lambda_with_sns\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: lambda.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With API Gateway REST API\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst lambdaPermission = new aws.lambda.Permission(\"lambda_permission\", {\n statementId: \"AllowMyDemoAPIInvoke\",\n action: \"lambda:InvokeFunction\",\n \"function\": \"MyDemoFunction\",\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`${myDemoAPI.executionArn}/*`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nlambda_permission = aws.lambda_.Permission(\"lambda_permission\",\n statement_id=\"AllowMyDemoAPIInvoke\",\n action=\"lambda:InvokeFunction\",\n function=\"MyDemoFunction\",\n principal=\"apigateway.amazonaws.com\",\n source_arn=my_demo_api.execution_arn.apply(lambda execution_arn: f\"{execution_arn}/*\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var lambdaPermission = new Aws.Lambda.Permission(\"lambda_permission\", new()\n {\n StatementId = \"AllowMyDemoAPIInvoke\",\n Action = \"lambda:InvokeFunction\",\n Function = \"MyDemoFunction\",\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = myDemoAPI.ExecutionArn.Apply(executionArn =\u003e $\"{executionArn}/*\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"lambda_permission\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowMyDemoAPIInvoke\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: pulumi.Any(\"MyDemoFunction\"),\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: myDemoAPI.ExecutionArn.ApplyT(func(executionArn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/*\", executionArn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder() \n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var lambdaPermission = new Permission(\"lambdaPermission\", PermissionArgs.builder() \n .statementId(\"AllowMyDemoAPIInvoke\")\n .action(\"lambda:InvokeFunction\")\n .function(\"MyDemoFunction\")\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(myDemoAPI.executionArn().applyValue(executionArn -\u003e String.format(\"%s/*\", executionArn)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n lambdaPermission:\n type: aws:lambda:Permission\n name: lambda_permission\n properties:\n statementId: AllowMyDemoAPIInvoke\n action: lambda:InvokeFunction\n function: MyDemoFunction\n principal: apigateway.amazonaws.com\n sourceArn: ${myDemoAPI.executionArn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With CloudWatch Log Group\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.cloudwatch.LogGroup(\"default\", {name: \"/default\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst defaultRole = new aws.iam.Role(\"default\", {\n name: \"iam_for_lambda_called_from_cloudwatch_logs\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst loggingFunction = new aws.lambda.Function(\"logging\", {\n code: new pulumi.asset.FileArchive(\"lamba_logging.zip\"),\n name: \"lambda_called_from_cloudwatch_logs\",\n handler: \"exports.handler\",\n role: defaultRole.arn,\n runtime: \"python3.7\",\n});\nconst logging = new aws.lambda.Permission(\"logging\", {\n action: \"lambda:InvokeFunction\",\n \"function\": loggingFunction.name,\n principal: \"logs.eu-west-1.amazonaws.com\",\n sourceArn: pulumi.interpolate`${_default.arn}:*`,\n});\nconst loggingLogSubscriptionFilter = new aws.cloudwatch.LogSubscriptionFilter(\"logging\", {\n destinationArn: loggingFunction.arn,\n filterPattern: \"\",\n logGroup: _default.name,\n name: \"logging_default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.cloudwatch.LogGroup(\"default\", name=\"/default\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ndefault_role = aws.iam.Role(\"default\",\n name=\"iam_for_lambda_called_from_cloudwatch_logs\",\n assume_role_policy=assume_role.json)\nlogging_function = aws.lambda_.Function(\"logging\",\n code=pulumi.FileArchive(\"lamba_logging.zip\"),\n name=\"lambda_called_from_cloudwatch_logs\",\n handler=\"exports.handler\",\n role=default_role.arn,\n runtime=\"python3.7\")\nlogging = aws.lambda_.Permission(\"logging\",\n action=\"lambda:InvokeFunction\",\n function=logging_function.name,\n principal=\"logs.eu-west-1.amazonaws.com\",\n source_arn=default.arn.apply(lambda arn: f\"{arn}:*\"))\nlogging_log_subscription_filter = aws.cloudwatch.LogSubscriptionFilter(\"logging\",\n destination_arn=logging_function.arn,\n filter_pattern=\"\",\n log_group=default.name,\n name=\"logging_default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.CloudWatch.LogGroup(\"default\", new()\n {\n Name = \"/default\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var defaultRole = new Aws.Iam.Role(\"default\", new()\n {\n Name = \"iam_for_lambda_called_from_cloudwatch_logs\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var loggingFunction = new Aws.Lambda.Function(\"logging\", new()\n {\n Code = new FileArchive(\"lamba_logging.zip\"),\n Name = \"lambda_called_from_cloudwatch_logs\",\n Handler = \"exports.handler\",\n Role = defaultRole.Arn,\n Runtime = \"python3.7\",\n });\n\n var logging = new Aws.Lambda.Permission(\"logging\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = loggingFunction.Name,\n Principal = \"logs.eu-west-1.amazonaws.com\",\n SourceArn = @default.Arn.Apply(arn =\u003e $\"{arn}:*\"),\n });\n\n var loggingLogSubscriptionFilter = new Aws.CloudWatch.LogSubscriptionFilter(\"logging\", new()\n {\n DestinationArn = loggingFunction.Arn,\n FilterPattern = \"\",\n LogGroup = @default.Name,\n Name = \"logging_default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewLogGroup(ctx, \"default\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"/default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRole, err := iam.NewRole(ctx, \"default\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda_called_from_cloudwatch_logs\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tloggingFunction, err := lambda.NewFunction(ctx, \"logging\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lamba_logging.zip\"),\n\t\t\tName: pulumi.String(\"lambda_called_from_cloudwatch_logs\"),\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRole: defaultRole.Arn,\n\t\t\tRuntime: pulumi.String(\"python3.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"logging\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: loggingFunction.Name,\n\t\t\tPrincipal: pulumi.String(\"logs.eu-west-1.amazonaws.com\"),\n\t\t\tSourceArn: _default.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogSubscriptionFilter(ctx, \"logging\", \u0026cloudwatch.LogSubscriptionFilterArgs{\n\t\t\tDestinationArn: loggingFunction.Arn,\n\t\t\tFilterPattern: pulumi.String(\"\"),\n\t\t\tLogGroup: _default.Name,\n\t\t\tName: pulumi.String(\"logging_default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.cloudwatch.LogSubscriptionFilter;\nimport com.pulumi.aws.cloudwatch.LogSubscriptionFilterArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new LogGroup(\"default\", LogGroupArgs.builder() \n .name(\"/default\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var defaultRole = new Role(\"defaultRole\", RoleArgs.builder() \n .name(\"iam_for_lambda_called_from_cloudwatch_logs\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var loggingFunction = new Function(\"loggingFunction\", FunctionArgs.builder() \n .code(new FileArchive(\"lamba_logging.zip\"))\n .name(\"lambda_called_from_cloudwatch_logs\")\n .handler(\"exports.handler\")\n .role(defaultRole.arn())\n .runtime(\"python3.7\")\n .build());\n\n var logging = new Permission(\"logging\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(loggingFunction.name())\n .principal(\"logs.eu-west-1.amazonaws.com\")\n .sourceArn(default_.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .build());\n\n var loggingLogSubscriptionFilter = new LogSubscriptionFilter(\"loggingLogSubscriptionFilter\", LogSubscriptionFilterArgs.builder() \n .destinationArn(loggingFunction.arn())\n .filterPattern(\"\")\n .logGroup(default_.name())\n .name(\"logging_default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n logging:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${loggingFunction.name}\n principal: logs.eu-west-1.amazonaws.com\n sourceArn: ${default.arn}:*\n default:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /default\n loggingLogSubscriptionFilter:\n type: aws:cloudwatch:LogSubscriptionFilter\n name: logging\n properties:\n destinationArn: ${loggingFunction.arn}\n filterPattern:\n logGroup: ${default.name}\n name: logging_default\n loggingFunction:\n type: aws:lambda:Function\n name: logging\n properties:\n code:\n fn::FileArchive: lamba_logging.zip\n name: lambda_called_from_cloudwatch_logs\n handler: exports.handler\n role: ${defaultRole.arn}\n runtime: python3.7\n defaultRole:\n type: aws:iam:Role\n name: default\n properties:\n name: iam_for_lambda_called_from_cloudwatch_logs\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Cross-Account Invocation Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst url = new aws.lambda.FunctionUrl(\"url\", {\n functionName: example.functionName,\n authorizationType: \"AWS_IAM\",\n});\nconst urlPermission = new aws.lambda.Permission(\"url\", {\n action: \"lambda:InvokeFunctionUrl\",\n \"function\": example.functionName,\n principal: \"arn:aws:iam::444455556666:role/example\",\n sourceAccount: \"444455556666\",\n functionUrlAuthType: \"AWS_IAM\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nurl = aws.lambda_.FunctionUrl(\"url\",\n function_name=example[\"functionName\"],\n authorization_type=\"AWS_IAM\")\nurl_permission = aws.lambda_.Permission(\"url\",\n action=\"lambda:InvokeFunctionUrl\",\n function=example[\"functionName\"],\n principal=\"arn:aws:iam::444455556666:role/example\",\n source_account=\"444455556666\",\n function_url_auth_type=\"AWS_IAM\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var url = new Aws.Lambda.FunctionUrl(\"url\", new()\n {\n FunctionName = example.FunctionName,\n AuthorizationType = \"AWS_IAM\",\n });\n\n var urlPermission = new Aws.Lambda.Permission(\"url\", new()\n {\n Action = \"lambda:InvokeFunctionUrl\",\n Function = example.FunctionName,\n Principal = \"arn:aws:iam::444455556666:role/example\",\n SourceAccount = \"444455556666\",\n FunctionUrlAuthType = \"AWS_IAM\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewFunctionUrl(ctx, \"url\", \u0026lambda.FunctionUrlArgs{\n\t\t\tFunctionName: pulumi.Any(example.FunctionName),\n\t\t\tAuthorizationType: pulumi.String(\"AWS_IAM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"url\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunctionUrl\"),\n\t\t\tFunction: pulumi.Any(example.FunctionName),\n\t\t\tPrincipal: pulumi.String(\"arn:aws:iam::444455556666:role/example\"),\n\t\t\tSourceAccount: pulumi.String(\"444455556666\"),\n\t\t\tFunctionUrlAuthType: pulumi.String(\"AWS_IAM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.FunctionUrl;\nimport com.pulumi.aws.lambda.FunctionUrlArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var url = new FunctionUrl(\"url\", FunctionUrlArgs.builder() \n .functionName(example.functionName())\n .authorizationType(\"AWS_IAM\")\n .build());\n\n var urlPermission = new Permission(\"urlPermission\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunctionUrl\")\n .function(example.functionName())\n .principal(\"arn:aws:iam::444455556666:role/example\")\n .sourceAccount(\"444455556666\")\n .functionUrlAuthType(\"AWS_IAM\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n url:\n type: aws:lambda:FunctionUrl\n properties:\n functionName: ${example.functionName}\n authorizationType: AWS_IAM\n urlPermission:\n type: aws:lambda:Permission\n name: url\n properties:\n action: lambda:InvokeFunctionUrl\n function: ${example.functionName}\n principal: arn:aws:iam::444455556666:role/example\n sourceAccount: '444455556666'\n functionUrlAuthType: AWS_IAM\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With `replace_triggered_by` Lifecycle Configuration\n\nIf omitting the `qualifier` argument (which forces re-creation each time a function version is published), a `lifecycle` block can be used to ensure permissions are re-applied on any change to the underlying function.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst logging = new aws.lambda.Permission(\"logging\", {\n action: \"lambda:InvokeFunction\",\n \"function\": example.functionName,\n principal: \"events.amazonaws.com\",\n sourceArn: \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlogging = aws.lambda_.Permission(\"logging\",\n action=\"lambda:InvokeFunction\",\n function=example[\"functionName\"],\n principal=\"events.amazonaws.com\",\n source_arn=\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var logging = new Aws.Lambda.Permission(\"logging\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = example.FunctionName,\n Principal = \"events.amazonaws.com\",\n SourceArn = \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewPermission(ctx, \"logging\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: pulumi.Any(example.FunctionName),\n\t\t\tPrincipal: pulumi.String(\"events.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.String(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var logging = new Permission(\"logging\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(example.functionName())\n .principal(\"events.amazonaws.com\")\n .sourceArn(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n logging:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${example.functionName}\n principal: events.amazonaws.com\n sourceArn: arn:aws:events:eu-west-1:111122223333:rule/RunDaily\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Lambda permission statements using function_name/statement_id with an optional qualifier. For example:\n\n```sh\n$ pulumi import aws:lambda/permission:Permission test_lambda_permission my_test_lambda_function/AllowExecutionFromCloudWatch\n```\n```sh\n$ pulumi import aws:lambda/permission:Permission test_lambda_permission my_test_lambda_function:qualifier_name/AllowExecutionFromCloudWatch\n```\n", + "description": "Gives an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"lambda.amazonaws.com\",\n },\n }],\n }),\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambdatest.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"exports.handler\",\n runtime: aws.lambda.Runtime.NodeJS16dX,\n});\nconst testAlias = new aws.lambda.Alias(\"test_alias\", {\n name: \"testalias\",\n description: \"a sample description\",\n functionName: testLambda.name,\n functionVersion: \"$LATEST\",\n});\nconst allowCloudwatch = new aws.lambda.Permission(\"allow_cloudwatch\", {\n statementId: \"AllowExecutionFromCloudWatch\",\n action: \"lambda:InvokeFunction\",\n \"function\": testLambda.name,\n principal: \"events.amazonaws.com\",\n sourceArn: \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n qualifier: testAlias.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"lambda.amazonaws.com\",\n },\n }],\n }))\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambdatest.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"exports.handler\",\n runtime=aws.lambda_.Runtime.NODE_JS16D_X)\ntest_alias = aws.lambda_.Alias(\"test_alias\",\n name=\"testalias\",\n description=\"a sample description\",\n function_name=test_lambda.name,\n function_version=\"$LATEST\")\nallow_cloudwatch = aws.lambda_.Permission(\"allow_cloudwatch\",\n statement_id=\"AllowExecutionFromCloudWatch\",\n action=\"lambda:InvokeFunction\",\n function=test_lambda.name,\n principal=\"events.amazonaws.com\",\n source_arn=\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n qualifier=test_alias.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"lambda.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambdatest.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.handler\",\n Runtime = Aws.Lambda.Runtime.NodeJS16dX,\n });\n\n var testAlias = new Aws.Lambda.Alias(\"test_alias\", new()\n {\n Name = \"testalias\",\n Description = \"a sample description\",\n FunctionName = testLambda.Name,\n FunctionVersion = \"$LATEST\",\n });\n\n var allowCloudwatch = new Aws.Lambda.Permission(\"allow_cloudwatch\", new()\n {\n StatementId = \"AllowExecutionFromCloudWatch\",\n Action = \"lambda:InvokeFunction\",\n Function = testLambda.Name,\n Principal = \"events.amazonaws.com\",\n SourceArn = \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n Qualifier = testAlias.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"lambda.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestLambda, err := lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambdatest.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeNodeJS16dX),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestAlias, err := lambda.NewAlias(ctx, \"test_alias\", \u0026lambda.AliasArgs{\n\t\t\tName: pulumi.String(\"testalias\"),\n\t\t\tDescription: pulumi.String(\"a sample description\"),\n\t\t\tFunctionName: testLambda.Name,\n\t\t\tFunctionVersion: pulumi.String(\"$LATEST\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_cloudwatch\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromCloudWatch\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: testLambda.Name,\n\t\t\tPrincipal: pulumi.String(\"events.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.String(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\"),\n\t\t\tQualifier: testAlias.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.Alias;\nimport com.pulumi.aws.lambda.AliasArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"lambda.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambdatest.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.handler\")\n .runtime(\"nodejs16.x\")\n .build());\n\n var testAlias = new Alias(\"testAlias\", AliasArgs.builder() \n .name(\"testalias\")\n .description(\"a sample description\")\n .functionName(testLambda.name())\n .functionVersion(\"$LATEST\")\n .build());\n\n var allowCloudwatch = new Permission(\"allowCloudwatch\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromCloudWatch\")\n .action(\"lambda:InvokeFunction\")\n .function(testLambda.name())\n .principal(\"events.amazonaws.com\")\n .sourceArn(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\")\n .qualifier(testAlias.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowCloudwatch:\n type: aws:lambda:Permission\n name: allow_cloudwatch\n properties:\n statementId: AllowExecutionFromCloudWatch\n action: lambda:InvokeFunction\n function: ${testLambda.name}\n principal: events.amazonaws.com\n sourceArn: arn:aws:events:eu-west-1:111122223333:rule/RunDaily\n qualifier: ${testAlias.name}\n testAlias:\n type: aws:lambda:Alias\n name: test_alias\n properties:\n name: testalias\n description: a sample description\n functionName: ${testLambda.name}\n functionVersion: $LATEST\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambdatest.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: exports.handler\n runtime: nodejs16.x\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: lambda.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With SNS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.sns.Topic(\"default\", {name: \"call-lambda-maybe\"});\nconst defaultRole = new aws.iam.Role(\"default\", {\n name: \"iam_for_lambda_with_sns\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"lambda.amazonaws.com\",\n },\n }],\n }),\n});\nconst func = new aws.lambda.Function(\"func\", {\n code: new pulumi.asset.FileArchive(\"lambdatest.zip\"),\n name: \"lambda_called_from_sns\",\n role: defaultRole.arn,\n handler: \"exports.handler\",\n runtime: aws.lambda.Runtime.Python3d7,\n});\nconst withSns = new aws.lambda.Permission(\"with_sns\", {\n statementId: \"AllowExecutionFromSNS\",\n action: \"lambda:InvokeFunction\",\n \"function\": func.name,\n principal: \"sns.amazonaws.com\",\n sourceArn: _default.arn,\n});\nconst lambda = new aws.sns.TopicSubscription(\"lambda\", {\n topic: _default.arn,\n protocol: \"lambda\",\n endpoint: func.arn,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ndefault = aws.sns.Topic(\"default\", name=\"call-lambda-maybe\")\ndefault_role = aws.iam.Role(\"default\",\n name=\"iam_for_lambda_with_sns\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"lambda.amazonaws.com\",\n },\n }],\n }))\nfunc = aws.lambda_.Function(\"func\",\n code=pulumi.FileArchive(\"lambdatest.zip\"),\n name=\"lambda_called_from_sns\",\n role=default_role.arn,\n handler=\"exports.handler\",\n runtime=aws.lambda_.Runtime.PYTHON3D7)\nwith_sns = aws.lambda_.Permission(\"with_sns\",\n statement_id=\"AllowExecutionFromSNS\",\n action=\"lambda:InvokeFunction\",\n function=func.name,\n principal=\"sns.amazonaws.com\",\n source_arn=default.arn)\nlambda_ = aws.sns.TopicSubscription(\"lambda\",\n topic=default.arn,\n protocol=\"lambda\",\n endpoint=func.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Sns.Topic(\"default\", new()\n {\n Name = \"call-lambda-maybe\",\n });\n\n var defaultRole = new Aws.Iam.Role(\"default\", new()\n {\n Name = \"iam_for_lambda_with_sns\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"lambda.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var func = new Aws.Lambda.Function(\"func\", new()\n {\n Code = new FileArchive(\"lambdatest.zip\"),\n Name = \"lambda_called_from_sns\",\n Role = defaultRole.Arn,\n Handler = \"exports.handler\",\n Runtime = Aws.Lambda.Runtime.Python3d7,\n });\n\n var withSns = new Aws.Lambda.Permission(\"with_sns\", new()\n {\n StatementId = \"AllowExecutionFromSNS\",\n Action = \"lambda:InvokeFunction\",\n Function = func.Name,\n Principal = \"sns.amazonaws.com\",\n SourceArn = @default.Arn,\n });\n\n var lambda = new Aws.Sns.TopicSubscription(\"lambda\", new()\n {\n Topic = @default.Arn,\n Protocol = \"lambda\",\n Endpoint = func.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopic(ctx, \"default\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"call-lambda-maybe\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"lambda.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tdefaultRole, err := iam.NewRole(ctx, \"default\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda_with_sns\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"func\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambdatest.zip\"),\n\t\t\tName: pulumi.String(\"lambda_called_from_sns\"),\n\t\t\tRole: defaultRole.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimePython3d7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"with_sns\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromSNS\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: _func.Name,\n\t\t\tPrincipal: pulumi.String(\"sns.amazonaws.com\"),\n\t\t\tSourceArn: _default.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"lambda\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: _default.Arn,\n\t\t\tProtocol: pulumi.String(\"lambda\"),\n\t\t\tEndpoint: _func.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Topic(\"default\", TopicArgs.builder() \n .name(\"call-lambda-maybe\")\n .build());\n\n var defaultRole = new Role(\"defaultRole\", RoleArgs.builder() \n .name(\"iam_for_lambda_with_sns\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"lambda.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n var func = new Function(\"func\", FunctionArgs.builder() \n .code(new FileArchive(\"lambdatest.zip\"))\n .name(\"lambda_called_from_sns\")\n .role(defaultRole.arn())\n .handler(\"exports.handler\")\n .runtime(\"python3.7\")\n .build());\n\n var withSns = new Permission(\"withSns\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromSNS\")\n .action(\"lambda:InvokeFunction\")\n .function(func.name())\n .principal(\"sns.amazonaws.com\")\n .sourceArn(default_.arn())\n .build());\n\n var lambda = new TopicSubscription(\"lambda\", TopicSubscriptionArgs.builder() \n .topic(default_.arn())\n .protocol(\"lambda\")\n .endpoint(func.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n withSns:\n type: aws:lambda:Permission\n name: with_sns\n properties:\n statementId: AllowExecutionFromSNS\n action: lambda:InvokeFunction\n function: ${func.name}\n principal: sns.amazonaws.com\n sourceArn: ${default.arn}\n default:\n type: aws:sns:Topic\n properties:\n name: call-lambda-maybe\n lambda:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${default.arn}\n protocol: lambda\n endpoint: ${func.arn}\n func:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambdatest.zip\n name: lambda_called_from_sns\n role: ${defaultRole.arn}\n handler: exports.handler\n runtime: python3.7\n defaultRole:\n type: aws:iam:Role\n name: default\n properties:\n name: iam_for_lambda_with_sns\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: lambda.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With API Gateway REST API\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst lambdaPermission = new aws.lambda.Permission(\"lambda_permission\", {\n statementId: \"AllowMyDemoAPIInvoke\",\n action: \"lambda:InvokeFunction\",\n \"function\": \"MyDemoFunction\",\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`${myDemoAPI.executionArn}/*`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nlambda_permission = aws.lambda_.Permission(\"lambda_permission\",\n statement_id=\"AllowMyDemoAPIInvoke\",\n action=\"lambda:InvokeFunction\",\n function=\"MyDemoFunction\",\n principal=\"apigateway.amazonaws.com\",\n source_arn=my_demo_api.execution_arn.apply(lambda execution_arn: f\"{execution_arn}/*\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var lambdaPermission = new Aws.Lambda.Permission(\"lambda_permission\", new()\n {\n StatementId = \"AllowMyDemoAPIInvoke\",\n Action = \"lambda:InvokeFunction\",\n Function = \"MyDemoFunction\",\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = myDemoAPI.ExecutionArn.Apply(executionArn =\u003e $\"{executionArn}/*\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"lambda_permission\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowMyDemoAPIInvoke\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: pulumi.Any(\"MyDemoFunction\"),\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: myDemoAPI.ExecutionArn.ApplyT(func(executionArn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/*\", executionArn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder() \n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var lambdaPermission = new Permission(\"lambdaPermission\", PermissionArgs.builder() \n .statementId(\"AllowMyDemoAPIInvoke\")\n .action(\"lambda:InvokeFunction\")\n .function(\"MyDemoFunction\")\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(myDemoAPI.executionArn().applyValue(executionArn -\u003e String.format(\"%s/*\", executionArn)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n lambdaPermission:\n type: aws:lambda:Permission\n name: lambda_permission\n properties:\n statementId: AllowMyDemoAPIInvoke\n action: lambda:InvokeFunction\n function: MyDemoFunction\n principal: apigateway.amazonaws.com\n sourceArn: ${myDemoAPI.executionArn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With CloudWatch Log Group\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.cloudwatch.LogGroup(\"default\", {name: \"/default\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst defaultRole = new aws.iam.Role(\"default\", {\n name: \"iam_for_lambda_called_from_cloudwatch_logs\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst loggingFunction = new aws.lambda.Function(\"logging\", {\n code: new pulumi.asset.FileArchive(\"lamba_logging.zip\"),\n name: \"lambda_called_from_cloudwatch_logs\",\n handler: \"exports.handler\",\n role: defaultRole.arn,\n runtime: aws.lambda.Runtime.Python3d7,\n});\nconst logging = new aws.lambda.Permission(\"logging\", {\n action: \"lambda:InvokeFunction\",\n \"function\": loggingFunction.name,\n principal: \"logs.eu-west-1.amazonaws.com\",\n sourceArn: pulumi.interpolate`${_default.arn}:*`,\n});\nconst loggingLogSubscriptionFilter = new aws.cloudwatch.LogSubscriptionFilter(\"logging\", {\n destinationArn: loggingFunction.arn,\n filterPattern: \"\",\n logGroup: _default.name,\n name: \"logging_default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.cloudwatch.LogGroup(\"default\", name=\"/default\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ndefault_role = aws.iam.Role(\"default\",\n name=\"iam_for_lambda_called_from_cloudwatch_logs\",\n assume_role_policy=assume_role.json)\nlogging_function = aws.lambda_.Function(\"logging\",\n code=pulumi.FileArchive(\"lamba_logging.zip\"),\n name=\"lambda_called_from_cloudwatch_logs\",\n handler=\"exports.handler\",\n role=default_role.arn,\n runtime=aws.lambda_.Runtime.PYTHON3D7)\nlogging = aws.lambda_.Permission(\"logging\",\n action=\"lambda:InvokeFunction\",\n function=logging_function.name,\n principal=\"logs.eu-west-1.amazonaws.com\",\n source_arn=default.arn.apply(lambda arn: f\"{arn}:*\"))\nlogging_log_subscription_filter = aws.cloudwatch.LogSubscriptionFilter(\"logging\",\n destination_arn=logging_function.arn,\n filter_pattern=\"\",\n log_group=default.name,\n name=\"logging_default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.CloudWatch.LogGroup(\"default\", new()\n {\n Name = \"/default\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var defaultRole = new Aws.Iam.Role(\"default\", new()\n {\n Name = \"iam_for_lambda_called_from_cloudwatch_logs\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var loggingFunction = new Aws.Lambda.Function(\"logging\", new()\n {\n Code = new FileArchive(\"lamba_logging.zip\"),\n Name = \"lambda_called_from_cloudwatch_logs\",\n Handler = \"exports.handler\",\n Role = defaultRole.Arn,\n Runtime = Aws.Lambda.Runtime.Python3d7,\n });\n\n var logging = new Aws.Lambda.Permission(\"logging\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = loggingFunction.Name,\n Principal = \"logs.eu-west-1.amazonaws.com\",\n SourceArn = @default.Arn.Apply(arn =\u003e $\"{arn}:*\"),\n });\n\n var loggingLogSubscriptionFilter = new Aws.CloudWatch.LogSubscriptionFilter(\"logging\", new()\n {\n DestinationArn = loggingFunction.Arn,\n FilterPattern = \"\",\n LogGroup = @default.Name,\n Name = \"logging_default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewLogGroup(ctx, \"default\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"/default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRole, err := iam.NewRole(ctx, \"default\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda_called_from_cloudwatch_logs\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tloggingFunction, err := lambda.NewFunction(ctx, \"logging\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lamba_logging.zip\"),\n\t\t\tName: pulumi.String(\"lambda_called_from_cloudwatch_logs\"),\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRole: defaultRole.Arn,\n\t\t\tRuntime: pulumi.String(lambda.RuntimePython3d7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"logging\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: loggingFunction.Name,\n\t\t\tPrincipal: pulumi.String(\"logs.eu-west-1.amazonaws.com\"),\n\t\t\tSourceArn: _default.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogSubscriptionFilter(ctx, \"logging\", \u0026cloudwatch.LogSubscriptionFilterArgs{\n\t\t\tDestinationArn: loggingFunction.Arn,\n\t\t\tFilterPattern: pulumi.String(\"\"),\n\t\t\tLogGroup: _default.Name,\n\t\t\tName: pulumi.String(\"logging_default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.cloudwatch.LogSubscriptionFilter;\nimport com.pulumi.aws.cloudwatch.LogSubscriptionFilterArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new LogGroup(\"default\", LogGroupArgs.builder() \n .name(\"/default\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var defaultRole = new Role(\"defaultRole\", RoleArgs.builder() \n .name(\"iam_for_lambda_called_from_cloudwatch_logs\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var loggingFunction = new Function(\"loggingFunction\", FunctionArgs.builder() \n .code(new FileArchive(\"lamba_logging.zip\"))\n .name(\"lambda_called_from_cloudwatch_logs\")\n .handler(\"exports.handler\")\n .role(defaultRole.arn())\n .runtime(\"python3.7\")\n .build());\n\n var logging = new Permission(\"logging\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(loggingFunction.name())\n .principal(\"logs.eu-west-1.amazonaws.com\")\n .sourceArn(default_.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .build());\n\n var loggingLogSubscriptionFilter = new LogSubscriptionFilter(\"loggingLogSubscriptionFilter\", LogSubscriptionFilterArgs.builder() \n .destinationArn(loggingFunction.arn())\n .filterPattern(\"\")\n .logGroup(default_.name())\n .name(\"logging_default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n logging:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${loggingFunction.name}\n principal: logs.eu-west-1.amazonaws.com\n sourceArn: ${default.arn}:*\n default:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /default\n loggingLogSubscriptionFilter:\n type: aws:cloudwatch:LogSubscriptionFilter\n name: logging\n properties:\n destinationArn: ${loggingFunction.arn}\n filterPattern:\n logGroup: ${default.name}\n name: logging_default\n loggingFunction:\n type: aws:lambda:Function\n name: logging\n properties:\n code:\n fn::FileArchive: lamba_logging.zip\n name: lambda_called_from_cloudwatch_logs\n handler: exports.handler\n role: ${defaultRole.arn}\n runtime: python3.7\n defaultRole:\n type: aws:iam:Role\n name: default\n properties:\n name: iam_for_lambda_called_from_cloudwatch_logs\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Cross-Account Invocation Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst url = new aws.lambda.FunctionUrl(\"url\", {\n functionName: example.functionName,\n authorizationType: \"AWS_IAM\",\n});\nconst urlPermission = new aws.lambda.Permission(\"url\", {\n action: \"lambda:InvokeFunctionUrl\",\n \"function\": example.functionName,\n principal: \"arn:aws:iam::444455556666:role/example\",\n sourceAccount: \"444455556666\",\n functionUrlAuthType: \"AWS_IAM\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nurl = aws.lambda_.FunctionUrl(\"url\",\n function_name=example[\"functionName\"],\n authorization_type=\"AWS_IAM\")\nurl_permission = aws.lambda_.Permission(\"url\",\n action=\"lambda:InvokeFunctionUrl\",\n function=example[\"functionName\"],\n principal=\"arn:aws:iam::444455556666:role/example\",\n source_account=\"444455556666\",\n function_url_auth_type=\"AWS_IAM\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var url = new Aws.Lambda.FunctionUrl(\"url\", new()\n {\n FunctionName = example.FunctionName,\n AuthorizationType = \"AWS_IAM\",\n });\n\n var urlPermission = new Aws.Lambda.Permission(\"url\", new()\n {\n Action = \"lambda:InvokeFunctionUrl\",\n Function = example.FunctionName,\n Principal = \"arn:aws:iam::444455556666:role/example\",\n SourceAccount = \"444455556666\",\n FunctionUrlAuthType = \"AWS_IAM\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewFunctionUrl(ctx, \"url\", \u0026lambda.FunctionUrlArgs{\n\t\t\tFunctionName: pulumi.Any(example.FunctionName),\n\t\t\tAuthorizationType: pulumi.String(\"AWS_IAM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"url\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunctionUrl\"),\n\t\t\tFunction: pulumi.Any(example.FunctionName),\n\t\t\tPrincipal: pulumi.String(\"arn:aws:iam::444455556666:role/example\"),\n\t\t\tSourceAccount: pulumi.String(\"444455556666\"),\n\t\t\tFunctionUrlAuthType: pulumi.String(\"AWS_IAM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.FunctionUrl;\nimport com.pulumi.aws.lambda.FunctionUrlArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var url = new FunctionUrl(\"url\", FunctionUrlArgs.builder() \n .functionName(example.functionName())\n .authorizationType(\"AWS_IAM\")\n .build());\n\n var urlPermission = new Permission(\"urlPermission\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunctionUrl\")\n .function(example.functionName())\n .principal(\"arn:aws:iam::444455556666:role/example\")\n .sourceAccount(\"444455556666\")\n .functionUrlAuthType(\"AWS_IAM\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n url:\n type: aws:lambda:FunctionUrl\n properties:\n functionName: ${example.functionName}\n authorizationType: AWS_IAM\n urlPermission:\n type: aws:lambda:Permission\n name: url\n properties:\n action: lambda:InvokeFunctionUrl\n function: ${example.functionName}\n principal: arn:aws:iam::444455556666:role/example\n sourceAccount: '444455556666'\n functionUrlAuthType: AWS_IAM\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With `replace_triggered_by` Lifecycle Configuration\n\nIf omitting the `qualifier` argument (which forces re-creation each time a function version is published), a `lifecycle` block can be used to ensure permissions are re-applied on any change to the underlying function.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst logging = new aws.lambda.Permission(\"logging\", {\n action: \"lambda:InvokeFunction\",\n \"function\": example.functionName,\n principal: \"events.amazonaws.com\",\n sourceArn: \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlogging = aws.lambda_.Permission(\"logging\",\n action=\"lambda:InvokeFunction\",\n function=example[\"functionName\"],\n principal=\"events.amazonaws.com\",\n source_arn=\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var logging = new Aws.Lambda.Permission(\"logging\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = example.FunctionName,\n Principal = \"events.amazonaws.com\",\n SourceArn = \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewPermission(ctx, \"logging\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: pulumi.Any(example.FunctionName),\n\t\t\tPrincipal: pulumi.String(\"events.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.String(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var logging = new Permission(\"logging\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(example.functionName())\n .principal(\"events.amazonaws.com\")\n .sourceArn(\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n logging:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${example.functionName}\n principal: events.amazonaws.com\n sourceArn: arn:aws:events:eu-west-1:111122223333:rule/RunDaily\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Lambda permission statements using function_name/statement_id with an optional qualifier. For example:\n\n```sh\n$ pulumi import aws:lambda/permission:Permission test_lambda_permission my_test_lambda_function/AllowExecutionFromCloudWatch\n```\n```sh\n$ pulumi import aws:lambda/permission:Permission test_lambda_permission my_test_lambda_function:qualifier_name/AllowExecutionFromCloudWatch\n```\n", "properties": { "action": { "type": "string", @@ -269808,7 +269808,7 @@ } }, "aws:licensemanager/association:Association": { - "description": "Provides a License Manager association.\n\n\u003e **Note:** License configurations can also be associated with launch templates by specifying the `license_specifications` block for an `aws.ec2.LaunchTemplate`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-vpc-nat*\"],\n }],\n});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n ami: example.then(example =\u003e example.id),\n instanceType: \"t2.micro\",\n});\nconst exampleLicenseConfiguration = new aws.licensemanager.LicenseConfiguration(\"example\", {\n name: \"Example\",\n licenseCountingType: \"Instance\",\n});\nconst exampleAssociation = new aws.licensemanager.Association(\"example\", {\n licenseConfigurationArn: exampleLicenseConfiguration.arn,\n resourceArn: exampleInstance.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-vpc-nat*\"],\n )])\nexample_instance = aws.ec2.Instance(\"example\",\n ami=example.id,\n instance_type=\"t2.micro\")\nexample_license_configuration = aws.licensemanager.LicenseConfiguration(\"example\",\n name=\"Example\",\n license_counting_type=\"Instance\")\nexample_association = aws.licensemanager.Association(\"example\",\n license_configuration_arn=example_license_configuration.arn,\n resource_arn=example_instance.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-vpc-nat*\",\n },\n },\n },\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n Ami = example.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = \"t2.micro\",\n });\n\n var exampleLicenseConfiguration = new Aws.LicenseManager.LicenseConfiguration(\"example\", new()\n {\n Name = \"Example\",\n LicenseCountingType = \"Instance\",\n });\n\n var exampleAssociation = new Aws.LicenseManager.Association(\"example\", new()\n {\n LicenseConfigurationArn = exampleLicenseConfiguration.Arn,\n ResourceArn = exampleInstance.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/licensemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-vpc-nat*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleInstance, err := ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(example.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLicenseConfiguration, err := licensemanager.NewLicenseConfiguration(ctx, \"example\", \u0026licensemanager.LicenseConfigurationArgs{\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t\tLicenseCountingType: pulumi.String(\"Instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = licensemanager.NewAssociation(ctx, \"example\", \u0026licensemanager.AssociationArgs{\n\t\t\tLicenseConfigurationArn: exampleLicenseConfiguration.Arn,\n\t\t\tResourceArn: exampleInstance.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.licensemanager.LicenseConfiguration;\nimport com.pulumi.aws.licensemanager.LicenseConfigurationArgs;\nimport com.pulumi.aws.licensemanager.Association;\nimport com.pulumi.aws.licensemanager.AssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-vpc-nat*\")\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .ami(example.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .build());\n\n var exampleLicenseConfiguration = new LicenseConfiguration(\"exampleLicenseConfiguration\", LicenseConfigurationArgs.builder() \n .name(\"Example\")\n .licenseCountingType(\"Instance\")\n .build());\n\n var exampleAssociation = new Association(\"exampleAssociation\", AssociationArgs.builder() \n .licenseConfigurationArn(exampleLicenseConfiguration.arn())\n .resourceArn(exampleInstance.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n ami: ${example.id}\n instanceType: t2.micro\n exampleLicenseConfiguration:\n type: aws:licensemanager:LicenseConfiguration\n name: example\n properties:\n name: Example\n licenseCountingType: Instance\n exampleAssociation:\n type: aws:licensemanager:Association\n name: example\n properties:\n licenseConfigurationArn: ${exampleLicenseConfiguration.arn}\n resourceArn: ${exampleInstance.arn}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - amzn-ami-vpc-nat*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import license configurations using `resource_arn,license_configuration_arn`. For example:\n\n```sh\n$ pulumi import aws:licensemanager/association:Association example arn:aws:ec2:eu-west-1:123456789012:image/ami-123456789abcdef01,arn:aws:license-manager:eu-west-1:123456789012:license-configuration:lic-0123456789abcdef0123456789abcdef\n```\n", + "description": "Provides a License Manager association.\n\n\u003e **Note:** License configurations can also be associated with launch templates by specifying the `license_specifications` block for an `aws.ec2.LaunchTemplate`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-vpc-nat*\"],\n }],\n});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n ami: example.then(example =\u003e example.id),\n instanceType: aws.ec2.InstanceType.T2_Micro,\n});\nconst exampleLicenseConfiguration = new aws.licensemanager.LicenseConfiguration(\"example\", {\n name: \"Example\",\n licenseCountingType: \"Instance\",\n});\nconst exampleAssociation = new aws.licensemanager.Association(\"example\", {\n licenseConfigurationArn: exampleLicenseConfiguration.arn,\n resourceArn: exampleInstance.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-vpc-nat*\"],\n )])\nexample_instance = aws.ec2.Instance(\"example\",\n ami=example.id,\n instance_type=aws.ec2.InstanceType.T2_MICRO)\nexample_license_configuration = aws.licensemanager.LicenseConfiguration(\"example\",\n name=\"Example\",\n license_counting_type=\"Instance\")\nexample_association = aws.licensemanager.Association(\"example\",\n license_configuration_arn=example_license_configuration.arn,\n resource_arn=example_instance.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"amzn-ami-vpc-nat*\",\n },\n },\n },\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n Ami = example.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n });\n\n var exampleLicenseConfiguration = new Aws.LicenseManager.LicenseConfiguration(\"example\", new()\n {\n Name = \"Example\",\n LicenseCountingType = \"Instance\",\n });\n\n var exampleAssociation = new Aws.LicenseManager.Association(\"example\", new()\n {\n LicenseConfigurationArn = exampleLicenseConfiguration.Arn,\n ResourceArn = exampleInstance.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/licensemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-vpc-nat*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleInstance, err := ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(example.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLicenseConfiguration, err := licensemanager.NewLicenseConfiguration(ctx, \"example\", \u0026licensemanager.LicenseConfigurationArgs{\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t\tLicenseCountingType: pulumi.String(\"Instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = licensemanager.NewAssociation(ctx, \"example\", \u0026licensemanager.AssociationArgs{\n\t\t\tLicenseConfigurationArn: exampleLicenseConfiguration.Arn,\n\t\t\tResourceArn: exampleInstance.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.licensemanager.LicenseConfiguration;\nimport com.pulumi.aws.licensemanager.LicenseConfigurationArgs;\nimport com.pulumi.aws.licensemanager.Association;\nimport com.pulumi.aws.licensemanager.AssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"amzn-ami-vpc-nat*\")\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .ami(example.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t2.micro\")\n .build());\n\n var exampleLicenseConfiguration = new LicenseConfiguration(\"exampleLicenseConfiguration\", LicenseConfigurationArgs.builder() \n .name(\"Example\")\n .licenseCountingType(\"Instance\")\n .build());\n\n var exampleAssociation = new Association(\"exampleAssociation\", AssociationArgs.builder() \n .licenseConfigurationArn(exampleLicenseConfiguration.arn())\n .resourceArn(exampleInstance.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n ami: ${example.id}\n instanceType: t2.micro\n exampleLicenseConfiguration:\n type: aws:licensemanager:LicenseConfiguration\n name: example\n properties:\n name: Example\n licenseCountingType: Instance\n exampleAssociation:\n type: aws:licensemanager:Association\n name: example\n properties:\n licenseConfigurationArn: ${exampleLicenseConfiguration.arn}\n resourceArn: ${exampleInstance.arn}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getAmi\n Arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - amzn-ami-vpc-nat*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import license configurations using `resource_arn,license_configuration_arn`. For example:\n\n```sh\n$ pulumi import aws:licensemanager/association:Association example arn:aws:ec2:eu-west-1:123456789012:image/ami-123456789abcdef01,arn:aws:license-manager:eu-west-1:123456789012:license-configuration:lic-0123456789abcdef0123456789abcdef\n```\n", "properties": { "licenseConfigurationArn": { "type": "string", @@ -271340,7 +271340,7 @@ } }, "aws:lightsail/disk:Disk": { - "description": "Provides a Lightsail Disk resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Disk(\"test\", {\n name: \"test\",\n sizeInGb: 8,\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Disk(\"test\",\n name=\"test\",\n size_in_gb=8,\n availability_zone=available.names[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Disk(\"test\", new()\n {\n Name = \"test\",\n SizeInGb = 8,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDisk(ctx, \"test\", \u0026lightsail.DiskArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tSizeInGb: pulumi.Int(8),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Disk;\nimport com.pulumi.aws.lightsail.DiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Disk(\"test\", DiskArgs.builder() \n .name(\"test\")\n .sizeInGb(8)\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Disk\n properties:\n name: test\n sizeInGb: 8\n availabilityZone: ${available.names[0]}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_lightsail_disk` using the name attribute. For example:\n\n```sh\n$ pulumi import aws:lightsail/disk:Disk test test\n```\n", + "description": "Provides a Lightsail Disk resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Disk(\"test\", {\n name: \"test\",\n sizeInGb: 8,\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Disk(\"test\",\n name=\"test\",\n size_in_gb=8,\n availability_zone=available.names[0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Disk(\"test\", new()\n {\n Name = \"test\",\n SizeInGb = 8,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDisk(ctx, \"test\", \u0026lightsail.DiskArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tSizeInGb: pulumi.Int(8),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Disk;\nimport com.pulumi.aws.lightsail.DiskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Disk(\"test\", DiskArgs.builder() \n .name(\"test\")\n .sizeInGb(8)\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Disk\n properties:\n name: test\n sizeInGb: 8\n availabilityZone: ${available.names[0]}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_lightsail_disk` using the name attribute. For example:\n\n```sh\n$ pulumi import aws:lightsail/disk:Disk test test\n```\n", "properties": { "arn": { "type": "string", @@ -271469,7 +271469,7 @@ } }, "aws:lightsail/disk_attachment:Disk_attachment": { - "description": "Attaches a Lightsail disk to a Lightsail Instance\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Disk(\"test\", {\n name: \"test-disk\",\n sizeInGb: 8,\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n});\nconst testDisk_attachment = new aws.lightsail.Disk_attachment(\"test\", {\n diskName: test.name,\n instanceName: testInstance.name,\n diskPath: \"/dev/xvdf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Disk(\"test\",\n name=\"test-disk\",\n size_in_gb=8,\n availability_zone=available.names[0])\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\")\ntest_disk_attachment = aws.lightsail.Disk_attachment(\"test\",\n disk_name=test.name,\n instance_name=test_instance.name,\n disk_path=\"/dev/xvdf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Disk(\"test\", new()\n {\n Name = \"test-disk\",\n SizeInGb = 8,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n });\n\n var testDisk_attachment = new Aws.LightSail.Disk_attachment(\"test\", new()\n {\n DiskName = test.Name,\n InstanceName = testInstance.Name,\n DiskPath = \"/dev/xvdf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := lightsail.NewDisk(ctx, \"test\", \u0026lightsail.DiskArgs{\n\t\t\tName: pulumi.String(\"test-disk\"),\n\t\t\tSizeInGb: pulumi.Int(8),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDisk_attachment(ctx, \"test\", \u0026lightsail.Disk_attachmentArgs{\n\t\t\tDiskName: test.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t\tDiskPath: pulumi.String(\"/dev/xvdf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Disk;\nimport com.pulumi.aws.lightsail.DiskArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.Disk_attachment;\nimport com.pulumi.aws.lightsail.Disk_attachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Disk(\"test\", DiskArgs.builder() \n .name(\"test-disk\")\n .sizeInGb(8)\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .build());\n\n var testDisk_attachment = new Disk_attachment(\"testDisk_attachment\", Disk_attachmentArgs.builder() \n .diskName(test.name())\n .instanceName(testInstance.name())\n .diskPath(\"/dev/xvdf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Disk\n properties:\n name: test-disk\n sizeInGb: 8\n availabilityZone: ${available.names[0]}\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n testDisk_attachment:\n type: aws:lightsail:Disk_attachment\n name: test\n properties:\n diskName: ${test.name}\n instanceName: ${testInstance.name}\n diskPath: /dev/xvdf\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_lightsail_disk` using the id attribute. For example:\n\n```sh\n$ pulumi import aws:lightsail/disk_attachment:Disk_attachment test test-disk,test-instance\n```\n", + "description": "Attaches a Lightsail disk to a Lightsail Instance\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Disk(\"test\", {\n name: \"test-disk\",\n sizeInGb: 8,\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n});\nconst testDisk_attachment = new aws.lightsail.Disk_attachment(\"test\", {\n diskName: test.name,\n instanceName: testInstance.name,\n diskPath: \"/dev/xvdf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Disk(\"test\",\n name=\"test-disk\",\n size_in_gb=8,\n availability_zone=available.names[0])\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\")\ntest_disk_attachment = aws.lightsail.Disk_attachment(\"test\",\n disk_name=test.name,\n instance_name=test_instance.name,\n disk_path=\"/dev/xvdf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Disk(\"test\", new()\n {\n Name = \"test-disk\",\n SizeInGb = 8,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n });\n\n var testDisk_attachment = new Aws.LightSail.Disk_attachment(\"test\", new()\n {\n DiskName = test.Name,\n InstanceName = testInstance.Name,\n DiskPath = \"/dev/xvdf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := lightsail.NewDisk(ctx, \"test\", \u0026lightsail.DiskArgs{\n\t\t\tName: pulumi.String(\"test-disk\"),\n\t\t\tSizeInGb: pulumi.Int(8),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDisk_attachment(ctx, \"test\", \u0026lightsail.Disk_attachmentArgs{\n\t\t\tDiskName: test.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t\tDiskPath: pulumi.String(\"/dev/xvdf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Disk;\nimport com.pulumi.aws.lightsail.DiskArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.Disk_attachment;\nimport com.pulumi.aws.lightsail.Disk_attachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Disk(\"test\", DiskArgs.builder() \n .name(\"test-disk\")\n .sizeInGb(8)\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .build());\n\n var testDisk_attachment = new Disk_attachment(\"testDisk_attachment\", Disk_attachmentArgs.builder() \n .diskName(test.name())\n .instanceName(testInstance.name())\n .diskPath(\"/dev/xvdf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Disk\n properties:\n name: test-disk\n sizeInGb: 8\n availabilityZone: ${available.names[0]}\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n testDisk_attachment:\n type: aws:lightsail:Disk_attachment\n name: test\n properties:\n diskName: ${test.name}\n instanceName: ${testInstance.name}\n diskPath: /dev/xvdf\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_lightsail_disk` using the id attribute. For example:\n\n```sh\n$ pulumi import aws:lightsail/disk_attachment:Disk_attachment test test-disk,test-instance\n```\n", "properties": { "diskName": { "type": "string", @@ -271534,7 +271534,7 @@ } }, "aws:lightsail/distribution:Distribution": { - "description": "Resource for managing an AWS Lightsail Distribution.\n\n## Example Usage\n\n### Basic Usage\n\nBelow is a basic example with a bucket as an origin.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lightsail.Bucket(\"test\", {\n name: \"test-bucket\",\n bundleId: \"small_1_0\",\n});\nconst testDistribution = new aws.lightsail.Distribution(\"test\", {\n name: \"test-distribution\",\n bundleId: \"small_1_0\",\n origin: {\n name: test.name,\n regionName: test.region,\n },\n defaultCacheBehavior: {\n behavior: \"cache\",\n },\n cacheBehaviorSettings: {\n allowedHttpMethods: \"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\",\n cachedHttpMethods: \"GET,HEAD\",\n defaultTtl: 86400,\n maximumTtl: 31536000,\n minimumTtl: 0,\n forwardedCookies: {\n option: \"none\",\n },\n forwardedHeaders: {\n option: \"default\",\n },\n forwardedQueryStrings: {\n option: false,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lightsail.Bucket(\"test\",\n name=\"test-bucket\",\n bundle_id=\"small_1_0\")\ntest_distribution = aws.lightsail.Distribution(\"test\",\n name=\"test-distribution\",\n bundle_id=\"small_1_0\",\n origin=aws.lightsail.DistributionOriginArgs(\n name=test.name,\n region_name=test.region,\n ),\n default_cache_behavior=aws.lightsail.DistributionDefaultCacheBehaviorArgs(\n behavior=\"cache\",\n ),\n cache_behavior_settings=aws.lightsail.DistributionCacheBehaviorSettingsArgs(\n allowed_http_methods=\"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\",\n cached_http_methods=\"GET,HEAD\",\n default_ttl=86400,\n maximum_ttl=31536000,\n minimum_ttl=0,\n forwarded_cookies=aws.lightsail.DistributionCacheBehaviorSettingsForwardedCookiesArgs(\n option=\"none\",\n ),\n forwarded_headers=aws.lightsail.DistributionCacheBehaviorSettingsForwardedHeadersArgs(\n option=\"default\",\n ),\n forwarded_query_strings=aws.lightsail.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs(\n option=False,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LightSail.Bucket(\"test\", new()\n {\n Name = \"test-bucket\",\n BundleId = \"small_1_0\",\n });\n\n var testDistribution = new Aws.LightSail.Distribution(\"test\", new()\n {\n Name = \"test-distribution\",\n BundleId = \"small_1_0\",\n Origin = new Aws.LightSail.Inputs.DistributionOriginArgs\n {\n Name = test.Name,\n RegionName = test.Region,\n },\n DefaultCacheBehavior = new Aws.LightSail.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n Behavior = \"cache\",\n },\n CacheBehaviorSettings = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsArgs\n {\n AllowedHttpMethods = \"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\",\n CachedHttpMethods = \"GET,HEAD\",\n DefaultTtl = 86400,\n MaximumTtl = 31536000,\n MinimumTtl = 0,\n ForwardedCookies = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsForwardedCookiesArgs\n {\n Option = \"none\",\n },\n ForwardedHeaders = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsForwardedHeadersArgs\n {\n Option = \"default\",\n },\n ForwardedQueryStrings = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs\n {\n Option = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := lightsail.NewBucket(ctx, \"test\", \u0026lightsail.BucketArgs{\n\t\t\tName: pulumi.String(\"test-bucket\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDistribution(ctx, \"test\", \u0026lightsail.DistributionArgs{\n\t\t\tName: pulumi.String(\"test-distribution\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t\tOrigin: \u0026lightsail.DistributionOriginArgs{\n\t\t\t\tName: test.Name,\n\t\t\t\tRegionName: test.Region,\n\t\t\t},\n\t\t\tDefaultCacheBehavior: \u0026lightsail.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tBehavior: pulumi.String(\"cache\"),\n\t\t\t},\n\t\t\tCacheBehaviorSettings: \u0026lightsail.DistributionCacheBehaviorSettingsArgs{\n\t\t\t\tAllowedHttpMethods: pulumi.String(\"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\"),\n\t\t\t\tCachedHttpMethods: pulumi.String(\"GET,HEAD\"),\n\t\t\t\tDefaultTtl: pulumi.Int(86400),\n\t\t\t\tMaximumTtl: pulumi.Int(31536000),\n\t\t\t\tMinimumTtl: pulumi.Int(0),\n\t\t\t\tForwardedCookies: \u0026lightsail.DistributionCacheBehaviorSettingsForwardedCookiesArgs{\n\t\t\t\t\tOption: pulumi.String(\"none\"),\n\t\t\t\t},\n\t\t\t\tForwardedHeaders: \u0026lightsail.DistributionCacheBehaviorSettingsForwardedHeadersArgs{\n\t\t\t\t\tOption: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t\tForwardedQueryStrings: \u0026lightsail.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs{\n\t\t\t\t\tOption: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Bucket;\nimport com.pulumi.aws.lightsail.BucketArgs;\nimport com.pulumi.aws.lightsail.Distribution;\nimport com.pulumi.aws.lightsail.DistributionArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionDefaultCacheBehaviorArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsForwardedCookiesArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsForwardedHeadersArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Bucket(\"test\", BucketArgs.builder() \n .name(\"test-bucket\")\n .bundleId(\"small_1_0\")\n .build());\n\n var testDistribution = new Distribution(\"testDistribution\", DistributionArgs.builder() \n .name(\"test-distribution\")\n .bundleId(\"small_1_0\")\n .origin(DistributionOriginArgs.builder()\n .name(test.name())\n .regionName(test.region())\n .build())\n .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()\n .behavior(\"cache\")\n .build())\n .cacheBehaviorSettings(DistributionCacheBehaviorSettingsArgs.builder()\n .allowedHttpMethods(\"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\")\n .cachedHttpMethods(\"GET,HEAD\")\n .defaultTtl(86400)\n .maximumTtl(31536000)\n .minimumTtl(0)\n .forwardedCookies(DistributionCacheBehaviorSettingsForwardedCookiesArgs.builder()\n .option(\"none\")\n .build())\n .forwardedHeaders(DistributionCacheBehaviorSettingsForwardedHeadersArgs.builder()\n .option(\"default\")\n .build())\n .forwardedQueryStrings(DistributionCacheBehaviorSettingsForwardedQueryStringsArgs.builder()\n .option(false)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Bucket\n properties:\n name: test-bucket\n bundleId: small_1_0\n testDistribution:\n type: aws:lightsail:Distribution\n name: test\n properties:\n name: test-distribution\n bundleId: small_1_0\n origin:\n name: ${test.name}\n regionName: ${test.region}\n defaultCacheBehavior:\n behavior: cache\n cacheBehaviorSettings:\n allowedHttpMethods: GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\n cachedHttpMethods: GET,HEAD\n defaultTtl: 86400\n maximumTtl: 3.1536e+07\n minimumTtl: 0\n forwardedCookies:\n option: none\n forwardedHeaders:\n option: default\n forwardedQueryStrings:\n option: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### instance origin example\n\nBelow is an example of an instance as the origin.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst testStaticIp = new aws.lightsail.StaticIp(\"test\", {name: \"test-static-ip\"});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"micro_1_0\",\n});\nconst test = new aws.lightsail.StaticIpAttachment(\"test\", {\n staticIpName: testStaticIp.name,\n instanceName: testInstance.name,\n});\nconst testDistribution = new aws.lightsail.Distribution(\"test\", {\n name: \"test-distribution\",\n bundleId: \"small_1_0\",\n origin: {\n name: testInstance.name,\n regionName: available.then(available =\u003e available.id),\n },\n defaultCacheBehavior: {\n behavior: \"cache\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest_static_ip = aws.lightsail.StaticIp(\"test\", name=\"test-static-ip\")\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"micro_1_0\")\ntest = aws.lightsail.StaticIpAttachment(\"test\",\n static_ip_name=test_static_ip.name,\n instance_name=test_instance.name)\ntest_distribution = aws.lightsail.Distribution(\"test\",\n name=\"test-distribution\",\n bundle_id=\"small_1_0\",\n origin=aws.lightsail.DistributionOriginArgs(\n name=test_instance.name,\n region_name=available.id,\n ),\n default_cache_behavior=aws.lightsail.DistributionDefaultCacheBehaviorArgs(\n behavior=\"cache\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var testStaticIp = new Aws.LightSail.StaticIp(\"test\", new()\n {\n Name = \"test-static-ip\",\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"micro_1_0\",\n });\n\n var test = new Aws.LightSail.StaticIpAttachment(\"test\", new()\n {\n StaticIpName = testStaticIp.Name,\n InstanceName = testInstance.Name,\n });\n\n var testDistribution = new Aws.LightSail.Distribution(\"test\", new()\n {\n Name = \"test-distribution\",\n BundleId = \"small_1_0\",\n Origin = new Aws.LightSail.Inputs.DistributionOriginArgs\n {\n Name = testInstance.Name,\n RegionName = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Id),\n },\n DefaultCacheBehavior = new Aws.LightSail.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n Behavior = \"cache\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStaticIp, err := lightsail.NewStaticIp(ctx, \"test\", \u0026lightsail.StaticIpArgs{\n\t\t\tName: pulumi.String(\"test-static-ip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"micro_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewStaticIpAttachment(ctx, \"test\", \u0026lightsail.StaticIpAttachmentArgs{\n\t\t\tStaticIpName: testStaticIp.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDistribution(ctx, \"test\", \u0026lightsail.DistributionArgs{\n\t\t\tName: pulumi.String(\"test-distribution\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t\tOrigin: \u0026lightsail.DistributionOriginArgs{\n\t\t\t\tName: testInstance.Name,\n\t\t\t\tRegionName: *pulumi.String(available.Id),\n\t\t\t},\n\t\t\tDefaultCacheBehavior: \u0026lightsail.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tBehavior: pulumi.String(\"cache\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.StaticIp;\nimport com.pulumi.aws.lightsail.StaticIpArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.StaticIpAttachment;\nimport com.pulumi.aws.lightsail.StaticIpAttachmentArgs;\nimport com.pulumi.aws.lightsail.Distribution;\nimport com.pulumi.aws.lightsail.DistributionArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionDefaultCacheBehaviorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var testStaticIp = new StaticIp(\"testStaticIp\", StaticIpArgs.builder() \n .name(\"test-static-ip\")\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"micro_1_0\")\n .build());\n\n var test = new StaticIpAttachment(\"test\", StaticIpAttachmentArgs.builder() \n .staticIpName(testStaticIp.name())\n .instanceName(testInstance.name())\n .build());\n\n var testDistribution = new Distribution(\"testDistribution\", DistributionArgs.builder() \n .name(\"test-distribution\")\n .bundleId(\"small_1_0\")\n .origin(DistributionOriginArgs.builder()\n .name(testInstance.name())\n .regionName(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.id()))\n .build())\n .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()\n .behavior(\"cache\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:StaticIpAttachment\n properties:\n staticIpName: ${testStaticIp.name}\n instanceName: ${testInstance.name}\n testStaticIp:\n type: aws:lightsail:StaticIp\n name: test\n properties:\n name: test-static-ip\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: micro_1_0\n testDistribution:\n type: aws:lightsail:Distribution\n name: test\n properties:\n name: test-distribution\n bundleId: small_1_0\n origin:\n name: ${testInstance.name}\n regionName: ${available.id}\n defaultCacheBehavior:\n behavior: cache\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### lb origin example\n\nBelow is an example with a load balancer as an origin\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Lb(\"test\", {\n name: \"test-load-balancer\",\n healthCheckPath: \"/\",\n instancePort: 80,\n tags: {\n foo: \"bar\",\n },\n});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n});\nconst testLbAttachment = new aws.lightsail.LbAttachment(\"test\", {\n lbName: test.name,\n instanceName: testInstance.name,\n});\nconst testDistribution = new aws.lightsail.Distribution(\"test\", {\n name: \"test-distribution\",\n bundleId: \"small_1_0\",\n origin: {\n name: test.name,\n regionName: available.then(available =\u003e available.id),\n },\n defaultCacheBehavior: {\n behavior: \"cache\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Lb(\"test\",\n name=\"test-load-balancer\",\n health_check_path=\"/\",\n instance_port=80,\n tags={\n \"foo\": \"bar\",\n })\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\")\ntest_lb_attachment = aws.lightsail.LbAttachment(\"test\",\n lb_name=test.name,\n instance_name=test_instance.name)\ntest_distribution = aws.lightsail.Distribution(\"test\",\n name=\"test-distribution\",\n bundle_id=\"small_1_0\",\n origin=aws.lightsail.DistributionOriginArgs(\n name=test.name,\n region_name=available.id,\n ),\n default_cache_behavior=aws.lightsail.DistributionDefaultCacheBehaviorArgs(\n behavior=\"cache\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Lb(\"test\", new()\n {\n Name = \"test-load-balancer\",\n HealthCheckPath = \"/\",\n InstancePort = 80,\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n });\n\n var testLbAttachment = new Aws.LightSail.LbAttachment(\"test\", new()\n {\n LbName = test.Name,\n InstanceName = testInstance.Name,\n });\n\n var testDistribution = new Aws.LightSail.Distribution(\"test\", new()\n {\n Name = \"test-distribution\",\n BundleId = \"small_1_0\",\n Origin = new Aws.LightSail.Inputs.DistributionOriginArgs\n {\n Name = test.Name,\n RegionName = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Id),\n },\n DefaultCacheBehavior = new Aws.LightSail.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n Behavior = \"cache\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := lightsail.NewLb(ctx, \"test\", \u0026lightsail.LbArgs{\n\t\t\tName: pulumi.String(\"test-load-balancer\"),\n\t\t\tHealthCheckPath: pulumi.String(\"/\"),\n\t\t\tInstancePort: pulumi.Int(80),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewLbAttachment(ctx, \"test\", \u0026lightsail.LbAttachmentArgs{\n\t\t\tLbName: test.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDistribution(ctx, \"test\", \u0026lightsail.DistributionArgs{\n\t\t\tName: pulumi.String(\"test-distribution\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t\tOrigin: \u0026lightsail.DistributionOriginArgs{\n\t\t\t\tName: test.Name,\n\t\t\t\tRegionName: *pulumi.String(available.Id),\n\t\t\t},\n\t\t\tDefaultCacheBehavior: \u0026lightsail.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tBehavior: pulumi.String(\"cache\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Lb;\nimport com.pulumi.aws.lightsail.LbArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.LbAttachment;\nimport com.pulumi.aws.lightsail.LbAttachmentArgs;\nimport com.pulumi.aws.lightsail.Distribution;\nimport com.pulumi.aws.lightsail.DistributionArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionDefaultCacheBehaviorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Lb(\"test\", LbArgs.builder() \n .name(\"test-load-balancer\")\n .healthCheckPath(\"/\")\n .instancePort(\"80\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .build());\n\n var testLbAttachment = new LbAttachment(\"testLbAttachment\", LbAttachmentArgs.builder() \n .lbName(test.name())\n .instanceName(testInstance.name())\n .build());\n\n var testDistribution = new Distribution(\"testDistribution\", DistributionArgs.builder() \n .name(\"test-distribution\")\n .bundleId(\"small_1_0\")\n .origin(DistributionOriginArgs.builder()\n .name(test.name())\n .regionName(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.id()))\n .build())\n .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()\n .behavior(\"cache\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Lb\n properties:\n name: test-load-balancer\n healthCheckPath: /\n instancePort: '80'\n tags:\n foo: bar\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n testLbAttachment:\n type: aws:lightsail:LbAttachment\n name: test\n properties:\n lbName: ${test.name}\n instanceName: ${testInstance.name}\n testDistribution:\n type: aws:lightsail:Distribution\n name: test\n properties:\n name: test-distribution\n bundleId: small_1_0\n origin:\n name: ${test.name}\n regionName: ${available.id}\n defaultCacheBehavior:\n behavior: cache\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Lightsail Distribution using the `id`. For example:\n\n```sh\n$ pulumi import aws:lightsail/distribution:Distribution example rft-8012925589\n```\n", + "description": "Resource for managing an AWS Lightsail Distribution.\n\n## Example Usage\n\n### Basic Usage\n\nBelow is a basic example with a bucket as an origin.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lightsail.Bucket(\"test\", {\n name: \"test-bucket\",\n bundleId: \"small_1_0\",\n});\nconst testDistribution = new aws.lightsail.Distribution(\"test\", {\n name: \"test-distribution\",\n bundleId: \"small_1_0\",\n origin: {\n name: test.name,\n regionName: test.region,\n },\n defaultCacheBehavior: {\n behavior: \"cache\",\n },\n cacheBehaviorSettings: {\n allowedHttpMethods: \"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\",\n cachedHttpMethods: \"GET,HEAD\",\n defaultTtl: 86400,\n maximumTtl: 31536000,\n minimumTtl: 0,\n forwardedCookies: {\n option: \"none\",\n },\n forwardedHeaders: {\n option: \"default\",\n },\n forwardedQueryStrings: {\n option: false,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lightsail.Bucket(\"test\",\n name=\"test-bucket\",\n bundle_id=\"small_1_0\")\ntest_distribution = aws.lightsail.Distribution(\"test\",\n name=\"test-distribution\",\n bundle_id=\"small_1_0\",\n origin=aws.lightsail.DistributionOriginArgs(\n name=test.name,\n region_name=test.region,\n ),\n default_cache_behavior=aws.lightsail.DistributionDefaultCacheBehaviorArgs(\n behavior=\"cache\",\n ),\n cache_behavior_settings=aws.lightsail.DistributionCacheBehaviorSettingsArgs(\n allowed_http_methods=\"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\",\n cached_http_methods=\"GET,HEAD\",\n default_ttl=86400,\n maximum_ttl=31536000,\n minimum_ttl=0,\n forwarded_cookies=aws.lightsail.DistributionCacheBehaviorSettingsForwardedCookiesArgs(\n option=\"none\",\n ),\n forwarded_headers=aws.lightsail.DistributionCacheBehaviorSettingsForwardedHeadersArgs(\n option=\"default\",\n ),\n forwarded_query_strings=aws.lightsail.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs(\n option=False,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LightSail.Bucket(\"test\", new()\n {\n Name = \"test-bucket\",\n BundleId = \"small_1_0\",\n });\n\n var testDistribution = new Aws.LightSail.Distribution(\"test\", new()\n {\n Name = \"test-distribution\",\n BundleId = \"small_1_0\",\n Origin = new Aws.LightSail.Inputs.DistributionOriginArgs\n {\n Name = test.Name,\n RegionName = test.Region,\n },\n DefaultCacheBehavior = new Aws.LightSail.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n Behavior = \"cache\",\n },\n CacheBehaviorSettings = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsArgs\n {\n AllowedHttpMethods = \"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\",\n CachedHttpMethods = \"GET,HEAD\",\n DefaultTtl = 86400,\n MaximumTtl = 31536000,\n MinimumTtl = 0,\n ForwardedCookies = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsForwardedCookiesArgs\n {\n Option = \"none\",\n },\n ForwardedHeaders = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsForwardedHeadersArgs\n {\n Option = \"default\",\n },\n ForwardedQueryStrings = new Aws.LightSail.Inputs.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs\n {\n Option = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := lightsail.NewBucket(ctx, \"test\", \u0026lightsail.BucketArgs{\n\t\t\tName: pulumi.String(\"test-bucket\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDistribution(ctx, \"test\", \u0026lightsail.DistributionArgs{\n\t\t\tName: pulumi.String(\"test-distribution\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t\tOrigin: \u0026lightsail.DistributionOriginArgs{\n\t\t\t\tName: test.Name,\n\t\t\t\tRegionName: test.Region,\n\t\t\t},\n\t\t\tDefaultCacheBehavior: \u0026lightsail.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tBehavior: pulumi.String(\"cache\"),\n\t\t\t},\n\t\t\tCacheBehaviorSettings: \u0026lightsail.DistributionCacheBehaviorSettingsArgs{\n\t\t\t\tAllowedHttpMethods: pulumi.String(\"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\"),\n\t\t\t\tCachedHttpMethods: pulumi.String(\"GET,HEAD\"),\n\t\t\t\tDefaultTtl: pulumi.Int(86400),\n\t\t\t\tMaximumTtl: pulumi.Int(31536000),\n\t\t\t\tMinimumTtl: pulumi.Int(0),\n\t\t\t\tForwardedCookies: \u0026lightsail.DistributionCacheBehaviorSettingsForwardedCookiesArgs{\n\t\t\t\t\tOption: pulumi.String(\"none\"),\n\t\t\t\t},\n\t\t\t\tForwardedHeaders: \u0026lightsail.DistributionCacheBehaviorSettingsForwardedHeadersArgs{\n\t\t\t\t\tOption: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t\tForwardedQueryStrings: \u0026lightsail.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs{\n\t\t\t\t\tOption: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Bucket;\nimport com.pulumi.aws.lightsail.BucketArgs;\nimport com.pulumi.aws.lightsail.Distribution;\nimport com.pulumi.aws.lightsail.DistributionArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionDefaultCacheBehaviorArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsForwardedCookiesArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsForwardedHeadersArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionCacheBehaviorSettingsForwardedQueryStringsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Bucket(\"test\", BucketArgs.builder() \n .name(\"test-bucket\")\n .bundleId(\"small_1_0\")\n .build());\n\n var testDistribution = new Distribution(\"testDistribution\", DistributionArgs.builder() \n .name(\"test-distribution\")\n .bundleId(\"small_1_0\")\n .origin(DistributionOriginArgs.builder()\n .name(test.name())\n .regionName(test.region())\n .build())\n .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()\n .behavior(\"cache\")\n .build())\n .cacheBehaviorSettings(DistributionCacheBehaviorSettingsArgs.builder()\n .allowedHttpMethods(\"GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\")\n .cachedHttpMethods(\"GET,HEAD\")\n .defaultTtl(86400)\n .maximumTtl(31536000)\n .minimumTtl(0)\n .forwardedCookies(DistributionCacheBehaviorSettingsForwardedCookiesArgs.builder()\n .option(\"none\")\n .build())\n .forwardedHeaders(DistributionCacheBehaviorSettingsForwardedHeadersArgs.builder()\n .option(\"default\")\n .build())\n .forwardedQueryStrings(DistributionCacheBehaviorSettingsForwardedQueryStringsArgs.builder()\n .option(false)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Bucket\n properties:\n name: test-bucket\n bundleId: small_1_0\n testDistribution:\n type: aws:lightsail:Distribution\n name: test\n properties:\n name: test-distribution\n bundleId: small_1_0\n origin:\n name: ${test.name}\n regionName: ${test.region}\n defaultCacheBehavior:\n behavior: cache\n cacheBehaviorSettings:\n allowedHttpMethods: GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE\n cachedHttpMethods: GET,HEAD\n defaultTtl: 86400\n maximumTtl: 3.1536e+07\n minimumTtl: 0\n forwardedCookies:\n option: none\n forwardedHeaders:\n option: default\n forwardedQueryStrings:\n option: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### instance origin example\n\nBelow is an example of an instance as the origin.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst testStaticIp = new aws.lightsail.StaticIp(\"test\", {name: \"test-static-ip\"});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"micro_1_0\",\n});\nconst test = new aws.lightsail.StaticIpAttachment(\"test\", {\n staticIpName: testStaticIp.name,\n instanceName: testInstance.name,\n});\nconst testDistribution = new aws.lightsail.Distribution(\"test\", {\n name: \"test-distribution\",\n bundleId: \"small_1_0\",\n origin: {\n name: testInstance.name,\n regionName: available.then(available =\u003e available.id),\n },\n defaultCacheBehavior: {\n behavior: \"cache\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest_static_ip = aws.lightsail.StaticIp(\"test\", name=\"test-static-ip\")\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"micro_1_0\")\ntest = aws.lightsail.StaticIpAttachment(\"test\",\n static_ip_name=test_static_ip.name,\n instance_name=test_instance.name)\ntest_distribution = aws.lightsail.Distribution(\"test\",\n name=\"test-distribution\",\n bundle_id=\"small_1_0\",\n origin=aws.lightsail.DistributionOriginArgs(\n name=test_instance.name,\n region_name=available.id,\n ),\n default_cache_behavior=aws.lightsail.DistributionDefaultCacheBehaviorArgs(\n behavior=\"cache\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var testStaticIp = new Aws.LightSail.StaticIp(\"test\", new()\n {\n Name = \"test-static-ip\",\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"micro_1_0\",\n });\n\n var test = new Aws.LightSail.StaticIpAttachment(\"test\", new()\n {\n StaticIpName = testStaticIp.Name,\n InstanceName = testInstance.Name,\n });\n\n var testDistribution = new Aws.LightSail.Distribution(\"test\", new()\n {\n Name = \"test-distribution\",\n BundleId = \"small_1_0\",\n Origin = new Aws.LightSail.Inputs.DistributionOriginArgs\n {\n Name = testInstance.Name,\n RegionName = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Id),\n },\n DefaultCacheBehavior = new Aws.LightSail.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n Behavior = \"cache\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStaticIp, err := lightsail.NewStaticIp(ctx, \"test\", \u0026lightsail.StaticIpArgs{\n\t\t\tName: pulumi.String(\"test-static-ip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"micro_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewStaticIpAttachment(ctx, \"test\", \u0026lightsail.StaticIpAttachmentArgs{\n\t\t\tStaticIpName: testStaticIp.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDistribution(ctx, \"test\", \u0026lightsail.DistributionArgs{\n\t\t\tName: pulumi.String(\"test-distribution\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t\tOrigin: \u0026lightsail.DistributionOriginArgs{\n\t\t\t\tName: testInstance.Name,\n\t\t\t\tRegionName: pulumi.String(available.Id),\n\t\t\t},\n\t\t\tDefaultCacheBehavior: \u0026lightsail.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tBehavior: pulumi.String(\"cache\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.StaticIp;\nimport com.pulumi.aws.lightsail.StaticIpArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.StaticIpAttachment;\nimport com.pulumi.aws.lightsail.StaticIpAttachmentArgs;\nimport com.pulumi.aws.lightsail.Distribution;\nimport com.pulumi.aws.lightsail.DistributionArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionDefaultCacheBehaviorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var testStaticIp = new StaticIp(\"testStaticIp\", StaticIpArgs.builder() \n .name(\"test-static-ip\")\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"micro_1_0\")\n .build());\n\n var test = new StaticIpAttachment(\"test\", StaticIpAttachmentArgs.builder() \n .staticIpName(testStaticIp.name())\n .instanceName(testInstance.name())\n .build());\n\n var testDistribution = new Distribution(\"testDistribution\", DistributionArgs.builder() \n .name(\"test-distribution\")\n .bundleId(\"small_1_0\")\n .origin(DistributionOriginArgs.builder()\n .name(testInstance.name())\n .regionName(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.id()))\n .build())\n .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()\n .behavior(\"cache\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:StaticIpAttachment\n properties:\n staticIpName: ${testStaticIp.name}\n instanceName: ${testInstance.name}\n testStaticIp:\n type: aws:lightsail:StaticIp\n name: test\n properties:\n name: test-static-ip\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: micro_1_0\n testDistribution:\n type: aws:lightsail:Distribution\n name: test\n properties:\n name: test-distribution\n bundleId: small_1_0\n origin:\n name: ${testInstance.name}\n regionName: ${available.id}\n defaultCacheBehavior:\n behavior: cache\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### lb origin example\n\nBelow is an example with a load balancer as an origin\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Lb(\"test\", {\n name: \"test-load-balancer\",\n healthCheckPath: \"/\",\n instancePort: 80,\n tags: {\n foo: \"bar\",\n },\n});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n});\nconst testLbAttachment = new aws.lightsail.LbAttachment(\"test\", {\n lbName: test.name,\n instanceName: testInstance.name,\n});\nconst testDistribution = new aws.lightsail.Distribution(\"test\", {\n name: \"test-distribution\",\n bundleId: \"small_1_0\",\n origin: {\n name: test.name,\n regionName: available.then(available =\u003e available.id),\n },\n defaultCacheBehavior: {\n behavior: \"cache\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Lb(\"test\",\n name=\"test-load-balancer\",\n health_check_path=\"/\",\n instance_port=80,\n tags={\n \"foo\": \"bar\",\n })\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\")\ntest_lb_attachment = aws.lightsail.LbAttachment(\"test\",\n lb_name=test.name,\n instance_name=test_instance.name)\ntest_distribution = aws.lightsail.Distribution(\"test\",\n name=\"test-distribution\",\n bundle_id=\"small_1_0\",\n origin=aws.lightsail.DistributionOriginArgs(\n name=test.name,\n region_name=available.id,\n ),\n default_cache_behavior=aws.lightsail.DistributionDefaultCacheBehaviorArgs(\n behavior=\"cache\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Lb(\"test\", new()\n {\n Name = \"test-load-balancer\",\n HealthCheckPath = \"/\",\n InstancePort = 80,\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n });\n\n var testLbAttachment = new Aws.LightSail.LbAttachment(\"test\", new()\n {\n LbName = test.Name,\n InstanceName = testInstance.Name,\n });\n\n var testDistribution = new Aws.LightSail.Distribution(\"test\", new()\n {\n Name = \"test-distribution\",\n BundleId = \"small_1_0\",\n Origin = new Aws.LightSail.Inputs.DistributionOriginArgs\n {\n Name = test.Name,\n RegionName = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Id),\n },\n DefaultCacheBehavior = new Aws.LightSail.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n Behavior = \"cache\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := lightsail.NewLb(ctx, \"test\", \u0026lightsail.LbArgs{\n\t\t\tName: pulumi.String(\"test-load-balancer\"),\n\t\t\tHealthCheckPath: pulumi.String(\"/\"),\n\t\t\tInstancePort: pulumi.Int(80),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewLbAttachment(ctx, \"test\", \u0026lightsail.LbAttachmentArgs{\n\t\t\tLbName: test.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewDistribution(ctx, \"test\", \u0026lightsail.DistributionArgs{\n\t\t\tName: pulumi.String(\"test-distribution\"),\n\t\t\tBundleId: pulumi.String(\"small_1_0\"),\n\t\t\tOrigin: \u0026lightsail.DistributionOriginArgs{\n\t\t\t\tName: test.Name,\n\t\t\t\tRegionName: pulumi.String(available.Id),\n\t\t\t},\n\t\t\tDefaultCacheBehavior: \u0026lightsail.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tBehavior: pulumi.String(\"cache\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Lb;\nimport com.pulumi.aws.lightsail.LbArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.LbAttachment;\nimport com.pulumi.aws.lightsail.LbAttachmentArgs;\nimport com.pulumi.aws.lightsail.Distribution;\nimport com.pulumi.aws.lightsail.DistributionArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.lightsail.inputs.DistributionDefaultCacheBehaviorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Lb(\"test\", LbArgs.builder() \n .name(\"test-load-balancer\")\n .healthCheckPath(\"/\")\n .instancePort(\"80\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .build());\n\n var testLbAttachment = new LbAttachment(\"testLbAttachment\", LbAttachmentArgs.builder() \n .lbName(test.name())\n .instanceName(testInstance.name())\n .build());\n\n var testDistribution = new Distribution(\"testDistribution\", DistributionArgs.builder() \n .name(\"test-distribution\")\n .bundleId(\"small_1_0\")\n .origin(DistributionOriginArgs.builder()\n .name(test.name())\n .regionName(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.id()))\n .build())\n .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()\n .behavior(\"cache\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Lb\n properties:\n name: test-load-balancer\n healthCheckPath: /\n instancePort: '80'\n tags:\n foo: bar\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n testLbAttachment:\n type: aws:lightsail:LbAttachment\n name: test\n properties:\n lbName: ${test.name}\n instanceName: ${testInstance.name}\n testDistribution:\n type: aws:lightsail:Distribution\n name: test\n properties:\n name: test-distribution\n bundleId: small_1_0\n origin:\n name: ${test.name}\n regionName: ${available.id}\n defaultCacheBehavior:\n behavior: cache\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Lightsail Distribution using the `id`. For example:\n\n```sh\n$ pulumi import aws:lightsail/distribution:Distribution example rft-8012925589\n```\n", "properties": { "alternativeDomainNames": { "type": "array", @@ -272576,7 +272576,7 @@ } }, "aws:lightsail/lbAttachment:LbAttachment": { - "description": "Attaches a Lightsail Instance to a Lightsail Load Balancer.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Lb(\"test\", {\n name: \"test-load-balancer\",\n healthCheckPath: \"/\",\n instancePort: 80,\n tags: {\n foo: \"bar\",\n },\n});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n});\nconst testLbAttachment = new aws.lightsail.LbAttachment(\"test\", {\n lbName: test.name,\n instanceName: testInstance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Lb(\"test\",\n name=\"test-load-balancer\",\n health_check_path=\"/\",\n instance_port=80,\n tags={\n \"foo\": \"bar\",\n })\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\")\ntest_lb_attachment = aws.lightsail.LbAttachment(\"test\",\n lb_name=test.name,\n instance_name=test_instance.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Lb(\"test\", new()\n {\n Name = \"test-load-balancer\",\n HealthCheckPath = \"/\",\n InstancePort = 80,\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n });\n\n var testLbAttachment = new Aws.LightSail.LbAttachment(\"test\", new()\n {\n LbName = test.Name,\n InstanceName = testInstance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := lightsail.NewLb(ctx, \"test\", \u0026lightsail.LbArgs{\n\t\t\tName: pulumi.String(\"test-load-balancer\"),\n\t\t\tHealthCheckPath: pulumi.String(\"/\"),\n\t\t\tInstancePort: pulumi.Int(80),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewLbAttachment(ctx, \"test\", \u0026lightsail.LbAttachmentArgs{\n\t\t\tLbName: test.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Lb;\nimport com.pulumi.aws.lightsail.LbArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.LbAttachment;\nimport com.pulumi.aws.lightsail.LbAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Lb(\"test\", LbArgs.builder() \n .name(\"test-load-balancer\")\n .healthCheckPath(\"/\")\n .instancePort(\"80\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .build());\n\n var testLbAttachment = new LbAttachment(\"testLbAttachment\", LbAttachmentArgs.builder() \n .lbName(test.name())\n .instanceName(testInstance.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Lb\n properties:\n name: test-load-balancer\n healthCheckPath: /\n instancePort: '80'\n tags:\n foo: bar\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n testLbAttachment:\n type: aws:lightsail:LbAttachment\n name: test\n properties:\n lbName: ${test.name}\n instanceName: ${testInstance.name}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_lightsail_lb_attachment` using the name attribute. For example:\n\n```sh\n$ pulumi import aws:lightsail/lbAttachment:LbAttachment test example-load-balancer,example-instance\n```\n", + "description": "Attaches a Lightsail Instance to a Lightsail Load Balancer.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst test = new aws.lightsail.Lb(\"test\", {\n name: \"test-load-balancer\",\n healthCheckPath: \"/\",\n instancePort: 80,\n tags: {\n foo: \"bar\",\n },\n});\nconst testInstance = new aws.lightsail.Instance(\"test\", {\n name: \"test-instance\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n});\nconst testLbAttachment = new aws.lightsail.LbAttachment(\"test\", {\n lbName: test.name,\n instanceName: testInstance.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\",\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n )])\ntest = aws.lightsail.Lb(\"test\",\n name=\"test-load-balancer\",\n health_check_path=\"/\",\n instance_port=80,\n tags={\n \"foo\": \"bar\",\n })\ntest_instance = aws.lightsail.Instance(\"test\",\n name=\"test-instance\",\n availability_zone=available.names[0],\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\")\ntest_lb_attachment = aws.lightsail.LbAttachment(\"test\",\n lb_name=test.name,\n instance_name=test_instance.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var test = new Aws.LightSail.Lb(\"test\", new()\n {\n Name = \"test-load-balancer\",\n HealthCheckPath = \"/\",\n InstancePort = 80,\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var testInstance = new Aws.LightSail.Instance(\"test\", new()\n {\n Name = \"test-instance\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n });\n\n var testLbAttachment = new Aws.LightSail.LbAttachment(\"test\", new()\n {\n LbName = test.Name,\n InstanceName = testInstance.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := lightsail.NewLb(ctx, \"test\", \u0026lightsail.LbArgs{\n\t\t\tName: pulumi.String(\"test-load-balancer\"),\n\t\t\tHealthCheckPath: pulumi.String(\"/\"),\n\t\t\tInstancePort: pulumi.Int(80),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tName: pulumi.String(\"test-instance\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewLbAttachment(ctx, \"test\", \u0026lightsail.LbAttachmentArgs{\n\t\t\tLbName: test.Name,\n\t\t\tInstanceName: testInstance.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.lightsail.Lb;\nimport com.pulumi.aws.lightsail.LbArgs;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.LbAttachment;\nimport com.pulumi.aws.lightsail.LbAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var test = new Lb(\"test\", LbArgs.builder() \n .name(\"test-load-balancer\")\n .healthCheckPath(\"/\")\n .instancePort(\"80\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n var testInstance = new Instance(\"testInstance\", InstanceArgs.builder() \n .name(\"test-instance\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .build());\n\n var testLbAttachment = new LbAttachment(\"testLbAttachment\", LbAttachmentArgs.builder() \n .lbName(test.name())\n .instanceName(testInstance.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Lb\n properties:\n name: test-load-balancer\n healthCheckPath: /\n instancePort: '80'\n tags:\n foo: bar\n testInstance:\n type: aws:lightsail:Instance\n name: test\n properties:\n name: test-instance\n availabilityZone: ${available.names[0]}\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n testLbAttachment:\n type: aws:lightsail:LbAttachment\n name: test\n properties:\n lbName: ${test.name}\n instanceName: ${testInstance.name}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_lightsail_lb_attachment` using the name attribute. For example:\n\n```sh\n$ pulumi import aws:lightsail/lbAttachment:LbAttachment test example-load-balancer,example-instance\n```\n", "properties": { "instanceName": { "type": "string", @@ -275413,7 +275413,7 @@ } }, "aws:medialive/multiplex:Multiplex": { - "description": "Resource for managing an AWS MediaLive Multiplex.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst example = new aws.medialive.Multiplex(\"example\", {\n name: \"example-multiplex-changed\",\n availabilityZones: [\n available.then(available =\u003e available.names?.[0]),\n available.then(available =\u003e available.names?.[1]),\n ],\n multiplexSettings: {\n transportStreamBitrate: 1000000,\n transportStreamId: 1,\n transportStreamReservedBitrate: 1,\n maximumVideoBufferDelayMilliseconds: 1000,\n },\n startMultiplex: true,\n tags: {\n tag1: \"value1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\")\nexample = aws.medialive.Multiplex(\"example\",\n name=\"example-multiplex-changed\",\n availability_zones=[\n available.names[0],\n available.names[1],\n ],\n multiplex_settings=aws.medialive.MultiplexMultiplexSettingsArgs(\n transport_stream_bitrate=1000000,\n transport_stream_id=1,\n transport_stream_reserved_bitrate=1,\n maximum_video_buffer_delay_milliseconds=1000,\n ),\n start_multiplex=True,\n tags={\n \"tag1\": \"value1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var example = new Aws.MediaLive.Multiplex(\"example\", new()\n {\n Name = \"example-multiplex-changed\",\n AvailabilityZones = new[]\n {\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n },\n MultiplexSettings = new Aws.MediaLive.Inputs.MultiplexMultiplexSettingsArgs\n {\n TransportStreamBitrate = 1000000,\n TransportStreamId = 1,\n TransportStreamReservedBitrate = 1,\n MaximumVideoBufferDelayMilliseconds = 1000,\n },\n StartMultiplex = true,\n Tags = \n {\n { \"tag1\", \"value1\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/medialive\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = medialive.NewMultiplex(ctx, \"example\", \u0026medialive.MultiplexArgs{\n\t\t\tName: pulumi.String(\"example-multiplex-changed\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\t*pulumi.String(available.Names[0]),\n\t\t\t\t*pulumi.String(available.Names[1]),\n\t\t\t},\n\t\t\tMultiplexSettings: \u0026medialive.MultiplexMultiplexSettingsArgs{\n\t\t\t\tTransportStreamBitrate: pulumi.Int(1000000),\n\t\t\t\tTransportStreamId: pulumi.Int(1),\n\t\t\t\tTransportStreamReservedBitrate: pulumi.Int(1),\n\t\t\t\tMaximumVideoBufferDelayMilliseconds: pulumi.Int(1000),\n\t\t\t},\n\t\t\tStartMultiplex: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag1\": pulumi.String(\"value1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.medialive.Multiplex;\nimport com.pulumi.aws.medialive.MultiplexArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexMultiplexSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var example = new Multiplex(\"example\", MultiplexArgs.builder() \n .name(\"example-multiplex-changed\")\n .availabilityZones( \n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]),\n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .multiplexSettings(MultiplexMultiplexSettingsArgs.builder()\n .transportStreamBitrate(1000000)\n .transportStreamId(1)\n .transportStreamReservedBitrate(1)\n .maximumVideoBufferDelayMilliseconds(1000)\n .build())\n .startMultiplex(true)\n .tags(Map.of(\"tag1\", \"value1\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:medialive:Multiplex\n properties:\n name: example-multiplex-changed\n availabilityZones:\n - ${available.names[0]}\n - ${available.names[1]}\n multiplexSettings:\n transportStreamBitrate: 1e+06\n transportStreamId: 1\n transportStreamReservedBitrate: 1\n maximumVideoBufferDelayMilliseconds: 1000\n startMultiplex: true\n tags:\n tag1: value1\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MediaLive Multiplex using the `id`. For example:\n\n```sh\n$ pulumi import aws:medialive/multiplex:Multiplex example 12345678\n```\n", + "description": "Resource for managing an AWS MediaLive Multiplex.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst example = new aws.medialive.Multiplex(\"example\", {\n name: \"example-multiplex-changed\",\n availabilityZones: [\n available.then(available =\u003e available.names?.[0]),\n available.then(available =\u003e available.names?.[1]),\n ],\n multiplexSettings: {\n transportStreamBitrate: 1000000,\n transportStreamId: 1,\n transportStreamReservedBitrate: 1,\n maximumVideoBufferDelayMilliseconds: 1000,\n },\n startMultiplex: true,\n tags: {\n tag1: \"value1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\")\nexample = aws.medialive.Multiplex(\"example\",\n name=\"example-multiplex-changed\",\n availability_zones=[\n available.names[0],\n available.names[1],\n ],\n multiplex_settings=aws.medialive.MultiplexMultiplexSettingsArgs(\n transport_stream_bitrate=1000000,\n transport_stream_id=1,\n transport_stream_reserved_bitrate=1,\n maximum_video_buffer_delay_milliseconds=1000,\n ),\n start_multiplex=True,\n tags={\n \"tag1\": \"value1\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var example = new Aws.MediaLive.Multiplex(\"example\", new()\n {\n Name = \"example-multiplex-changed\",\n AvailabilityZones = new[]\n {\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n },\n MultiplexSettings = new Aws.MediaLive.Inputs.MultiplexMultiplexSettingsArgs\n {\n TransportStreamBitrate = 1000000,\n TransportStreamId = 1,\n TransportStreamReservedBitrate = 1,\n MaximumVideoBufferDelayMilliseconds = 1000,\n },\n StartMultiplex = true,\n Tags = \n {\n { \"tag1\", \"value1\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/medialive\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = medialive.NewMultiplex(ctx, \"example\", \u0026medialive.MultiplexArgs{\n\t\t\tName: pulumi.String(\"example-multiplex-changed\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(available.Names[0]),\n\t\t\t\tpulumi.String(available.Names[1]),\n\t\t\t},\n\t\t\tMultiplexSettings: \u0026medialive.MultiplexMultiplexSettingsArgs{\n\t\t\t\tTransportStreamBitrate: pulumi.Int(1000000),\n\t\t\t\tTransportStreamId: pulumi.Int(1),\n\t\t\t\tTransportStreamReservedBitrate: pulumi.Int(1),\n\t\t\t\tMaximumVideoBufferDelayMilliseconds: pulumi.Int(1000),\n\t\t\t},\n\t\t\tStartMultiplex: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag1\": pulumi.String(\"value1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.medialive.Multiplex;\nimport com.pulumi.aws.medialive.MultiplexArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexMultiplexSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var example = new Multiplex(\"example\", MultiplexArgs.builder() \n .name(\"example-multiplex-changed\")\n .availabilityZones( \n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]),\n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .multiplexSettings(MultiplexMultiplexSettingsArgs.builder()\n .transportStreamBitrate(1000000)\n .transportStreamId(1)\n .transportStreamReservedBitrate(1)\n .maximumVideoBufferDelayMilliseconds(1000)\n .build())\n .startMultiplex(true)\n .tags(Map.of(\"tag1\", \"value1\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:medialive:Multiplex\n properties:\n name: example-multiplex-changed\n availabilityZones:\n - ${available.names[0]}\n - ${available.names[1]}\n multiplexSettings:\n transportStreamBitrate: 1e+06\n transportStreamId: 1\n transportStreamReservedBitrate: 1\n maximumVideoBufferDelayMilliseconds: 1000\n startMultiplex: true\n tags:\n tag1: value1\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MediaLive Multiplex using the `id`. For example:\n\n```sh\n$ pulumi import aws:medialive/multiplex:Multiplex example 12345678\n```\n", "properties": { "arn": { "type": "string", @@ -275537,7 +275537,7 @@ } }, "aws:medialive/multiplexProgram:MultiplexProgram": { - "description": "Resource for managing an AWS MediaLive MultiplexProgram.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst example = new aws.medialive.Multiplex(\"example\", {\n name: \"example-multiplex-changed\",\n availabilityZones: [\n available.then(available =\u003e available.names?.[0]),\n available.then(available =\u003e available.names?.[1]),\n ],\n multiplexSettings: {\n transportStreamBitrate: 1000000,\n transportStreamId: 1,\n transportStreamReservedBitrate: 1,\n maximumVideoBufferDelayMilliseconds: 1000,\n },\n startMultiplex: true,\n tags: {\n tag1: \"value1\",\n },\n});\nconst exampleMultiplexProgram = new aws.medialive.MultiplexProgram(\"example\", {\n programName: \"example_program\",\n multiplexId: example.id,\n multiplexProgramSettings: {\n programNumber: 1,\n preferredChannelPipeline: \"CURRENTLY_ACTIVE\",\n videoSettings: {\n constantBitrate: 100000,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\")\nexample = aws.medialive.Multiplex(\"example\",\n name=\"example-multiplex-changed\",\n availability_zones=[\n available.names[0],\n available.names[1],\n ],\n multiplex_settings=aws.medialive.MultiplexMultiplexSettingsArgs(\n transport_stream_bitrate=1000000,\n transport_stream_id=1,\n transport_stream_reserved_bitrate=1,\n maximum_video_buffer_delay_milliseconds=1000,\n ),\n start_multiplex=True,\n tags={\n \"tag1\": \"value1\",\n })\nexample_multiplex_program = aws.medialive.MultiplexProgram(\"example\",\n program_name=\"example_program\",\n multiplex_id=example.id,\n multiplex_program_settings=aws.medialive.MultiplexProgramMultiplexProgramSettingsArgs(\n program_number=1,\n preferred_channel_pipeline=\"CURRENTLY_ACTIVE\",\n video_settings=aws.medialive.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs(\n constant_bitrate=100000,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var example = new Aws.MediaLive.Multiplex(\"example\", new()\n {\n Name = \"example-multiplex-changed\",\n AvailabilityZones = new[]\n {\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n },\n MultiplexSettings = new Aws.MediaLive.Inputs.MultiplexMultiplexSettingsArgs\n {\n TransportStreamBitrate = 1000000,\n TransportStreamId = 1,\n TransportStreamReservedBitrate = 1,\n MaximumVideoBufferDelayMilliseconds = 1000,\n },\n StartMultiplex = true,\n Tags = \n {\n { \"tag1\", \"value1\" },\n },\n });\n\n var exampleMultiplexProgram = new Aws.MediaLive.MultiplexProgram(\"example\", new()\n {\n ProgramName = \"example_program\",\n MultiplexId = example.Id,\n MultiplexProgramSettings = new Aws.MediaLive.Inputs.MultiplexProgramMultiplexProgramSettingsArgs\n {\n ProgramNumber = 1,\n PreferredChannelPipeline = \"CURRENTLY_ACTIVE\",\n VideoSettings = new Aws.MediaLive.Inputs.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs\n {\n ConstantBitrate = 100000,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/medialive\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := medialive.NewMultiplex(ctx, \"example\", \u0026medialive.MultiplexArgs{\n\t\t\tName: pulumi.String(\"example-multiplex-changed\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\t*pulumi.String(available.Names[0]),\n\t\t\t\t*pulumi.String(available.Names[1]),\n\t\t\t},\n\t\t\tMultiplexSettings: \u0026medialive.MultiplexMultiplexSettingsArgs{\n\t\t\t\tTransportStreamBitrate: pulumi.Int(1000000),\n\t\t\t\tTransportStreamId: pulumi.Int(1),\n\t\t\t\tTransportStreamReservedBitrate: pulumi.Int(1),\n\t\t\t\tMaximumVideoBufferDelayMilliseconds: pulumi.Int(1000),\n\t\t\t},\n\t\t\tStartMultiplex: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag1\": pulumi.String(\"value1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = medialive.NewMultiplexProgram(ctx, \"example\", \u0026medialive.MultiplexProgramArgs{\n\t\t\tProgramName: pulumi.String(\"example_program\"),\n\t\t\tMultiplexId: example.ID(),\n\t\t\tMultiplexProgramSettings: \u0026medialive.MultiplexProgramMultiplexProgramSettingsArgs{\n\t\t\t\tProgramNumber: pulumi.Int(1),\n\t\t\t\tPreferredChannelPipeline: pulumi.String(\"CURRENTLY_ACTIVE\"),\n\t\t\t\tVideoSettings: \u0026medialive.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs{\n\t\t\t\t\tConstantBitrate: pulumi.Int(100000),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.medialive.Multiplex;\nimport com.pulumi.aws.medialive.MultiplexArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexMultiplexSettingsArgs;\nimport com.pulumi.aws.medialive.MultiplexProgram;\nimport com.pulumi.aws.medialive.MultiplexProgramArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexProgramMultiplexProgramSettingsArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var example = new Multiplex(\"example\", MultiplexArgs.builder() \n .name(\"example-multiplex-changed\")\n .availabilityZones( \n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]),\n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .multiplexSettings(MultiplexMultiplexSettingsArgs.builder()\n .transportStreamBitrate(1000000)\n .transportStreamId(1)\n .transportStreamReservedBitrate(1)\n .maximumVideoBufferDelayMilliseconds(1000)\n .build())\n .startMultiplex(true)\n .tags(Map.of(\"tag1\", \"value1\"))\n .build());\n\n var exampleMultiplexProgram = new MultiplexProgram(\"exampleMultiplexProgram\", MultiplexProgramArgs.builder() \n .programName(\"example_program\")\n .multiplexId(example.id())\n .multiplexProgramSettings(MultiplexProgramMultiplexProgramSettingsArgs.builder()\n .programNumber(1)\n .preferredChannelPipeline(\"CURRENTLY_ACTIVE\")\n .videoSettings(MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs.builder()\n .constantBitrate(100000)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:medialive:Multiplex\n properties:\n name: example-multiplex-changed\n availabilityZones:\n - ${available.names[0]}\n - ${available.names[1]}\n multiplexSettings:\n transportStreamBitrate: 1e+06\n transportStreamId: 1\n transportStreamReservedBitrate: 1\n maximumVideoBufferDelayMilliseconds: 1000\n startMultiplex: true\n tags:\n tag1: value1\n exampleMultiplexProgram:\n type: aws:medialive:MultiplexProgram\n name: example\n properties:\n programName: example_program\n multiplexId: ${example.id}\n multiplexProgramSettings:\n programNumber: 1\n preferredChannelPipeline: CURRENTLY_ACTIVE\n videoSettings:\n constantBitrate: 100000\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MediaLive MultiplexProgram using the `id`, or a combination of \"`program_name`/`multiplex_id`\". For example:\n\n```sh\n$ pulumi import aws:medialive/multiplexProgram:MultiplexProgram example example_program/1234567\n```\n", + "description": "Resource for managing an AWS MediaLive MultiplexProgram.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst example = new aws.medialive.Multiplex(\"example\", {\n name: \"example-multiplex-changed\",\n availabilityZones: [\n available.then(available =\u003e available.names?.[0]),\n available.then(available =\u003e available.names?.[1]),\n ],\n multiplexSettings: {\n transportStreamBitrate: 1000000,\n transportStreamId: 1,\n transportStreamReservedBitrate: 1,\n maximumVideoBufferDelayMilliseconds: 1000,\n },\n startMultiplex: true,\n tags: {\n tag1: \"value1\",\n },\n});\nconst exampleMultiplexProgram = new aws.medialive.MultiplexProgram(\"example\", {\n programName: \"example_program\",\n multiplexId: example.id,\n multiplexProgramSettings: {\n programNumber: 1,\n preferredChannelPipeline: \"CURRENTLY_ACTIVE\",\n videoSettings: {\n constantBitrate: 100000,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\")\nexample = aws.medialive.Multiplex(\"example\",\n name=\"example-multiplex-changed\",\n availability_zones=[\n available.names[0],\n available.names[1],\n ],\n multiplex_settings=aws.medialive.MultiplexMultiplexSettingsArgs(\n transport_stream_bitrate=1000000,\n transport_stream_id=1,\n transport_stream_reserved_bitrate=1,\n maximum_video_buffer_delay_milliseconds=1000,\n ),\n start_multiplex=True,\n tags={\n \"tag1\": \"value1\",\n })\nexample_multiplex_program = aws.medialive.MultiplexProgram(\"example\",\n program_name=\"example_program\",\n multiplex_id=example.id,\n multiplex_program_settings=aws.medialive.MultiplexProgramMultiplexProgramSettingsArgs(\n program_number=1,\n preferred_channel_pipeline=\"CURRENTLY_ACTIVE\",\n video_settings=aws.medialive.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs(\n constant_bitrate=100000,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var example = new Aws.MediaLive.Multiplex(\"example\", new()\n {\n Name = \"example-multiplex-changed\",\n AvailabilityZones = new[]\n {\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n },\n MultiplexSettings = new Aws.MediaLive.Inputs.MultiplexMultiplexSettingsArgs\n {\n TransportStreamBitrate = 1000000,\n TransportStreamId = 1,\n TransportStreamReservedBitrate = 1,\n MaximumVideoBufferDelayMilliseconds = 1000,\n },\n StartMultiplex = true,\n Tags = \n {\n { \"tag1\", \"value1\" },\n },\n });\n\n var exampleMultiplexProgram = new Aws.MediaLive.MultiplexProgram(\"example\", new()\n {\n ProgramName = \"example_program\",\n MultiplexId = example.Id,\n MultiplexProgramSettings = new Aws.MediaLive.Inputs.MultiplexProgramMultiplexProgramSettingsArgs\n {\n ProgramNumber = 1,\n PreferredChannelPipeline = \"CURRENTLY_ACTIVE\",\n VideoSettings = new Aws.MediaLive.Inputs.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs\n {\n ConstantBitrate = 100000,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/medialive\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := medialive.NewMultiplex(ctx, \"example\", \u0026medialive.MultiplexArgs{\n\t\t\tName: pulumi.String(\"example-multiplex-changed\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(available.Names[0]),\n\t\t\t\tpulumi.String(available.Names[1]),\n\t\t\t},\n\t\t\tMultiplexSettings: \u0026medialive.MultiplexMultiplexSettingsArgs{\n\t\t\t\tTransportStreamBitrate: pulumi.Int(1000000),\n\t\t\t\tTransportStreamId: pulumi.Int(1),\n\t\t\t\tTransportStreamReservedBitrate: pulumi.Int(1),\n\t\t\t\tMaximumVideoBufferDelayMilliseconds: pulumi.Int(1000),\n\t\t\t},\n\t\t\tStartMultiplex: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag1\": pulumi.String(\"value1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = medialive.NewMultiplexProgram(ctx, \"example\", \u0026medialive.MultiplexProgramArgs{\n\t\t\tProgramName: pulumi.String(\"example_program\"),\n\t\t\tMultiplexId: example.ID(),\n\t\t\tMultiplexProgramSettings: \u0026medialive.MultiplexProgramMultiplexProgramSettingsArgs{\n\t\t\t\tProgramNumber: pulumi.Int(1),\n\t\t\t\tPreferredChannelPipeline: pulumi.String(\"CURRENTLY_ACTIVE\"),\n\t\t\t\tVideoSettings: \u0026medialive.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs{\n\t\t\t\t\tConstantBitrate: pulumi.Int(100000),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.medialive.Multiplex;\nimport com.pulumi.aws.medialive.MultiplexArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexMultiplexSettingsArgs;\nimport com.pulumi.aws.medialive.MultiplexProgram;\nimport com.pulumi.aws.medialive.MultiplexProgramArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexProgramMultiplexProgramSettingsArgs;\nimport com.pulumi.aws.medialive.inputs.MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var example = new Multiplex(\"example\", MultiplexArgs.builder() \n .name(\"example-multiplex-changed\")\n .availabilityZones( \n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]),\n available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .multiplexSettings(MultiplexMultiplexSettingsArgs.builder()\n .transportStreamBitrate(1000000)\n .transportStreamId(1)\n .transportStreamReservedBitrate(1)\n .maximumVideoBufferDelayMilliseconds(1000)\n .build())\n .startMultiplex(true)\n .tags(Map.of(\"tag1\", \"value1\"))\n .build());\n\n var exampleMultiplexProgram = new MultiplexProgram(\"exampleMultiplexProgram\", MultiplexProgramArgs.builder() \n .programName(\"example_program\")\n .multiplexId(example.id())\n .multiplexProgramSettings(MultiplexProgramMultiplexProgramSettingsArgs.builder()\n .programNumber(1)\n .preferredChannelPipeline(\"CURRENTLY_ACTIVE\")\n .videoSettings(MultiplexProgramMultiplexProgramSettingsVideoSettingsArgs.builder()\n .constantBitrate(100000)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:medialive:Multiplex\n properties:\n name: example-multiplex-changed\n availabilityZones:\n - ${available.names[0]}\n - ${available.names[1]}\n multiplexSettings:\n transportStreamBitrate: 1e+06\n transportStreamId: 1\n transportStreamReservedBitrate: 1\n maximumVideoBufferDelayMilliseconds: 1000\n startMultiplex: true\n tags:\n tag1: value1\n exampleMultiplexProgram:\n type: aws:medialive:MultiplexProgram\n name: example\n properties:\n programName: example_program\n multiplexId: ${example.id}\n multiplexProgramSettings:\n programNumber: 1\n preferredChannelPipeline: CURRENTLY_ACTIVE\n videoSettings:\n constantBitrate: 100000\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MediaLive MultiplexProgram using the `id`, or a combination of \"`program_name`/`multiplex_id`\". For example:\n\n```sh\n$ pulumi import aws:medialive/multiplexProgram:MultiplexProgram example example_program/1234567\n```\n", "properties": { "multiplexId": { "type": "string", @@ -277481,7 +277481,7 @@ } }, "aws:msk/cluster:Cluster": { - "description": "Manages an Amazon MSK cluster.\n\n\u003e **Note:** This resource manages _provisioned_ clusters. To manage a _serverless_ Amazon MSK cluster, use the `aws.msk.ServerlessCluster` resource.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst vpc = new aws.ec2.Vpc(\"vpc\", {cidrBlock: \"192.168.0.0/22\"});\nconst azs = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst subnetAz1 = new aws.ec2.Subnet(\"subnet_az1\", {\n availabilityZone: azs.then(azs =\u003e azs.names?.[0]),\n cidrBlock: \"192.168.0.0/24\",\n vpcId: vpc.id,\n});\nconst subnetAz2 = new aws.ec2.Subnet(\"subnet_az2\", {\n availabilityZone: azs.then(azs =\u003e azs.names?.[1]),\n cidrBlock: \"192.168.1.0/24\",\n vpcId: vpc.id,\n});\nconst subnetAz3 = new aws.ec2.Subnet(\"subnet_az3\", {\n availabilityZone: azs.then(azs =\u003e azs.names?.[2]),\n cidrBlock: \"192.168.2.0/24\",\n vpcId: vpc.id,\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {vpcId: vpc.id});\nconst kms = new aws.kms.Key(\"kms\", {description: \"example\"});\nconst test = new aws.cloudwatch.LogGroup(\"test\", {name: \"msk_broker_logs\"});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"msk-broker-logs-bucket\"});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseRole = new aws.iam.Role(\"firehose_role\", {\n name: \"firehose_test_role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-msk-broker-logs-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n },\n tags: {\n LogDeliveryEnabled: \"placeholder\",\n },\n});\nconst example = new aws.msk.Cluster(\"example\", {\n clusterName: \"example\",\n kafkaVersion: \"3.2.0\",\n numberOfBrokerNodes: 3,\n brokerNodeGroupInfo: {\n instanceType: \"kafka.m5.large\",\n clientSubnets: [\n subnetAz1.id,\n subnetAz2.id,\n subnetAz3.id,\n ],\n storageInfo: {\n ebsStorageInfo: {\n volumeSize: 1000,\n },\n },\n securityGroups: [sg.id],\n },\n encryptionInfo: {\n encryptionAtRestKmsKeyArn: kms.arn,\n },\n openMonitoring: {\n prometheus: {\n jmxExporter: {\n enabledInBroker: true,\n },\n nodeExporter: {\n enabledInBroker: true,\n },\n },\n },\n loggingInfo: {\n brokerLogs: {\n cloudwatchLogs: {\n enabled: true,\n logGroup: test.name,\n },\n firehose: {\n enabled: true,\n deliveryStream: testStream.name,\n },\n s3: {\n enabled: true,\n bucket: bucket.id,\n prefix: \"logs/msk-\",\n },\n },\n },\n tags: {\n foo: \"bar\",\n },\n});\nexport const zookeeperConnectString = example.zookeeperConnectString;\nexport const bootstrapBrokersTls = example.bootstrapBrokersTls;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvpc = aws.ec2.Vpc(\"vpc\", cidr_block=\"192.168.0.0/22\")\nazs = aws.get_availability_zones(state=\"available\")\nsubnet_az1 = aws.ec2.Subnet(\"subnet_az1\",\n availability_zone=azs.names[0],\n cidr_block=\"192.168.0.0/24\",\n vpc_id=vpc.id)\nsubnet_az2 = aws.ec2.Subnet(\"subnet_az2\",\n availability_zone=azs.names[1],\n cidr_block=\"192.168.1.0/24\",\n vpc_id=vpc.id)\nsubnet_az3 = aws.ec2.Subnet(\"subnet_az3\",\n availability_zone=azs.names[2],\n cidr_block=\"192.168.2.0/24\",\n vpc_id=vpc.id)\nsg = aws.ec2.SecurityGroup(\"sg\", vpc_id=vpc.id)\nkms = aws.kms.Key(\"kms\", description=\"example\")\ntest = aws.cloudwatch.LogGroup(\"test\", name=\"msk_broker_logs\")\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"msk-broker-logs-bucket\")\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfirehose_role = aws.iam.Role(\"firehose_role\",\n name=\"firehose_test_role\",\n assume_role_policy=assume_role.json)\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-msk-broker-logs-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role.arn,\n bucket_arn=bucket.arn,\n ),\n tags={\n \"LogDeliveryEnabled\": \"placeholder\",\n })\nexample = aws.msk.Cluster(\"example\",\n cluster_name=\"example\",\n kafka_version=\"3.2.0\",\n number_of_broker_nodes=3,\n broker_node_group_info=aws.msk.ClusterBrokerNodeGroupInfoArgs(\n instance_type=\"kafka.m5.large\",\n client_subnets=[\n subnet_az1.id,\n subnet_az2.id,\n subnet_az3.id,\n ],\n storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoArgs(\n ebs_storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs(\n volume_size=1000,\n ),\n ),\n security_groups=[sg.id],\n ),\n encryption_info=aws.msk.ClusterEncryptionInfoArgs(\n encryption_at_rest_kms_key_arn=kms.arn,\n ),\n open_monitoring=aws.msk.ClusterOpenMonitoringArgs(\n prometheus=aws.msk.ClusterOpenMonitoringPrometheusArgs(\n jmx_exporter=aws.msk.ClusterOpenMonitoringPrometheusJmxExporterArgs(\n enabled_in_broker=True,\n ),\n node_exporter=aws.msk.ClusterOpenMonitoringPrometheusNodeExporterArgs(\n enabled_in_broker=True,\n ),\n ),\n ),\n logging_info=aws.msk.ClusterLoggingInfoArgs(\n broker_logs=aws.msk.ClusterLoggingInfoBrokerLogsArgs(\n cloudwatch_logs=aws.msk.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs(\n enabled=True,\n log_group=test.name,\n ),\n firehose=aws.msk.ClusterLoggingInfoBrokerLogsFirehoseArgs(\n enabled=True,\n delivery_stream=test_stream.name,\n ),\n s3=aws.msk.ClusterLoggingInfoBrokerLogsS3Args(\n enabled=True,\n bucket=bucket.id,\n prefix=\"logs/msk-\",\n ),\n ),\n ),\n tags={\n \"foo\": \"bar\",\n })\npulumi.export(\"zookeeperConnectString\", example.zookeeper_connect_string)\npulumi.export(\"bootstrapBrokersTls\", example.bootstrap_brokers_tls)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vpc = new Aws.Ec2.Vpc(\"vpc\", new()\n {\n CidrBlock = \"192.168.0.0/22\",\n });\n\n var azs = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var subnetAz1 = new Aws.Ec2.Subnet(\"subnet_az1\", new()\n {\n AvailabilityZone = azs.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n CidrBlock = \"192.168.0.0/24\",\n VpcId = vpc.Id,\n });\n\n var subnetAz2 = new Aws.Ec2.Subnet(\"subnet_az2\", new()\n {\n AvailabilityZone = azs.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n CidrBlock = \"192.168.1.0/24\",\n VpcId = vpc.Id,\n });\n\n var subnetAz3 = new Aws.Ec2.Subnet(\"subnet_az3\", new()\n {\n AvailabilityZone = azs.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[2]),\n CidrBlock = \"192.168.2.0/24\",\n VpcId = vpc.Id,\n });\n\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new()\n {\n VpcId = vpc.Id,\n });\n\n var kms = new Aws.Kms.Key(\"kms\", new()\n {\n Description = \"example\",\n });\n\n var test = new Aws.CloudWatch.LogGroup(\"test\", new()\n {\n Name = \"msk_broker_logs\",\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"msk-broker-logs-bucket\",\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseRole = new Aws.Iam.Role(\"firehose_role\", new()\n {\n Name = \"firehose_test_role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-msk-broker-logs-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n },\n Tags = \n {\n { \"LogDeliveryEnabled\", \"placeholder\" },\n },\n });\n\n var example = new Aws.Msk.Cluster(\"example\", new()\n {\n ClusterName = \"example\",\n KafkaVersion = \"3.2.0\",\n NumberOfBrokerNodes = 3,\n BrokerNodeGroupInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoArgs\n {\n InstanceType = \"kafka.m5.large\",\n ClientSubnets = new[]\n {\n subnetAz1.Id,\n subnetAz2.Id,\n subnetAz3.Id,\n },\n StorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs\n {\n EbsStorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs\n {\n VolumeSize = 1000,\n },\n },\n SecurityGroups = new[]\n {\n sg.Id,\n },\n },\n EncryptionInfo = new Aws.Msk.Inputs.ClusterEncryptionInfoArgs\n {\n EncryptionAtRestKmsKeyArn = kms.Arn,\n },\n OpenMonitoring = new Aws.Msk.Inputs.ClusterOpenMonitoringArgs\n {\n Prometheus = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusArgs\n {\n JmxExporter = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusJmxExporterArgs\n {\n EnabledInBroker = true,\n },\n NodeExporter = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusNodeExporterArgs\n {\n EnabledInBroker = true,\n },\n },\n },\n LoggingInfo = new Aws.Msk.Inputs.ClusterLoggingInfoArgs\n {\n BrokerLogs = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsArgs\n {\n CloudwatchLogs = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs\n {\n Enabled = true,\n LogGroup = test.Name,\n },\n Firehose = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsFirehoseArgs\n {\n Enabled = true,\n DeliveryStream = testStream.Name,\n },\n S3 = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsS3Args\n {\n Enabled = true,\n Bucket = bucket.Id,\n Prefix = \"logs/msk-\",\n },\n },\n },\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"zookeeperConnectString\"] = example.ZookeeperConnectString,\n [\"bootstrapBrokersTls\"] = example.BootstrapBrokersTls,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/msk\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := ec2.NewVpc(ctx, \"vpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"192.168.0.0/22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tazs, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz1, err := ec2.NewSubnet(ctx, \"subnet_az1\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: *pulumi.String(azs.Names[0]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.0.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz2, err := ec2.NewSubnet(ctx, \"subnet_az2\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: *pulumi.String(azs.Names[1]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.1.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz3, err := ec2.NewSubnet(ctx, \"subnet_az3\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: *pulumi.String(azs.Names[2]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.2.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", \u0026ec2.SecurityGroupArgs{\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkms, err := kms.NewKey(ctx, \"kms\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := cloudwatch.NewLogGroup(ctx, \"test\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"msk_broker_logs\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"msk-broker-logs-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehose_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_test_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-msk-broker-logs-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"LogDeliveryEnabled\": pulumi.String(\"placeholder\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := msk.NewCluster(ctx, \"example\", \u0026msk.ClusterArgs{\n\t\t\tClusterName: pulumi.String(\"example\"),\n\t\t\tKafkaVersion: pulumi.String(\"3.2.0\"),\n\t\t\tNumberOfBrokerNodes: pulumi.Int(3),\n\t\t\tBrokerNodeGroupInfo: \u0026msk.ClusterBrokerNodeGroupInfoArgs{\n\t\t\t\tInstanceType: pulumi.String(\"kafka.m5.large\"),\n\t\t\t\tClientSubnets: pulumi.StringArray{\n\t\t\t\t\tsubnetAz1.ID(),\n\t\t\t\t\tsubnetAz2.ID(),\n\t\t\t\t\tsubnetAz3.ID(),\n\t\t\t\t},\n\t\t\t\tStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoArgs{\n\t\t\t\t\tEbsStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs{\n\t\t\t\t\t\tVolumeSize: pulumi.Int(1000),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\t\tsg.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptionInfo: \u0026msk.ClusterEncryptionInfoArgs{\n\t\t\t\tEncryptionAtRestKmsKeyArn: kms.Arn,\n\t\t\t},\n\t\t\tOpenMonitoring: \u0026msk.ClusterOpenMonitoringArgs{\n\t\t\t\tPrometheus: \u0026msk.ClusterOpenMonitoringPrometheusArgs{\n\t\t\t\t\tJmxExporter: \u0026msk.ClusterOpenMonitoringPrometheusJmxExporterArgs{\n\t\t\t\t\t\tEnabledInBroker: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tNodeExporter: \u0026msk.ClusterOpenMonitoringPrometheusNodeExporterArgs{\n\t\t\t\t\t\tEnabledInBroker: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoggingInfo: \u0026msk.ClusterLoggingInfoArgs{\n\t\t\t\tBrokerLogs: \u0026msk.ClusterLoggingInfoBrokerLogsArgs{\n\t\t\t\t\tCloudwatchLogs: \u0026msk.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tLogGroup: test.Name,\n\t\t\t\t\t},\n\t\t\t\t\tFirehose: \u0026msk.ClusterLoggingInfoBrokerLogsFirehoseArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tDeliveryStream: testStream.Name,\n\t\t\t\t\t},\n\t\t\t\t\tS3: \u0026msk.ClusterLoggingInfoBrokerLogsS3Args{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tBucket: bucket.ID(),\n\t\t\t\t\t\tPrefix: pulumi.String(\"logs/msk-\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"zookeeperConnectString\", example.ZookeeperConnectString)\n\t\tctx.Export(\"bootstrapBrokersTls\", example.BootstrapBrokersTls)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.msk.Cluster;\nimport com.pulumi.aws.msk.ClusterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterEncryptionInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringPrometheusArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringPrometheusJmxExporterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringPrometheusNodeExporterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsFirehoseArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsS3Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vpc = new Vpc(\"vpc\", VpcArgs.builder() \n .cidrBlock(\"192.168.0.0/22\")\n .build());\n\n final var azs = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var subnetAz1 = new Subnet(\"subnetAz1\", SubnetArgs.builder() \n .availabilityZone(azs.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .cidrBlock(\"192.168.0.0/24\")\n .vpcId(vpc.id())\n .build());\n\n var subnetAz2 = new Subnet(\"subnetAz2\", SubnetArgs.builder() \n .availabilityZone(azs.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .cidrBlock(\"192.168.1.0/24\")\n .vpcId(vpc.id())\n .build());\n\n var subnetAz3 = new Subnet(\"subnetAz3\", SubnetArgs.builder() \n .availabilityZone(azs.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[2]))\n .cidrBlock(\"192.168.2.0/24\")\n .vpcId(vpc.id())\n .build());\n\n var sg = new SecurityGroup(\"sg\", SecurityGroupArgs.builder() \n .vpcId(vpc.id())\n .build());\n\n var kms = new Key(\"kms\", KeyArgs.builder() \n .description(\"example\")\n .build());\n\n var test = new LogGroup(\"test\", LogGroupArgs.builder() \n .name(\"msk_broker_logs\")\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"msk-broker-logs-bucket\")\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder() \n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseRole = new Role(\"firehoseRole\", RoleArgs.builder() \n .name(\"firehose_test_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-msk-broker-logs-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .build())\n .tags(Map.of(\"LogDeliveryEnabled\", \"placeholder\"))\n .build());\n\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterName(\"example\")\n .kafkaVersion(\"3.2.0\")\n .numberOfBrokerNodes(3)\n .brokerNodeGroupInfo(ClusterBrokerNodeGroupInfoArgs.builder()\n .instanceType(\"kafka.m5.large\")\n .clientSubnets( \n subnetAz1.id(),\n subnetAz2.id(),\n subnetAz3.id())\n .storageInfo(ClusterBrokerNodeGroupInfoStorageInfoArgs.builder()\n .ebsStorageInfo(ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs.builder()\n .volumeSize(1000)\n .build())\n .build())\n .securityGroups(sg.id())\n .build())\n .encryptionInfo(ClusterEncryptionInfoArgs.builder()\n .encryptionAtRestKmsKeyArn(kms.arn())\n .build())\n .openMonitoring(ClusterOpenMonitoringArgs.builder()\n .prometheus(ClusterOpenMonitoringPrometheusArgs.builder()\n .jmxExporter(ClusterOpenMonitoringPrometheusJmxExporterArgs.builder()\n .enabledInBroker(true)\n .build())\n .nodeExporter(ClusterOpenMonitoringPrometheusNodeExporterArgs.builder()\n .enabledInBroker(true)\n .build())\n .build())\n .build())\n .loggingInfo(ClusterLoggingInfoArgs.builder()\n .brokerLogs(ClusterLoggingInfoBrokerLogsArgs.builder()\n .cloudwatchLogs(ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs.builder()\n .enabled(true)\n .logGroup(test.name())\n .build())\n .firehose(ClusterLoggingInfoBrokerLogsFirehoseArgs.builder()\n .enabled(true)\n .deliveryStream(testStream.name())\n .build())\n .s3(ClusterLoggingInfoBrokerLogsS3Args.builder()\n .enabled(true)\n .bucket(bucket.id())\n .prefix(\"logs/msk-\")\n .build())\n .build())\n .build())\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n ctx.export(\"zookeeperConnectString\", example.zookeeperConnectString());\n ctx.export(\"bootstrapBrokersTls\", example.bootstrapBrokersTls());\n }\n}\n```\n```yaml\nresources:\n vpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 192.168.0.0/22\n subnetAz1:\n type: aws:ec2:Subnet\n name: subnet_az1\n properties:\n availabilityZone: ${azs.names[0]}\n cidrBlock: 192.168.0.0/24\n vpcId: ${vpc.id}\n subnetAz2:\n type: aws:ec2:Subnet\n name: subnet_az2\n properties:\n availabilityZone: ${azs.names[1]}\n cidrBlock: 192.168.1.0/24\n vpcId: ${vpc.id}\n subnetAz3:\n type: aws:ec2:Subnet\n name: subnet_az3\n properties:\n availabilityZone: ${azs.names[2]}\n cidrBlock: 192.168.2.0/24\n vpcId: ${vpc.id}\n sg:\n type: aws:ec2:SecurityGroup\n properties:\n vpcId: ${vpc.id}\n kms:\n type: aws:kms:Key\n properties:\n description: example\n test:\n type: aws:cloudwatch:LogGroup\n properties:\n name: msk_broker_logs\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: msk-broker-logs-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseRole:\n type: aws:iam:Role\n name: firehose_role\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${assumeRole.json}\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-msk-broker-logs-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n tags:\n LogDeliveryEnabled: placeholder\n example:\n type: aws:msk:Cluster\n properties:\n clusterName: example\n kafkaVersion: 3.2.0\n numberOfBrokerNodes: 3\n brokerNodeGroupInfo:\n instanceType: kafka.m5.large\n clientSubnets:\n - ${subnetAz1.id}\n - ${subnetAz2.id}\n - ${subnetAz3.id}\n storageInfo:\n ebsStorageInfo:\n volumeSize: 1000\n securityGroups:\n - ${sg.id}\n encryptionInfo:\n encryptionAtRestKmsKeyArn: ${kms.arn}\n openMonitoring:\n prometheus:\n jmxExporter:\n enabledInBroker: true\n nodeExporter:\n enabledInBroker: true\n loggingInfo:\n brokerLogs:\n cloudwatchLogs:\n enabled: true\n logGroup: ${test.name}\n firehose:\n enabled: true\n deliveryStream: ${testStream.name}\n s3:\n enabled: true\n bucket: ${bucket.id}\n prefix: logs/msk-\n tags:\n foo: bar\nvariables:\n azs:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\noutputs:\n zookeeperConnectString: ${example.zookeeperConnectString}\n bootstrapBrokersTls: ${example.bootstrapBrokersTls}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With volume_throughput argument\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.msk.Cluster(\"example\", {\n clusterName: \"example\",\n kafkaVersion: \"2.7.1\",\n numberOfBrokerNodes: 3,\n brokerNodeGroupInfo: {\n instanceType: \"kafka.m5.4xlarge\",\n clientSubnets: [\n subnetAz1.id,\n subnetAz2.id,\n subnetAz3.id,\n ],\n storageInfo: {\n ebsStorageInfo: {\n provisionedThroughput: {\n enabled: true,\n volumeThroughput: 250,\n },\n volumeSize: 1000,\n },\n },\n securityGroups: [sg.id],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.msk.Cluster(\"example\",\n cluster_name=\"example\",\n kafka_version=\"2.7.1\",\n number_of_broker_nodes=3,\n broker_node_group_info=aws.msk.ClusterBrokerNodeGroupInfoArgs(\n instance_type=\"kafka.m5.4xlarge\",\n client_subnets=[\n subnet_az1[\"id\"],\n subnet_az2[\"id\"],\n subnet_az3[\"id\"],\n ],\n storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoArgs(\n ebs_storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs(\n provisioned_throughput=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs(\n enabled=True,\n volume_throughput=250,\n ),\n volume_size=1000,\n ),\n ),\n security_groups=[sg[\"id\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Msk.Cluster(\"example\", new()\n {\n ClusterName = \"example\",\n KafkaVersion = \"2.7.1\",\n NumberOfBrokerNodes = 3,\n BrokerNodeGroupInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoArgs\n {\n InstanceType = \"kafka.m5.4xlarge\",\n ClientSubnets = new[]\n {\n subnetAz1.Id,\n subnetAz2.Id,\n subnetAz3.Id,\n },\n StorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs\n {\n EbsStorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs\n {\n ProvisionedThroughput = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs\n {\n Enabled = true,\n VolumeThroughput = 250,\n },\n VolumeSize = 1000,\n },\n },\n SecurityGroups = new[]\n {\n sg.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/msk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := msk.NewCluster(ctx, \"example\", \u0026msk.ClusterArgs{\n\t\t\tClusterName: pulumi.String(\"example\"),\n\t\t\tKafkaVersion: pulumi.String(\"2.7.1\"),\n\t\t\tNumberOfBrokerNodes: pulumi.Int(3),\n\t\t\tBrokerNodeGroupInfo: \u0026msk.ClusterBrokerNodeGroupInfoArgs{\n\t\t\t\tInstanceType: pulumi.String(\"kafka.m5.4xlarge\"),\n\t\t\t\tClientSubnets: pulumi.StringArray{\n\t\t\t\t\tsubnetAz1.Id,\n\t\t\t\t\tsubnetAz2.Id,\n\t\t\t\t\tsubnetAz3.Id,\n\t\t\t\t},\n\t\t\t\tStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoArgs{\n\t\t\t\t\tEbsStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs{\n\t\t\t\t\t\tProvisionedThroughput: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tVolumeThroughput: pulumi.Int(250),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVolumeSize: pulumi.Int(1000),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\t\tsg.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.msk.Cluster;\nimport com.pulumi.aws.msk.ClusterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterName(\"example\")\n .kafkaVersion(\"2.7.1\")\n .numberOfBrokerNodes(3)\n .brokerNodeGroupInfo(ClusterBrokerNodeGroupInfoArgs.builder()\n .instanceType(\"kafka.m5.4xlarge\")\n .clientSubnets( \n subnetAz1.id(),\n subnetAz2.id(),\n subnetAz3.id())\n .storageInfo(ClusterBrokerNodeGroupInfoStorageInfoArgs.builder()\n .ebsStorageInfo(ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs.builder()\n .provisionedThroughput(ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs.builder()\n .enabled(true)\n .volumeThroughput(250)\n .build())\n .volumeSize(1000)\n .build())\n .build())\n .securityGroups(sg.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:msk:Cluster\n properties:\n clusterName: example\n kafkaVersion: 2.7.1\n numberOfBrokerNodes: 3\n brokerNodeGroupInfo:\n instanceType: kafka.m5.4xlarge\n clientSubnets:\n - ${subnetAz1.id}\n - ${subnetAz2.id}\n - ${subnetAz3.id}\n storageInfo:\n ebsStorageInfo:\n provisionedThroughput:\n enabled: true\n volumeThroughput: 250\n volumeSize: 1000\n securityGroups:\n - ${sg.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MSK clusters using the cluster `arn`. For example:\n\n```sh\n$ pulumi import aws:msk/cluster:Cluster example arn:aws:kafka:us-west-2:123456789012:cluster/example/279c0212-d057-4dba-9aa9-1c4e5a25bfc7-3\n```\n", + "description": "Manages an Amazon MSK cluster.\n\n\u003e **Note:** This resource manages _provisioned_ clusters. To manage a _serverless_ Amazon MSK cluster, use the `aws.msk.ServerlessCluster` resource.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst vpc = new aws.ec2.Vpc(\"vpc\", {cidrBlock: \"192.168.0.0/22\"});\nconst azs = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst subnetAz1 = new aws.ec2.Subnet(\"subnet_az1\", {\n availabilityZone: azs.then(azs =\u003e azs.names?.[0]),\n cidrBlock: \"192.168.0.0/24\",\n vpcId: vpc.id,\n});\nconst subnetAz2 = new aws.ec2.Subnet(\"subnet_az2\", {\n availabilityZone: azs.then(azs =\u003e azs.names?.[1]),\n cidrBlock: \"192.168.1.0/24\",\n vpcId: vpc.id,\n});\nconst subnetAz3 = new aws.ec2.Subnet(\"subnet_az3\", {\n availabilityZone: azs.then(azs =\u003e azs.names?.[2]),\n cidrBlock: \"192.168.2.0/24\",\n vpcId: vpc.id,\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {vpcId: vpc.id});\nconst kms = new aws.kms.Key(\"kms\", {description: \"example\"});\nconst test = new aws.cloudwatch.LogGroup(\"test\", {name: \"msk_broker_logs\"});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"msk-broker-logs-bucket\"});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseRole = new aws.iam.Role(\"firehose_role\", {\n name: \"firehose_test_role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-msk-broker-logs-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n },\n tags: {\n LogDeliveryEnabled: \"placeholder\",\n },\n});\nconst example = new aws.msk.Cluster(\"example\", {\n clusterName: \"example\",\n kafkaVersion: \"3.2.0\",\n numberOfBrokerNodes: 3,\n brokerNodeGroupInfo: {\n instanceType: \"kafka.m5.large\",\n clientSubnets: [\n subnetAz1.id,\n subnetAz2.id,\n subnetAz3.id,\n ],\n storageInfo: {\n ebsStorageInfo: {\n volumeSize: 1000,\n },\n },\n securityGroups: [sg.id],\n },\n encryptionInfo: {\n encryptionAtRestKmsKeyArn: kms.arn,\n },\n openMonitoring: {\n prometheus: {\n jmxExporter: {\n enabledInBroker: true,\n },\n nodeExporter: {\n enabledInBroker: true,\n },\n },\n },\n loggingInfo: {\n brokerLogs: {\n cloudwatchLogs: {\n enabled: true,\n logGroup: test.name,\n },\n firehose: {\n enabled: true,\n deliveryStream: testStream.name,\n },\n s3: {\n enabled: true,\n bucket: bucket.id,\n prefix: \"logs/msk-\",\n },\n },\n },\n tags: {\n foo: \"bar\",\n },\n});\nexport const zookeeperConnectString = example.zookeeperConnectString;\nexport const bootstrapBrokersTls = example.bootstrapBrokersTls;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvpc = aws.ec2.Vpc(\"vpc\", cidr_block=\"192.168.0.0/22\")\nazs = aws.get_availability_zones(state=\"available\")\nsubnet_az1 = aws.ec2.Subnet(\"subnet_az1\",\n availability_zone=azs.names[0],\n cidr_block=\"192.168.0.0/24\",\n vpc_id=vpc.id)\nsubnet_az2 = aws.ec2.Subnet(\"subnet_az2\",\n availability_zone=azs.names[1],\n cidr_block=\"192.168.1.0/24\",\n vpc_id=vpc.id)\nsubnet_az3 = aws.ec2.Subnet(\"subnet_az3\",\n availability_zone=azs.names[2],\n cidr_block=\"192.168.2.0/24\",\n vpc_id=vpc.id)\nsg = aws.ec2.SecurityGroup(\"sg\", vpc_id=vpc.id)\nkms = aws.kms.Key(\"kms\", description=\"example\")\ntest = aws.cloudwatch.LogGroup(\"test\", name=\"msk_broker_logs\")\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"msk-broker-logs-bucket\")\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfirehose_role = aws.iam.Role(\"firehose_role\",\n name=\"firehose_test_role\",\n assume_role_policy=assume_role.json)\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-msk-broker-logs-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role.arn,\n bucket_arn=bucket.arn,\n ),\n tags={\n \"LogDeliveryEnabled\": \"placeholder\",\n })\nexample = aws.msk.Cluster(\"example\",\n cluster_name=\"example\",\n kafka_version=\"3.2.0\",\n number_of_broker_nodes=3,\n broker_node_group_info=aws.msk.ClusterBrokerNodeGroupInfoArgs(\n instance_type=\"kafka.m5.large\",\n client_subnets=[\n subnet_az1.id,\n subnet_az2.id,\n subnet_az3.id,\n ],\n storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoArgs(\n ebs_storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs(\n volume_size=1000,\n ),\n ),\n security_groups=[sg.id],\n ),\n encryption_info=aws.msk.ClusterEncryptionInfoArgs(\n encryption_at_rest_kms_key_arn=kms.arn,\n ),\n open_monitoring=aws.msk.ClusterOpenMonitoringArgs(\n prometheus=aws.msk.ClusterOpenMonitoringPrometheusArgs(\n jmx_exporter=aws.msk.ClusterOpenMonitoringPrometheusJmxExporterArgs(\n enabled_in_broker=True,\n ),\n node_exporter=aws.msk.ClusterOpenMonitoringPrometheusNodeExporterArgs(\n enabled_in_broker=True,\n ),\n ),\n ),\n logging_info=aws.msk.ClusterLoggingInfoArgs(\n broker_logs=aws.msk.ClusterLoggingInfoBrokerLogsArgs(\n cloudwatch_logs=aws.msk.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs(\n enabled=True,\n log_group=test.name,\n ),\n firehose=aws.msk.ClusterLoggingInfoBrokerLogsFirehoseArgs(\n enabled=True,\n delivery_stream=test_stream.name,\n ),\n s3=aws.msk.ClusterLoggingInfoBrokerLogsS3Args(\n enabled=True,\n bucket=bucket.id,\n prefix=\"logs/msk-\",\n ),\n ),\n ),\n tags={\n \"foo\": \"bar\",\n })\npulumi.export(\"zookeeperConnectString\", example.zookeeper_connect_string)\npulumi.export(\"bootstrapBrokersTls\", example.bootstrap_brokers_tls)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vpc = new Aws.Ec2.Vpc(\"vpc\", new()\n {\n CidrBlock = \"192.168.0.0/22\",\n });\n\n var azs = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n var subnetAz1 = new Aws.Ec2.Subnet(\"subnet_az1\", new()\n {\n AvailabilityZone = azs.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n CidrBlock = \"192.168.0.0/24\",\n VpcId = vpc.Id,\n });\n\n var subnetAz2 = new Aws.Ec2.Subnet(\"subnet_az2\", new()\n {\n AvailabilityZone = azs.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n CidrBlock = \"192.168.1.0/24\",\n VpcId = vpc.Id,\n });\n\n var subnetAz3 = new Aws.Ec2.Subnet(\"subnet_az3\", new()\n {\n AvailabilityZone = azs.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[2]),\n CidrBlock = \"192.168.2.0/24\",\n VpcId = vpc.Id,\n });\n\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new()\n {\n VpcId = vpc.Id,\n });\n\n var kms = new Aws.Kms.Key(\"kms\", new()\n {\n Description = \"example\",\n });\n\n var test = new Aws.CloudWatch.LogGroup(\"test\", new()\n {\n Name = \"msk_broker_logs\",\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"msk-broker-logs-bucket\",\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseRole = new Aws.Iam.Role(\"firehose_role\", new()\n {\n Name = \"firehose_test_role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-msk-broker-logs-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n },\n Tags = \n {\n { \"LogDeliveryEnabled\", \"placeholder\" },\n },\n });\n\n var example = new Aws.Msk.Cluster(\"example\", new()\n {\n ClusterName = \"example\",\n KafkaVersion = \"3.2.0\",\n NumberOfBrokerNodes = 3,\n BrokerNodeGroupInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoArgs\n {\n InstanceType = \"kafka.m5.large\",\n ClientSubnets = new[]\n {\n subnetAz1.Id,\n subnetAz2.Id,\n subnetAz3.Id,\n },\n StorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs\n {\n EbsStorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs\n {\n VolumeSize = 1000,\n },\n },\n SecurityGroups = new[]\n {\n sg.Id,\n },\n },\n EncryptionInfo = new Aws.Msk.Inputs.ClusterEncryptionInfoArgs\n {\n EncryptionAtRestKmsKeyArn = kms.Arn,\n },\n OpenMonitoring = new Aws.Msk.Inputs.ClusterOpenMonitoringArgs\n {\n Prometheus = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusArgs\n {\n JmxExporter = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusJmxExporterArgs\n {\n EnabledInBroker = true,\n },\n NodeExporter = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusNodeExporterArgs\n {\n EnabledInBroker = true,\n },\n },\n },\n LoggingInfo = new Aws.Msk.Inputs.ClusterLoggingInfoArgs\n {\n BrokerLogs = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsArgs\n {\n CloudwatchLogs = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs\n {\n Enabled = true,\n LogGroup = test.Name,\n },\n Firehose = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsFirehoseArgs\n {\n Enabled = true,\n DeliveryStream = testStream.Name,\n },\n S3 = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsS3Args\n {\n Enabled = true,\n Bucket = bucket.Id,\n Prefix = \"logs/msk-\",\n },\n },\n },\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"zookeeperConnectString\"] = example.ZookeeperConnectString,\n [\"bootstrapBrokersTls\"] = example.BootstrapBrokersTls,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/msk\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := ec2.NewVpc(ctx, \"vpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"192.168.0.0/22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tazs, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz1, err := ec2.NewSubnet(ctx, \"subnet_az1\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(azs.Names[0]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.0.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz2, err := ec2.NewSubnet(ctx, \"subnet_az2\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(azs.Names[1]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.1.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz3, err := ec2.NewSubnet(ctx, \"subnet_az3\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(azs.Names[2]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.2.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", \u0026ec2.SecurityGroupArgs{\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkms, err := kms.NewKey(ctx, \"kms\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := cloudwatch.NewLogGroup(ctx, \"test\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"msk_broker_logs\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"msk-broker-logs-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehose_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-msk-broker-logs-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"LogDeliveryEnabled\": pulumi.String(\"placeholder\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := msk.NewCluster(ctx, \"example\", \u0026msk.ClusterArgs{\n\t\t\tClusterName: pulumi.String(\"example\"),\n\t\t\tKafkaVersion: pulumi.String(\"3.2.0\"),\n\t\t\tNumberOfBrokerNodes: pulumi.Int(3),\n\t\t\tBrokerNodeGroupInfo: \u0026msk.ClusterBrokerNodeGroupInfoArgs{\n\t\t\t\tInstanceType: pulumi.String(\"kafka.m5.large\"),\n\t\t\t\tClientSubnets: pulumi.StringArray{\n\t\t\t\t\tsubnetAz1.ID(),\n\t\t\t\t\tsubnetAz2.ID(),\n\t\t\t\t\tsubnetAz3.ID(),\n\t\t\t\t},\n\t\t\t\tStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoArgs{\n\t\t\t\t\tEbsStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs{\n\t\t\t\t\t\tVolumeSize: pulumi.Int(1000),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\t\tsg.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptionInfo: \u0026msk.ClusterEncryptionInfoArgs{\n\t\t\t\tEncryptionAtRestKmsKeyArn: kms.Arn,\n\t\t\t},\n\t\t\tOpenMonitoring: \u0026msk.ClusterOpenMonitoringArgs{\n\t\t\t\tPrometheus: \u0026msk.ClusterOpenMonitoringPrometheusArgs{\n\t\t\t\t\tJmxExporter: \u0026msk.ClusterOpenMonitoringPrometheusJmxExporterArgs{\n\t\t\t\t\t\tEnabledInBroker: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tNodeExporter: \u0026msk.ClusterOpenMonitoringPrometheusNodeExporterArgs{\n\t\t\t\t\t\tEnabledInBroker: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoggingInfo: \u0026msk.ClusterLoggingInfoArgs{\n\t\t\t\tBrokerLogs: \u0026msk.ClusterLoggingInfoBrokerLogsArgs{\n\t\t\t\t\tCloudwatchLogs: \u0026msk.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tLogGroup: test.Name,\n\t\t\t\t\t},\n\t\t\t\t\tFirehose: \u0026msk.ClusterLoggingInfoBrokerLogsFirehoseArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tDeliveryStream: testStream.Name,\n\t\t\t\t\t},\n\t\t\t\t\tS3: \u0026msk.ClusterLoggingInfoBrokerLogsS3Args{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tBucket: bucket.ID(),\n\t\t\t\t\t\tPrefix: pulumi.String(\"logs/msk-\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"zookeeperConnectString\", example.ZookeeperConnectString)\n\t\tctx.Export(\"bootstrapBrokersTls\", example.BootstrapBrokersTls)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.msk.Cluster;\nimport com.pulumi.aws.msk.ClusterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterEncryptionInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringPrometheusArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringPrometheusJmxExporterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterOpenMonitoringPrometheusNodeExporterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsFirehoseArgs;\nimport com.pulumi.aws.msk.inputs.ClusterLoggingInfoBrokerLogsS3Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vpc = new Vpc(\"vpc\", VpcArgs.builder() \n .cidrBlock(\"192.168.0.0/22\")\n .build());\n\n final var azs = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var subnetAz1 = new Subnet(\"subnetAz1\", SubnetArgs.builder() \n .availabilityZone(azs.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .cidrBlock(\"192.168.0.0/24\")\n .vpcId(vpc.id())\n .build());\n\n var subnetAz2 = new Subnet(\"subnetAz2\", SubnetArgs.builder() \n .availabilityZone(azs.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .cidrBlock(\"192.168.1.0/24\")\n .vpcId(vpc.id())\n .build());\n\n var subnetAz3 = new Subnet(\"subnetAz3\", SubnetArgs.builder() \n .availabilityZone(azs.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[2]))\n .cidrBlock(\"192.168.2.0/24\")\n .vpcId(vpc.id())\n .build());\n\n var sg = new SecurityGroup(\"sg\", SecurityGroupArgs.builder() \n .vpcId(vpc.id())\n .build());\n\n var kms = new Key(\"kms\", KeyArgs.builder() \n .description(\"example\")\n .build());\n\n var test = new LogGroup(\"test\", LogGroupArgs.builder() \n .name(\"msk_broker_logs\")\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"msk-broker-logs-bucket\")\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder() \n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseRole = new Role(\"firehoseRole\", RoleArgs.builder() \n .name(\"firehose_test_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder() \n .name(\"kinesis-firehose-msk-broker-logs-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .build())\n .tags(Map.of(\"LogDeliveryEnabled\", \"placeholder\"))\n .build());\n\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterName(\"example\")\n .kafkaVersion(\"3.2.0\")\n .numberOfBrokerNodes(3)\n .brokerNodeGroupInfo(ClusterBrokerNodeGroupInfoArgs.builder()\n .instanceType(\"kafka.m5.large\")\n .clientSubnets( \n subnetAz1.id(),\n subnetAz2.id(),\n subnetAz3.id())\n .storageInfo(ClusterBrokerNodeGroupInfoStorageInfoArgs.builder()\n .ebsStorageInfo(ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs.builder()\n .volumeSize(1000)\n .build())\n .build())\n .securityGroups(sg.id())\n .build())\n .encryptionInfo(ClusterEncryptionInfoArgs.builder()\n .encryptionAtRestKmsKeyArn(kms.arn())\n .build())\n .openMonitoring(ClusterOpenMonitoringArgs.builder()\n .prometheus(ClusterOpenMonitoringPrometheusArgs.builder()\n .jmxExporter(ClusterOpenMonitoringPrometheusJmxExporterArgs.builder()\n .enabledInBroker(true)\n .build())\n .nodeExporter(ClusterOpenMonitoringPrometheusNodeExporterArgs.builder()\n .enabledInBroker(true)\n .build())\n .build())\n .build())\n .loggingInfo(ClusterLoggingInfoArgs.builder()\n .brokerLogs(ClusterLoggingInfoBrokerLogsArgs.builder()\n .cloudwatchLogs(ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs.builder()\n .enabled(true)\n .logGroup(test.name())\n .build())\n .firehose(ClusterLoggingInfoBrokerLogsFirehoseArgs.builder()\n .enabled(true)\n .deliveryStream(testStream.name())\n .build())\n .s3(ClusterLoggingInfoBrokerLogsS3Args.builder()\n .enabled(true)\n .bucket(bucket.id())\n .prefix(\"logs/msk-\")\n .build())\n .build())\n .build())\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n ctx.export(\"zookeeperConnectString\", example.zookeeperConnectString());\n ctx.export(\"bootstrapBrokersTls\", example.bootstrapBrokersTls());\n }\n}\n```\n```yaml\nresources:\n vpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 192.168.0.0/22\n subnetAz1:\n type: aws:ec2:Subnet\n name: subnet_az1\n properties:\n availabilityZone: ${azs.names[0]}\n cidrBlock: 192.168.0.0/24\n vpcId: ${vpc.id}\n subnetAz2:\n type: aws:ec2:Subnet\n name: subnet_az2\n properties:\n availabilityZone: ${azs.names[1]}\n cidrBlock: 192.168.1.0/24\n vpcId: ${vpc.id}\n subnetAz3:\n type: aws:ec2:Subnet\n name: subnet_az3\n properties:\n availabilityZone: ${azs.names[2]}\n cidrBlock: 192.168.2.0/24\n vpcId: ${vpc.id}\n sg:\n type: aws:ec2:SecurityGroup\n properties:\n vpcId: ${vpc.id}\n kms:\n type: aws:kms:Key\n properties:\n description: example\n test:\n type: aws:cloudwatch:LogGroup\n properties:\n name: msk_broker_logs\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: msk-broker-logs-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseRole:\n type: aws:iam:Role\n name: firehose_role\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${assumeRole.json}\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-msk-broker-logs-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n tags:\n LogDeliveryEnabled: placeholder\n example:\n type: aws:msk:Cluster\n properties:\n clusterName: example\n kafkaVersion: 3.2.0\n numberOfBrokerNodes: 3\n brokerNodeGroupInfo:\n instanceType: kafka.m5.large\n clientSubnets:\n - ${subnetAz1.id}\n - ${subnetAz2.id}\n - ${subnetAz3.id}\n storageInfo:\n ebsStorageInfo:\n volumeSize: 1000\n securityGroups:\n - ${sg.id}\n encryptionInfo:\n encryptionAtRestKmsKeyArn: ${kms.arn}\n openMonitoring:\n prometheus:\n jmxExporter:\n enabledInBroker: true\n nodeExporter:\n enabledInBroker: true\n loggingInfo:\n brokerLogs:\n cloudwatchLogs:\n enabled: true\n logGroup: ${test.name}\n firehose:\n enabled: true\n deliveryStream: ${testStream.name}\n s3:\n enabled: true\n bucket: ${bucket.id}\n prefix: logs/msk-\n tags:\n foo: bar\nvariables:\n azs:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\noutputs:\n zookeeperConnectString: ${example.zookeeperConnectString}\n bootstrapBrokersTls: ${example.bootstrapBrokersTls}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With volume_throughput argument\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.msk.Cluster(\"example\", {\n clusterName: \"example\",\n kafkaVersion: \"2.7.1\",\n numberOfBrokerNodes: 3,\n brokerNodeGroupInfo: {\n instanceType: \"kafka.m5.4xlarge\",\n clientSubnets: [\n subnetAz1.id,\n subnetAz2.id,\n subnetAz3.id,\n ],\n storageInfo: {\n ebsStorageInfo: {\n provisionedThroughput: {\n enabled: true,\n volumeThroughput: 250,\n },\n volumeSize: 1000,\n },\n },\n securityGroups: [sg.id],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.msk.Cluster(\"example\",\n cluster_name=\"example\",\n kafka_version=\"2.7.1\",\n number_of_broker_nodes=3,\n broker_node_group_info=aws.msk.ClusterBrokerNodeGroupInfoArgs(\n instance_type=\"kafka.m5.4xlarge\",\n client_subnets=[\n subnet_az1[\"id\"],\n subnet_az2[\"id\"],\n subnet_az3[\"id\"],\n ],\n storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoArgs(\n ebs_storage_info=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs(\n provisioned_throughput=aws.msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs(\n enabled=True,\n volume_throughput=250,\n ),\n volume_size=1000,\n ),\n ),\n security_groups=[sg[\"id\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Msk.Cluster(\"example\", new()\n {\n ClusterName = \"example\",\n KafkaVersion = \"2.7.1\",\n NumberOfBrokerNodes = 3,\n BrokerNodeGroupInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoArgs\n {\n InstanceType = \"kafka.m5.4xlarge\",\n ClientSubnets = new[]\n {\n subnetAz1.Id,\n subnetAz2.Id,\n subnetAz3.Id,\n },\n StorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs\n {\n EbsStorageInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs\n {\n ProvisionedThroughput = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs\n {\n Enabled = true,\n VolumeThroughput = 250,\n },\n VolumeSize = 1000,\n },\n },\n SecurityGroups = new[]\n {\n sg.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/msk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := msk.NewCluster(ctx, \"example\", \u0026msk.ClusterArgs{\n\t\t\tClusterName: pulumi.String(\"example\"),\n\t\t\tKafkaVersion: pulumi.String(\"2.7.1\"),\n\t\t\tNumberOfBrokerNodes: pulumi.Int(3),\n\t\t\tBrokerNodeGroupInfo: \u0026msk.ClusterBrokerNodeGroupInfoArgs{\n\t\t\t\tInstanceType: pulumi.String(\"kafka.m5.4xlarge\"),\n\t\t\t\tClientSubnets: pulumi.StringArray{\n\t\t\t\t\tsubnetAz1.Id,\n\t\t\t\t\tsubnetAz2.Id,\n\t\t\t\t\tsubnetAz3.Id,\n\t\t\t\t},\n\t\t\t\tStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoArgs{\n\t\t\t\t\tEbsStorageInfo: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs{\n\t\t\t\t\t\tProvisionedThroughput: \u0026msk.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tVolumeThroughput: pulumi.Int(250),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tVolumeSize: pulumi.Int(1000),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\t\tsg.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.msk.Cluster;\nimport com.pulumi.aws.msk.ClusterArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs;\nimport com.pulumi.aws.msk.inputs.ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterName(\"example\")\n .kafkaVersion(\"2.7.1\")\n .numberOfBrokerNodes(3)\n .brokerNodeGroupInfo(ClusterBrokerNodeGroupInfoArgs.builder()\n .instanceType(\"kafka.m5.4xlarge\")\n .clientSubnets( \n subnetAz1.id(),\n subnetAz2.id(),\n subnetAz3.id())\n .storageInfo(ClusterBrokerNodeGroupInfoStorageInfoArgs.builder()\n .ebsStorageInfo(ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoArgs.builder()\n .provisionedThroughput(ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughputArgs.builder()\n .enabled(true)\n .volumeThroughput(250)\n .build())\n .volumeSize(1000)\n .build())\n .build())\n .securityGroups(sg.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:msk:Cluster\n properties:\n clusterName: example\n kafkaVersion: 2.7.1\n numberOfBrokerNodes: 3\n brokerNodeGroupInfo:\n instanceType: kafka.m5.4xlarge\n clientSubnets:\n - ${subnetAz1.id}\n - ${subnetAz2.id}\n - ${subnetAz3.id}\n storageInfo:\n ebsStorageInfo:\n provisionedThroughput:\n enabled: true\n volumeThroughput: 250\n volumeSize: 1000\n securityGroups:\n - ${sg.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MSK clusters using the cluster `arn`. For example:\n\n```sh\n$ pulumi import aws:msk/cluster:Cluster example arn:aws:kafka:us-west-2:123456789012:cluster/example/279c0212-d057-4dba-9aa9-1c4e5a25bfc7-3\n```\n", "properties": { "arn": { "type": "string", @@ -282590,7 +282590,7 @@ } }, "aws:networkmanager/coreNetwork:CoreNetwork": { - "description": "Provides a core network resource.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\", global_network_id=example_aws_networkmanager_global_network[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With description\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id,\n description: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_aws_networkmanager_global_network[\"id\"],\n description=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n Description = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .description(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n description: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id,\n tags: {\n hello: \"world\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_aws_networkmanager_global_network[\"id\"],\n tags={\n \"hello\": \"world\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n Tags = \n {\n { \"hello\", \"world\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"hello\": pulumi.String(\"world\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .tags(Map.of(\"hello\", \"world\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n tags:\n hello: world\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Single Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. There are 2 options to implement this:\n\n- Option 1: Use the `base_policy_document` argument that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2` and ASN `65500` are used in the base policy.\n- Option 2: Use the `create_base_policy` argument only. This creates a base policy in the region specified in the `provider` block.\n\n### Option 1 - using base_policy_document\n\nIf you require a custom ASN for the edge location, please use the `base_policy_document` argument to pass a specific ASN. For example:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: *pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - create_base_policy only\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Multi-Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument of the `aws.networkmanager.CoreNetwork` resource to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. For multi-region in a core network that does not yet have a `LIVE` policy, there are 2 options:\n\n- Option 1: Use the `base_policy_document` argument that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2`, `us-east-1` and specific ASNs are used in the base policy.\n- Option 2: Pass a list of regions to the `aws.networkmanager.CoreNetwork` `base_policy_regions` argument. In the example below, `us-west-2` and `us-east-1` are specified in the base policy.\n\n### Option 1 - using base_policy_document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n{\nLocation: \"us-east-1\",\nAsn: pulumi.StringRef(\"65501\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: *pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\nAsn: pulumi.String(\"65501\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - using base_policy_regions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyRegions: [\n \"us-west-2\",\n \"us-east-1\",\n ],\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n },\n {\n location: \"us-east-1\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_regions=[\n \"us-west-2\",\n \"us-east-1\",\n ],\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyRegions = new[]\n {\n \"us-west-2\",\n \"us-east-1\",\n },\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyRegions: pulumi.StringArray{\npulumi.String(\"us-west-2\"),\npulumi.String(\"us-east-1\"),\n},\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyRegions( \n \"us-west-2\",\n \"us-east-1\")\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_networkmanager_core_network` using the core network ID. For example:\n\n```sh\n$ pulumi import aws:networkmanager/coreNetwork:CoreNetwork example core-network-0d47f6t230mz46dy4\n```\n", + "description": "Provides a core network resource.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\", global_network_id=example_aws_networkmanager_global_network[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With description\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id,\n description: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_aws_networkmanager_global_network[\"id\"],\n description=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n Description = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .description(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n description: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id,\n tags: {\n hello: \"world\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_aws_networkmanager_global_network[\"id\"],\n tags={\n \"hello\": \"world\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n Tags = \n {\n { \"hello\", \"world\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"hello\": pulumi.String(\"world\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .tags(Map.of(\"hello\", \"world\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n tags:\n hello: world\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Single Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. There are 2 options to implement this:\n\n- Option 1: Use the `base_policy_document` argument that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2` and ASN `65500` are used in the base policy.\n- Option 2: Use the `create_base_policy` argument only. This creates a base policy in the region specified in the `provider` block.\n\n### Option 1 - using base_policy_document\n\nIf you require a custom ASN for the edge location, please use the `base_policy_document` argument to pass a specific ASN. For example:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - create_base_policy only\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Multi-Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument of the `aws.networkmanager.CoreNetwork` resource to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. For multi-region in a core network that does not yet have a `LIVE` policy, there are 2 options:\n\n- Option 1: Use the `base_policy_document` argument that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2`, `us-east-1` and specific ASNs are used in the base policy.\n- Option 2: Pass a list of regions to the `aws.networkmanager.CoreNetwork` `base_policy_regions` argument. In the example below, `us-west-2` and `us-east-1` are specified in the base policy.\n\n### Option 1 - using base_policy_document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n{\nLocation: \"us-east-1\",\nAsn: pulumi.StringRef(\"65501\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\nAsn: pulumi.String(\"65501\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - using base_policy_regions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyRegions: [\n \"us-west-2\",\n \"us-east-1\",\n ],\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n },\n {\n location: \"us-east-1\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_regions=[\n \"us-west-2\",\n \"us-east-1\",\n ],\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyRegions = new[]\n {\n \"us-west-2\",\n \"us-east-1\",\n },\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyRegions: pulumi.StringArray{\npulumi.String(\"us-west-2\"),\npulumi.String(\"us-east-1\"),\n},\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyRegions( \n \"us-west-2\",\n \"us-east-1\")\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_networkmanager_core_network` using the core network ID. For example:\n\n```sh\n$ pulumi import aws:networkmanager/coreNetwork:CoreNetwork example core-network-0d47f6t230mz46dy4\n```\n", "properties": { "arn": { "type": "string", @@ -282790,7 +282790,7 @@ } }, "aws:networkmanager/coreNetworkPolicyAttachment:CoreNetworkPolicyAttachment": { - "description": "Provides a Core Network Policy Attachment resource. This puts a Core Network Policy to an existing Core Network and executes the change set, which deploys changes globally based on the policy submitted (Sets the policy to `LIVE`).\n\n\u003e **NOTE:** Deleting this resource will not delete the current policy defined in this resource. Deleting this resource will also not revert the current `LIVE` policy to the previous version.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: example.id,\n policyDocument: exampleAwsNetworkmanagerCoreNetworkPolicyDocument.json,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\", global_network_id=example_aws_networkmanager_global_network[\"id\"])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example.id,\n policy_document=example_aws_networkmanager_core_network_policy_document[\"json\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = example.Id,\n PolicyDocument = exampleAwsNetworkmanagerCoreNetworkPolicyDocument.Json,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\n\t\t\tCoreNetworkId: example.ID(),\n\t\t\tPolicyDocument: pulumi.Any(exampleAwsNetworkmanagerCoreNetworkPolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(example.id())\n .policyDocument(exampleAwsNetworkmanagerCoreNetworkPolicyDocument.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n exampleCoreNetworkPolicyAttachment:\n type: aws:networkmanager:CoreNetworkPolicyAttachment\n name: example\n properties:\n coreNetworkId: ${example.id}\n policyDocument: ${exampleAwsNetworkmanagerCoreNetworkPolicyDocument.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Single Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument of the `aws.networkmanager.CoreNetwork` resource to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. There are 2 options to implement this:\n\n- Option 1: Use the `base_policy_document` argument in the `aws.networkmanager.CoreNetwork` resource that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2` and ASN `65500` are used in the base policy.\n- Option 2: Use the `create_base_policy` argument only. This creates a base policy in the region specified in the `provider` block.\n\n### Option 1 - using base_policy_document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: *pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - create_base_policy only\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Multi-Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument of the `aws.networkmanager.CoreNetwork` resource to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. For multi-region in a core network that does not yet have a `LIVE` policy, there are 2 options:\n\n- Option 1: Use the `base_policy_document` argument that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2`, `us-east-1` and specific ASNs are used in the base policy.\n- Option 2: Pass a list of regions to the `aws.networkmanager.CoreNetwork` resource `base_policy_regions` argument. In the example below, `us-west-2` and `us-east-1` are specified in the base policy.\n\n### Option 1 - using base_policy_document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n{\nLocation: \"us-east-1\",\nAsn: pulumi.StringRef(\"65501\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: *pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\nAsn: pulumi.String(\"65501\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - using base_policy_regions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyRegions: [\n \"us-west-2\",\n \"us-east-1\",\n ],\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n },\n {\n location: \"us-east-1\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_regions=[\n \"us-west-2\",\n \"us-east-1\",\n ],\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyRegions = new[]\n {\n \"us-west-2\",\n \"us-east-1\",\n },\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyRegions: pulumi.StringArray{\npulumi.String(\"us-west-2\"),\npulumi.String(\"us-east-1\"),\n},\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyRegions( \n \"us-west-2\",\n \"us-east-1\")\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_networkmanager_core_network_policy_attachment` using the core network ID. For example:\n\n```sh\n$ pulumi import aws:networkmanager/coreNetworkPolicyAttachment:CoreNetworkPolicyAttachment example core-network-0d47f6t230mz46dy4\n```\n", + "description": "Provides a Core Network Policy Attachment resource. This puts a Core Network Policy to an existing Core Network and executes the change set, which deploys changes globally based on the policy submitted (Sets the policy to `LIVE`).\n\n\u003e **NOTE:** Deleting this resource will not delete the current policy defined in this resource. Deleting this resource will also not revert the current `LIVE` policy to the previous version.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkmanager.CoreNetwork(\"example\", {globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: example.id,\n policyDocument: exampleAwsNetworkmanagerCoreNetworkPolicyDocument.json,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkmanager.CoreNetwork(\"example\", global_network_id=example_aws_networkmanager_global_network[\"id\"])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example.id,\n policy_document=example_aws_networkmanager_core_network_policy_document[\"json\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleAwsNetworkmanagerGlobalNetwork.Id,\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = example.Id,\n PolicyDocument = exampleAwsNetworkmanagerCoreNetworkPolicyDocument.Json,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\n\t\t\tGlobalNetworkId: pulumi.Any(exampleAwsNetworkmanagerGlobalNetwork.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\n\t\t\tCoreNetworkId: example.ID(),\n\t\t\tPolicyDocument: pulumi.Any(exampleAwsNetworkmanagerCoreNetworkPolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CoreNetwork(\"example\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleAwsNetworkmanagerGlobalNetwork.id())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(example.id())\n .policyDocument(exampleAwsNetworkmanagerCoreNetworkPolicyDocument.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:networkmanager:CoreNetwork\n properties:\n globalNetworkId: ${exampleAwsNetworkmanagerGlobalNetwork.id}\n exampleCoreNetworkPolicyAttachment:\n type: aws:networkmanager:CoreNetworkPolicyAttachment\n name: example\n properties:\n coreNetworkId: ${example.id}\n policyDocument: ${exampleAwsNetworkmanagerCoreNetworkPolicyDocument.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Single Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument of the `aws.networkmanager.CoreNetwork` resource to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. There are 2 options to implement this:\n\n- Option 1: Use the `base_policy_document` argument in the `aws.networkmanager.CoreNetwork` resource that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2` and ASN `65500` are used in the base policy.\n- Option 2: Use the `create_base_policy` argument only. This creates a base policy in the region specified in the `provider` block.\n\n### Option 1 - using base_policy_document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n asn: \"65500\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - create_base_policy only\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n createBasePolicy: true,\n});\nconst exampleVpcAttachment = new aws.networkmanager.VpcAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleAwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleAwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [{\n location: \"us-west-2\",\n }],\n }],\n segments: [{\n name: \"segment\",\n }],\n segmentActions: [{\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"0.0.0.0/0\"],\n destinations: [exampleVpcAttachment.id],\n }],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n create_base_policy=True)\nexample_vpc_attachment = aws.networkmanager.VpcAttachment(\"example\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_aws_subnet],\n vpc_arn=example_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n )],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )],\n segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"0.0.0.0/0\"],\n destinations=[example_vpc_attachment.id],\n )])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n CreateBasePolicy = true,\n });\n\n var exampleVpcAttachment = new Aws.NetworkManager.VpcAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleAwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleAwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Destinations = new[]\n {\n exampleVpcAttachment.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleAwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleVpcAttachment, err := networkmanager.NewVpcAttachment(ctx, \"example\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleAwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"0.0.0.0/0\"),\n},\nDestinations: pulumi.StringArray{\nexampleVpcAttachment.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .createBasePolicy(true)\n .build());\n\n var exampleVpcAttachment = new VpcAttachment(\"exampleVpcAttachment\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleAwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleAwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"0.0.0.0/0\")\n .destinations(exampleVpcAttachment.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With VPC Attachment (Multi-Region)\n\nThe example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `create_base_policy` argument of the `aws.networkmanager.CoreNetwork` resource to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `create_base_policy` argument. For multi-region in a core network that does not yet have a `LIVE` policy, there are 2 options:\n\n- Option 1: Use the `base_policy_document` argument that allows the most customizations to a base policy. Use this to customize the `edge_locations` `asn`. In the example below, `us-west-2`, `us-east-1` and specific ASNs are used in the base policy.\n- Option 2: Pass a list of regions to the `aws.networkmanager.CoreNetwork` resource `base_policy_regions` argument. In the example below, `us-west-2` and `us-east-1` are specified in the base policy.\n\n### Option 1 - using base_policy_document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst base = aws.networkmanager.getCoreNetworkPolicyDocument({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [{\n name: \"segment\",\n }],\n});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyDocument: base.then(base =\u003e base.json),\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n asn: \"65500\",\n },\n {\n location: \"us-east-1\",\n asn: \"65501\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nbase = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n )])\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_document=base.json,\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n asn=\"65500\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n asn=\"65501\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var @base = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n },\n });\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyDocument = @base.Apply(@base =\u003e @base.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json)),\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n Asn = \"65500\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n Asn = \"65501\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nbase, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, \u0026networkmanager.GetCoreNetworkPolicyDocumentArgs{\nCoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{\n{\nAsnRanges: []string{\n\"65022-65534\",\n},\nEdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{\n{\nLocation: \"us-west-2\",\nAsn: pulumi.StringRef(\"65500\"),\n},\n{\nLocation: \"us-east-1\",\nAsn: pulumi.StringRef(\"65501\"),\n},\n},\n},\n},\nSegments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{\n{\nName: \"segment\",\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyDocument: pulumi.String(base.Json),\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\nAsn: pulumi.String(\"65500\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\nAsn: pulumi.String(\"65501\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n final var base = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments(GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build())\n .build());\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyDocument(base.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json()))\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .asn(\"65500\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .asn(\"65501\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Option 2 - using base_policy_regions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork(\"example\", {});\nconst exampleCoreNetwork = new aws.networkmanager.CoreNetwork(\"example\", {\n globalNetworkId: exampleGlobalNetwork.id,\n basePolicyRegions: [\n \"us-west-2\",\n \"us-east-1\",\n ],\n createBasePolicy: true,\n});\nconst exampleUsWest2 = new aws.networkmanager.VpcAttachment(\"example_us_west_2\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsWest2AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsWest2AwsVpc.arn,\n});\nconst exampleUsEast1 = new aws.networkmanager.VpcAttachment(\"example_us_east_1\", {\n coreNetworkId: exampleCoreNetwork.id,\n subnetArns: exampleUsEast1AwsSubnet.map(__item =\u003e __item.arn),\n vpcArn: exampleUsEast1AwsVpc.arn,\n});\nconst example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({\n coreNetworkConfigurations: [{\n asnRanges: [\"65022-65534\"],\n edgeLocations: [\n {\n location: \"us-west-2\",\n },\n {\n location: \"us-east-1\",\n },\n ],\n }],\n segments: [\n {\n name: \"segment\",\n },\n {\n name: \"segment2\",\n },\n ],\n segmentActions: [\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.0.0.0/16\"],\n destinations: [exampleUsWest2.id],\n },\n {\n action: \"create-route\",\n segment: \"segment\",\n destinationCidrBlocks: [\"10.1.0.0/16\"],\n destinations: [exampleUsEast1.id],\n },\n ],\n});\nconst exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment(\"example\", {\n coreNetworkId: exampleCoreNetwork.id,\n policyDocument: example.apply(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_global_network = aws.networkmanager.GlobalNetwork(\"example\")\nexample_core_network = aws.networkmanager.CoreNetwork(\"example\",\n global_network_id=example_global_network.id,\n base_policy_regions=[\n \"us-west-2\",\n \"us-east-1\",\n ],\n create_base_policy=True)\nexample_us_west2 = aws.networkmanager.VpcAttachment(\"example_us_west_2\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_west2_aws_subnet],\n vpc_arn=example_us_west2_aws_vpc[\"arn\"])\nexample_us_east1 = aws.networkmanager.VpcAttachment(\"example_us_east_1\",\n core_network_id=example_core_network.id,\n subnet_arns=[__item[\"arn\"] for __item in example_us_east1_aws_subnet],\n vpc_arn=example_us_east1_aws_vpc[\"arn\"])\nexample = aws.networkmanager.get_core_network_policy_document_output(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(\n asn_ranges=[\"65022-65534\"],\n edge_locations=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-west-2\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(\n location=\"us-east-1\",\n ),\n ],\n )],\n segments=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment\",\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(\n name=\"segment2\",\n ),\n ],\n segment_actions=[\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.0.0.0/16\"],\n destinations=[example_us_west2.id],\n ),\n aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(\n action=\"create-route\",\n segment=\"segment\",\n destination_cidr_blocks=[\"10.1.0.0/16\"],\n destinations=[example_us_east1.id],\n ),\n ])\nexample_core_network_policy_attachment = aws.networkmanager.CoreNetworkPolicyAttachment(\"example\",\n core_network_id=example_core_network.id,\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleGlobalNetwork = new Aws.NetworkManager.GlobalNetwork(\"example\");\n\n var exampleCoreNetwork = new Aws.NetworkManager.CoreNetwork(\"example\", new()\n {\n GlobalNetworkId = exampleGlobalNetwork.Id,\n BasePolicyRegions = new[]\n {\n \"us-west-2\",\n \"us-east-1\",\n },\n CreateBasePolicy = true,\n });\n\n var exampleUsWest2 = new Aws.NetworkManager.VpcAttachment(\"example_us_west_2\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsWest2AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsWest2AwsVpc.Arn,\n });\n\n var exampleUsEast1 = new Aws.NetworkManager.VpcAttachment(\"example_us_east_1\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n SubnetArns = exampleUsEast1AwsSubnet.Select(__item =\u003e __item.Arn).ToList(),\n VpcArn = exampleUsEast1AwsVpc.Arn,\n });\n\n var example = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()\n {\n CoreNetworkConfigurations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs\n {\n AsnRanges = new[]\n {\n \"65022-65534\",\n },\n EdgeLocations = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-west-2\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs\n {\n Location = \"us-east-1\",\n },\n },\n },\n },\n Segments = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment\",\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs\n {\n Name = \"segment2\",\n },\n },\n SegmentActions = new[]\n {\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.0.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsWest2.Id,\n },\n },\n new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs\n {\n Action = \"create-route\",\n Segment = \"segment\",\n DestinationCidrBlocks = new[]\n {\n \"10.1.0.0/16\",\n },\n Destinations = new[]\n {\n exampleUsEast1.Id,\n },\n },\n },\n });\n\n var exampleCoreNetworkPolicyAttachment = new Aws.NetworkManager.CoreNetworkPolicyAttachment(\"example\", new()\n {\n CoreNetworkId = exampleCoreNetwork.Id,\n PolicyDocument = example.Apply(getCoreNetworkPolicyDocumentResult =\u003e getCoreNetworkPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexampleGlobalNetwork, err := networkmanager.NewGlobalNetwork(ctx, \"example\", nil)\nif err != nil {\nreturn err\n}\nexampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, \"example\", \u0026networkmanager.CoreNetworkArgs{\nGlobalNetworkId: exampleGlobalNetwork.ID(),\nBasePolicyRegions: pulumi.StringArray{\npulumi.String(\"us-west-2\"),\npulumi.String(\"us-east-1\"),\n},\nCreateBasePolicy: pulumi.Bool(true),\n})\nif err != nil {\nreturn err\n}\nvar splat0 []interface{}\nfor _, val0 := range exampleUsWest2AwsSubnet {\nsplat0 = append(splat0, val0.Arn)\n}\nexampleUsWest2, err := networkmanager.NewVpcAttachment(ctx, \"example_us_west_2\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat0),\nVpcArn: pulumi.Any(exampleUsWest2AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nvar splat1 []interface{}\nfor _, val0 := range exampleUsEast1AwsSubnet {\nsplat1 = append(splat1, val0.Arn)\n}\nexampleUsEast1, err := networkmanager.NewVpcAttachment(ctx, \"example_us_east_1\", \u0026networkmanager.VpcAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nSubnetArns: toPulumiArray(splat1),\nVpcArn: pulumi.Any(exampleUsEast1AwsVpc.Arn),\n})\nif err != nil {\nreturn err\n}\nexample := networkmanager.GetCoreNetworkPolicyDocumentOutput(ctx, networkmanager.GetCoreNetworkPolicyDocumentOutputArgs{\nCoreNetworkConfigurations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs{\nAsnRanges: pulumi.StringArray{\npulumi.String(\"65022-65534\"),\n},\nEdgeLocations: networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-west-2\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs{\nLocation: pulumi.String(\"us-east-1\"),\n},\n},\n},\n},\nSegments: networkmanager.GetCoreNetworkPolicyDocumentSegmentArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment\"),\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs{\nName: pulumi.String(\"segment2\"),\n},\n},\nSegmentActions: networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArray{\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.0.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsWest2.ID(),\n},\n},\n\u0026networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs{\nAction: pulumi.String(\"create-route\"),\nSegment: pulumi.String(\"segment\"),\nDestinationCidrBlocks: pulumi.StringArray{\npulumi.String(\"10.1.0.0/16\"),\n},\nDestinations: pulumi.StringArray{\nexampleUsEast1.ID(),\n},\n},\n},\n}, nil);\n_, err = networkmanager.NewCoreNetworkPolicyAttachment(ctx, \"example\", \u0026networkmanager.CoreNetworkPolicyAttachmentArgs{\nCoreNetworkId: exampleCoreNetwork.ID(),\nPolicyDocument: example.ApplyT(func(example networkmanager.GetCoreNetworkPolicyDocumentResult) (*string, error) {\nreturn \u0026example.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.networkmanager.GlobalNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetwork;\nimport com.pulumi.aws.networkmanager.CoreNetworkArgs;\nimport com.pulumi.aws.networkmanager.VpcAttachment;\nimport com.pulumi.aws.networkmanager.VpcAttachmentArgs;\nimport com.pulumi.aws.networkmanager.NetworkmanagerFunctions;\nimport com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachment;\nimport com.pulumi.aws.networkmanager.CoreNetworkPolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleGlobalNetwork = new GlobalNetwork(\"exampleGlobalNetwork\");\n\n var exampleCoreNetwork = new CoreNetwork(\"exampleCoreNetwork\", CoreNetworkArgs.builder() \n .globalNetworkId(exampleGlobalNetwork.id())\n .basePolicyRegions( \n \"us-west-2\",\n \"us-east-1\")\n .createBasePolicy(true)\n .build());\n\n var exampleUsWest2 = new VpcAttachment(\"exampleUsWest2\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsWest2AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsWest2AwsVpc.arn())\n .build());\n\n var exampleUsEast1 = new VpcAttachment(\"exampleUsEast1\", VpcAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .subnetArns(exampleUsEast1AwsSubnet.stream().map(element -\u003e element.arn()).collect(toList()))\n .vpcArn(exampleUsEast1AwsVpc.arn())\n .build());\n\n final var example = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()\n .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()\n .asnRanges(\"65022-65534\")\n .edgeLocations( \n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-west-2\")\n .build(),\n GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()\n .location(\"us-east-1\")\n .build())\n .build())\n .segments( \n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment\")\n .build(),\n GetCoreNetworkPolicyDocumentSegmentArgs.builder()\n .name(\"segment2\")\n .build())\n .segmentActions( \n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.0.0.0/16\")\n .destinations(exampleUsWest2.id())\n .build(),\n GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()\n .action(\"create-route\")\n .segment(\"segment\")\n .destinationCidrBlocks(\"10.1.0.0/16\")\n .destinations(exampleUsEast1.id())\n .build())\n .build());\n\n var exampleCoreNetworkPolicyAttachment = new CoreNetworkPolicyAttachment(\"exampleCoreNetworkPolicyAttachment\", CoreNetworkPolicyAttachmentArgs.builder() \n .coreNetworkId(exampleCoreNetwork.id())\n .policyDocument(example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getCoreNetworkPolicyDocumentResult -\u003e getCoreNetworkPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_networkmanager_core_network_policy_attachment` using the core network ID. For example:\n\n```sh\n$ pulumi import aws:networkmanager/coreNetworkPolicyAttachment:CoreNetworkPolicyAttachment example core-network-0d47f6t230mz46dy4\n```\n", "properties": { "coreNetworkId": { "type": "string", @@ -284609,7 +284609,7 @@ } }, "aws:opensearch/domain:Domain": { - "description": "Manages an Amazon OpenSearch Domain.\n\n## Elasticsearch vs. OpenSearch\n\nAmazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).\n\nOpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:\n\n* OpenSearch has `engine_version` while Elasticsearch has `elasticsearch_version`\n* Versions are specified differently - _e.g._, `Elasticsearch_7.10` with OpenSearch vs. `7.10` for Elasticsearch.\n* `instance_type` argument values end in `search` for OpenSearch vs. `elasticsearch` for Elasticsearch (_e.g._, `t2.micro.search` vs. `t2.micro.elasticsearch`).\n* The AWS-managed service-linked role for OpenSearch is called `AWSServiceRoleForAmazonOpenSearchService` instead of `AWSServiceRoleForAmazonElasticsearchService` for Elasticsearch.\n\nThere are also some potentially unexpected similarities in configurations:\n\n* ARNs for both are prefaced with `arn:aws:es:`.\n* Both OpenSearch and Elasticsearch use assume role policies that refer to the `Principal` `Service` as `es.amazonaws.com`.\n* IAM policy actions, such as those you will find in `access_policies`, are prefaced with `es:` for both.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n domainName: \"example\",\n engineVersion: \"Elasticsearch_7.10\",\n clusterConfig: {\n instanceType: \"r4.large.search\",\n },\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n domain_name=\"example\",\n engine_version=\"Elasticsearch_7.10\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.search\",\n ),\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"example\",\n EngineVersion = \"Elasticsearch_7.10\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.search\",\n },\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.10\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.search\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"example\")\n .engineVersion(\"Elasticsearch_7.10\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.search\")\n .build())\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n domainName: example\n engineVersion: Elasticsearch_7.10\n clusterConfig:\n instanceType: r4.large.search\n tags:\n Domain: TestDomain\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Access Policy\n\n\u003e See also: `aws.opensearch.DomainPolicy` resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst example = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"66.193.100.22/32\"],\n }],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {\n domainName: domain,\n accessPolicies: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"66.193.100.22/32\"],\n )],\n)])\nexample_domain = aws.opensearch.Domain(\"example\",\n domain_name=domain,\n access_policies=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"66.193.100.22/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = domain,\n AccessPolicies = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"es:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", current.Name, currentGetCallerIdentity.AccountId, domain),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"66.193.100.22/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(domain),\n\t\t\tAccessPolicies: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"66.193.100.22/32\")\n .build())\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(domain)\n .accessPolicies(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n domainName: ${domain}\n accessPolicies: ${example.json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 66.193.100.22/32\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Log publishing to CloudWatch Logs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {name: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"example\", {\n policyName: \"example\",\n policyDocument: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"example\", name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"example\",\n policy_name=\"example\",\n policy_document=example.json)\nexample_domain = aws.opensearch.Domain(\"example\", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"example\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"example\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tLogPublishingOptions: opensearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026opensearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: example\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: example\n properties:\n policyName: example\n policyDocument: ${example.json}\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### VPC based OpenSearch\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst example = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst exampleGetSubnets = example.then(example =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [example.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"example\", {\n name: `${vpc}-opensearch-${domain}`,\n description: \"Managed by Pulumi\",\n vpcId: example.then(example =\u003e example.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [example.then(example =\u003e example.cidrBlock)],\n }],\n});\nconst exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"example\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst exampleGetPolicyDocument = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {\n domainName: domain,\n engineVersion: \"OpenSearch_1.0\",\n clusterConfig: {\n instanceType: \"m4.large.search\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n exampleGetSubnets.then(exampleGetSubnets =\u003e exampleGetSubnets.ids?.[0]),\n exampleGetSubnets.then(exampleGetSubnets =\u003e exampleGetSubnets.ids?.[1]),\n ],\n securityGroupIds: [exampleSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: exampleGetPolicyDocument.then(exampleGetPolicyDocument =\u003e exampleGetPolicyDocument.json),\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nexample = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nexample_get_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[example.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nexample_security_group = aws.ec2.SecurityGroup(\"example\",\n name=f\"{vpc}-opensearch-{domain}\",\n description=\"Managed by Pulumi\",\n vpc_id=example.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[example.cidr_block],\n )])\nexample_service_linked_role = aws.iam.ServiceLinkedRole(\"example\", aws_service_name=\"opensearchservice.amazonaws.com\")\nexample_get_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\"],\n)])\nexample_domain = aws.opensearch.Domain(\"example\",\n domain_name=domain,\n engine_version=\"OpenSearch_1.0\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.search\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n subnet_ids=[\n example_get_subnets.ids[0],\n example_get_subnets.ids[1],\n ],\n security_group_ids=[example_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=example_get_policy_document.json,\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var example = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var exampleGetSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n example.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = $\"{vpc}-opensearch-{domain}\",\n Description = \"Managed by Pulumi\",\n VpcId = example.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n example.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"example\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var exampleGetPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = domain,\n EngineVersion = \"OpenSearch_1.0\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.search\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n exampleGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n exampleGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n exampleSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = exampleGetPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nexample, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleGetSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrent, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nexampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\nName: pulumi.String(fmt.Sprintf(\"%v-opensearch-%v\", vpc, domain)),\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(example.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(example.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\n_, err = iam.NewServiceLinkedRole(ctx, \"example\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\nexampleGetPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"es:*\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", current.Name, currentGetCallerIdentity.AccountId, domain),\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\nDomainName: pulumi.String(domain),\nEngineVersion: pulumi.String(\"OpenSearch_1.0\"),\nClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.search\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(exampleGetSubnets.Ids[0]),\n*pulumi.String(exampleGetSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nexampleSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: *pulumi.String(exampleGetPolicyDocument.Json),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var example = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var exampleGetSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(example.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\", SecurityGroupArgs.builder() \n .name(String.format(\"%s-opensearch-%s\", vpc,domain))\n .description(\"Managed by Pulumi\")\n .vpcId(example.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(example.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var exampleServiceLinkedRole = new ServiceLinkedRole(\"exampleServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n final var exampleGetPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(domain)\n .engineVersion(\"OpenSearch_1.0\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.search\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n exampleGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n exampleGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(exampleSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(exampleGetPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n name: example\n properties:\n name: ${vpc}-opensearch-${domain}\n description: Managed by Pulumi\n vpcId: ${example.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${example.cidrBlock}\n exampleServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n name: example\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n domainName: ${domain}\n engineVersion: OpenSearch_1.0\n clusterConfig:\n instanceType: m4.large.search\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${exampleGetSubnets.ids[0]}\n - ${exampleGetSubnets.ids[1]}\n securityGroupIds:\n - ${exampleSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: ${exampleGetPolicyDocument.json}\n tags:\n Domain: TestDomain\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n exampleGetSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${example.id}\n tags:\n Tier: private\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n exampleGetPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enabling fine-grained access control on an existing domain\n\nThis example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see [Enabling fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html).\n\n### First apply\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n domainName: \"ggkitty\",\n engineVersion: \"Elasticsearch_7.1\",\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n advancedSecurityOptions: {\n enabled: false,\n anonymousAuthEnabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n encryptAtRest: {\n enabled: true,\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n nodeToNodeEncryption: {\n enabled: true,\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n domain_name=\"ggkitty\",\n engine_version=\"Elasticsearch_7.1\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n enabled=False,\n anonymous_auth_enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"ggkitty\",\n EngineVersion = \"Elasticsearch_7.1\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n Enabled = false,\n AnonymousAuthEnabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"ggkitty\"),\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"ggkitty\")\n .engineVersion(\"Elasticsearch_7.1\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .enabled(false)\n .anonymousAuthEnabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n domainName: ggkitty\n engineVersion: Elasticsearch_7.1\n clusterConfig:\n instanceType: r5.large.search\n advancedSecurityOptions:\n enabled: false\n anonymousAuthEnabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n encryptAtRest:\n enabled: true\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n nodeToNodeEncryption:\n enabled: true\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Second apply\n\nNotice that the only change is `advanced_security_options.0.enabled` is now set to `true`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n domainName: \"ggkitty\",\n engineVersion: \"Elasticsearch_7.1\",\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n advancedSecurityOptions: {\n enabled: true,\n anonymousAuthEnabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n encryptAtRest: {\n enabled: true,\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n nodeToNodeEncryption: {\n enabled: true,\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n domain_name=\"ggkitty\",\n engine_version=\"Elasticsearch_7.1\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n enabled=True,\n anonymous_auth_enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"ggkitty\",\n EngineVersion = \"Elasticsearch_7.1\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n Enabled = true,\n AnonymousAuthEnabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"ggkitty\"),\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"ggkitty\")\n .engineVersion(\"Elasticsearch_7.1\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .enabled(true)\n .anonymousAuthEnabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n domainName: ggkitty\n engineVersion: Elasticsearch_7.1\n clusterConfig:\n instanceType: r5.large.search\n advancedSecurityOptions:\n enabled: true\n anonymousAuthEnabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n encryptAtRest:\n enabled: true\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n nodeToNodeEncryption:\n enabled: true\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import OpenSearch domains using the `domain_name`. For example:\n\n```sh\n$ pulumi import aws:opensearch/domain:Domain example domain_name\n```\n", + "description": "Manages an Amazon OpenSearch Domain.\n\n## Elasticsearch vs. OpenSearch\n\nAmazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).\n\nOpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:\n\n* OpenSearch has `engine_version` while Elasticsearch has `elasticsearch_version`\n* Versions are specified differently - _e.g._, `Elasticsearch_7.10` with OpenSearch vs. `7.10` for Elasticsearch.\n* `instance_type` argument values end in `search` for OpenSearch vs. `elasticsearch` for Elasticsearch (_e.g._, `t2.micro.search` vs. `t2.micro.elasticsearch`).\n* The AWS-managed service-linked role for OpenSearch is called `AWSServiceRoleForAmazonOpenSearchService` instead of `AWSServiceRoleForAmazonElasticsearchService` for Elasticsearch.\n\nThere are also some potentially unexpected similarities in configurations:\n\n* ARNs for both are prefaced with `arn:aws:es:`.\n* Both OpenSearch and Elasticsearch use assume role policies that refer to the `Principal` `Service` as `es.amazonaws.com`.\n* IAM policy actions, such as those you will find in `access_policies`, are prefaced with `es:` for both.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n domainName: \"example\",\n engineVersion: \"Elasticsearch_7.10\",\n clusterConfig: {\n instanceType: \"r4.large.search\",\n },\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n domain_name=\"example\",\n engine_version=\"Elasticsearch_7.10\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.search\",\n ),\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"example\",\n EngineVersion = \"Elasticsearch_7.10\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.search\",\n },\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.10\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.search\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"example\")\n .engineVersion(\"Elasticsearch_7.10\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.search\")\n .build())\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n domainName: example\n engineVersion: Elasticsearch_7.10\n clusterConfig:\n instanceType: r4.large.search\n tags:\n Domain: TestDomain\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Access Policy\n\n\u003e See also: `aws.opensearch.DomainPolicy` resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst example = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"66.193.100.22/32\"],\n }],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {\n domainName: domain,\n accessPolicies: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"66.193.100.22/32\"],\n )],\n)])\nexample_domain = aws.opensearch.Domain(\"example\",\n domain_name=domain,\n access_policies=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"66.193.100.22/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = domain,\n AccessPolicies = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"es:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", current.Name, currentGetCallerIdentity.AccountId, domain),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"66.193.100.22/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(domain),\n\t\t\tAccessPolicies: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"66.193.100.22/32\")\n .build())\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(domain)\n .accessPolicies(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n domainName: ${domain}\n accessPolicies: ${example.json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 66.193.100.22/32\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Log publishing to CloudWatch Logs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"example\", {name: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"example\", {\n policyName: \"example\",\n policyDocument: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"example\", name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"example\",\n policy_name=\"example\",\n policy_document=example.json)\nexample_domain = aws.opensearch.Domain(\"example\", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"example\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"example\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tLogPublishingOptions: opensearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026opensearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .name(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n name: example\n properties:\n name: example\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: example\n properties:\n policyName: example\n policyDocument: ${example.json}\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### VPC based OpenSearch\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst example = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst exampleGetSubnets = example.then(example =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [example.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst current = aws.getRegion({});\nconst currentGetCallerIdentity = aws.getCallerIdentity({});\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"example\", {\n name: `${vpc}-opensearch-${domain}`,\n description: \"Managed by Pulumi\",\n vpcId: example.then(example =\u003e example.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [example.then(example =\u003e example.cidrBlock)],\n }],\n});\nconst exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"example\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst exampleGetPolicyDocument = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*`],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"example\", {\n domainName: domain,\n engineVersion: \"OpenSearch_1.0\",\n clusterConfig: {\n instanceType: \"m4.large.search\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n exampleGetSubnets.then(exampleGetSubnets =\u003e exampleGetSubnets.ids?.[0]),\n exampleGetSubnets.then(exampleGetSubnets =\u003e exampleGetSubnets.ids?.[1]),\n ],\n securityGroupIds: [exampleSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: exampleGetPolicyDocument.then(exampleGetPolicyDocument =\u003e exampleGetPolicyDocument.json),\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nexample = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nexample_get_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[example.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent = aws.get_region()\ncurrent_get_caller_identity = aws.get_caller_identity()\nexample_security_group = aws.ec2.SecurityGroup(\"example\",\n name=f\"{vpc}-opensearch-{domain}\",\n description=\"Managed by Pulumi\",\n vpc_id=example.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[example.cidr_block],\n )])\nexample_service_linked_role = aws.iam.ServiceLinkedRole(\"example\", aws_service_name=\"opensearchservice.amazonaws.com\")\nexample_get_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current.name}:{current_get_caller_identity.account_id}:domain/{domain}/*\"],\n)])\nexample_domain = aws.opensearch.Domain(\"example\",\n domain_name=domain,\n engine_version=\"OpenSearch_1.0\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.search\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n subnet_ids=[\n example_get_subnets.ids[0],\n example_get_subnets.ids[1],\n ],\n security_group_ids=[example_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=example_get_policy_document.json,\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var example = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var exampleGetSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n example.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var current = Aws.GetRegion.Invoke();\n\n var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = $\"{vpc}-opensearch-{domain}\",\n Description = \"Managed by Pulumi\",\n VpcId = example.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n example.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"example\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var exampleGetPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{current.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = domain,\n EngineVersion = \"OpenSearch_1.0\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.search\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n exampleGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n exampleGetSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n exampleSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = exampleGetPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nexample, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleGetSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nexample.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrent, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nexampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\nName: pulumi.String(fmt.Sprintf(\"%v-opensearch-%v\", vpc, domain)),\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: pulumi.String(example.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\npulumi.String(example.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\n_, err = iam.NewServiceLinkedRole(ctx, \"example\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\nexampleGetPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"es:*\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", current.Name, currentGetCallerIdentity.AccountId, domain),\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\nDomainName: pulumi.String(domain),\nEngineVersion: pulumi.String(\"OpenSearch_1.0\"),\nClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.search\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\npulumi.String(exampleGetSubnets.Ids[0]),\npulumi.String(exampleGetSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nexampleSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: pulumi.String(exampleGetPolicyDocument.Json),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var example = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var exampleGetSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(example.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var current = AwsFunctions.getRegion();\n\n final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\", SecurityGroupArgs.builder() \n .name(String.format(\"%s-opensearch-%s\", vpc,domain))\n .description(\"Managed by Pulumi\")\n .vpcId(example.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(example.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var exampleServiceLinkedRole = new ServiceLinkedRole(\"exampleServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n final var exampleGetPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", current.applyValue(getRegionResult -\u003e getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(domain)\n .engineVersion(\"OpenSearch_1.0\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.search\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n exampleGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n exampleGetSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(exampleSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(exampleGetPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n name: example\n properties:\n name: ${vpc}-opensearch-${domain}\n description: Managed by Pulumi\n vpcId: ${example.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${example.cidrBlock}\n exampleServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n name: example\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n exampleDomain:\n type: aws:opensearch:Domain\n name: example\n properties:\n domainName: ${domain}\n engineVersion: OpenSearch_1.0\n clusterConfig:\n instanceType: m4.large.search\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${exampleGetSubnets.ids[0]}\n - ${exampleGetSubnets.ids[1]}\n securityGroupIds:\n - ${exampleSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: ${exampleGetPolicyDocument.json}\n tags:\n Domain: TestDomain\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n exampleGetSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${example.id}\n tags:\n Tier: private\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentGetCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n exampleGetPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${current.name}:${currentGetCallerIdentity.accountId}:domain/${domain}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enabling fine-grained access control on an existing domain\n\nThis example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see [Enabling fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html).\n\n### First apply\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n domainName: \"ggkitty\",\n engineVersion: \"Elasticsearch_7.1\",\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n advancedSecurityOptions: {\n enabled: false,\n anonymousAuthEnabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n encryptAtRest: {\n enabled: true,\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n nodeToNodeEncryption: {\n enabled: true,\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n domain_name=\"ggkitty\",\n engine_version=\"Elasticsearch_7.1\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n enabled=False,\n anonymous_auth_enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"ggkitty\",\n EngineVersion = \"Elasticsearch_7.1\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n Enabled = false,\n AnonymousAuthEnabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"ggkitty\"),\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"ggkitty\")\n .engineVersion(\"Elasticsearch_7.1\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .enabled(false)\n .anonymousAuthEnabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n domainName: ggkitty\n engineVersion: Elasticsearch_7.1\n clusterConfig:\n instanceType: r5.large.search\n advancedSecurityOptions:\n enabled: false\n anonymousAuthEnabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n encryptAtRest:\n enabled: true\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n nodeToNodeEncryption:\n enabled: true\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Second apply\n\nNotice that the only change is `advanced_security_options.0.enabled` is now set to `true`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n domainName: \"ggkitty\",\n engineVersion: \"Elasticsearch_7.1\",\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n advancedSecurityOptions: {\n enabled: true,\n anonymousAuthEnabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n encryptAtRest: {\n enabled: true,\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n nodeToNodeEncryption: {\n enabled: true,\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n domain_name=\"ggkitty\",\n engine_version=\"Elasticsearch_7.1\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n enabled=True,\n anonymous_auth_enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n DomainName = \"ggkitty\",\n EngineVersion = \"Elasticsearch_7.1\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n Enabled = true,\n AnonymousAuthEnabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"ggkitty\"),\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .domainName(\"ggkitty\")\n .engineVersion(\"Elasticsearch_7.1\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .enabled(true)\n .anonymousAuthEnabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n domainName: ggkitty\n engineVersion: Elasticsearch_7.1\n clusterConfig:\n instanceType: r5.large.search\n advancedSecurityOptions:\n enabled: true\n anonymousAuthEnabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n encryptAtRest:\n enabled: true\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n nodeToNodeEncryption:\n enabled: true\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import OpenSearch domains using the `domain_name`. For example:\n\n```sh\n$ pulumi import aws:opensearch/domain:Domain example domain_name\n```\n", "properties": { "accessPolicies": { "type": "string", @@ -285038,7 +285038,7 @@ } }, "aws:opensearch/inboundConnectionAccepter:InboundConnectionAccepter": { - "description": "Manages an [AWS Opensearch Inbound Connection Accepter](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_AcceptInboundConnection.html). If connecting domains from different AWS accounts, ensure that the accepter is configured to use the AWS account where the _remote_ opensearch domain exists.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetRegion = aws.getRegion({});\nconst foo = new aws.opensearch.OutboundConnection(\"foo\", {\n connectionAlias: \"outbound_connection\",\n localDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: localDomain.domainName,\n },\n remoteDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: remoteDomain.domainName,\n },\n});\nconst fooInboundConnectionAccepter = new aws.opensearch.InboundConnectionAccepter(\"foo\", {connectionId: foo.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_region = aws.get_region()\nfoo = aws.opensearch.OutboundConnection(\"foo\",\n connection_alias=\"outbound_connection\",\n local_domain_info=aws.opensearch.OutboundConnectionLocalDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=local_domain[\"domainName\"],\n ),\n remote_domain_info=aws.opensearch.OutboundConnectionRemoteDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=remote_domain[\"domainName\"],\n ))\nfoo_inbound_connection_accepter = aws.opensearch.InboundConnectionAccepter(\"foo\", connection_id=foo.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var foo = new Aws.OpenSearch.OutboundConnection(\"foo\", new()\n {\n ConnectionAlias = \"outbound_connection\",\n LocalDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionLocalDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = localDomain.DomainName,\n },\n RemoteDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionRemoteDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = remoteDomain.DomainName,\n },\n });\n\n var fooInboundConnectionAccepter = new Aws.OpenSearch.InboundConnectionAccepter(\"foo\", new()\n {\n ConnectionId = foo.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := opensearch.NewOutboundConnection(ctx, \"foo\", \u0026opensearch.OutboundConnectionArgs{\n\t\t\tConnectionAlias: pulumi.String(\"outbound_connection\"),\n\t\t\tLocalDomainInfo: \u0026opensearch.OutboundConnectionLocalDomainInfoArgs{\n\t\t\t\tOwnerId: *pulumi.String(current.AccountId),\n\t\t\t\tRegion: *pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(localDomain.DomainName),\n\t\t\t},\n\t\t\tRemoteDomainInfo: \u0026opensearch.OutboundConnectionRemoteDomainInfoArgs{\n\t\t\t\tOwnerId: *pulumi.String(current.AccountId),\n\t\t\t\tRegion: *pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(remoteDomain.DomainName),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewInboundConnectionAccepter(ctx, \"foo\", \u0026opensearch.InboundConnectionAccepterArgs{\n\t\t\tConnectionId: foo.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.opensearch.OutboundConnection;\nimport com.pulumi.aws.opensearch.OutboundConnectionArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionLocalDomainInfoArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionRemoteDomainInfoArgs;\nimport com.pulumi.aws.opensearch.InboundConnectionAccepter;\nimport com.pulumi.aws.opensearch.InboundConnectionAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var foo = new OutboundConnection(\"foo\", OutboundConnectionArgs.builder() \n .connectionAlias(\"outbound_connection\")\n .localDomainInfo(OutboundConnectionLocalDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(localDomain.domainName())\n .build())\n .remoteDomainInfo(OutboundConnectionRemoteDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(remoteDomain.domainName())\n .build())\n .build());\n\n var fooInboundConnectionAccepter = new InboundConnectionAccepter(\"fooInboundConnectionAccepter\", InboundConnectionAccepterArgs.builder() \n .connectionId(foo.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:opensearch:OutboundConnection\n properties:\n connectionAlias: outbound_connection\n localDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${localDomain.domainName}\n remoteDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${remoteDomain.domainName}\n fooInboundConnectionAccepter:\n type: aws:opensearch:InboundConnectionAccepter\n name: foo\n properties:\n connectionId: ${foo.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS Opensearch Inbound Connection Accepters using the Inbound Connection ID. For example:\n\n```sh\n$ pulumi import aws:opensearch/inboundConnectionAccepter:InboundConnectionAccepter foo connection-id\n```\n", + "description": "Manages an [AWS Opensearch Inbound Connection Accepter](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_AcceptInboundConnection.html). If connecting domains from different AWS accounts, ensure that the accepter is configured to use the AWS account where the _remote_ opensearch domain exists.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetRegion = aws.getRegion({});\nconst foo = new aws.opensearch.OutboundConnection(\"foo\", {\n connectionAlias: \"outbound_connection\",\n localDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: localDomain.domainName,\n },\n remoteDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: remoteDomain.domainName,\n },\n});\nconst fooInboundConnectionAccepter = new aws.opensearch.InboundConnectionAccepter(\"foo\", {connectionId: foo.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_region = aws.get_region()\nfoo = aws.opensearch.OutboundConnection(\"foo\",\n connection_alias=\"outbound_connection\",\n local_domain_info=aws.opensearch.OutboundConnectionLocalDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=local_domain[\"domainName\"],\n ),\n remote_domain_info=aws.opensearch.OutboundConnectionRemoteDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=remote_domain[\"domainName\"],\n ))\nfoo_inbound_connection_accepter = aws.opensearch.InboundConnectionAccepter(\"foo\", connection_id=foo.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var foo = new Aws.OpenSearch.OutboundConnection(\"foo\", new()\n {\n ConnectionAlias = \"outbound_connection\",\n LocalDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionLocalDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = localDomain.DomainName,\n },\n RemoteDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionRemoteDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = remoteDomain.DomainName,\n },\n });\n\n var fooInboundConnectionAccepter = new Aws.OpenSearch.InboundConnectionAccepter(\"foo\", new()\n {\n ConnectionId = foo.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := opensearch.NewOutboundConnection(ctx, \"foo\", \u0026opensearch.OutboundConnectionArgs{\n\t\t\tConnectionAlias: pulumi.String(\"outbound_connection\"),\n\t\t\tLocalDomainInfo: \u0026opensearch.OutboundConnectionLocalDomainInfoArgs{\n\t\t\t\tOwnerId: pulumi.String(current.AccountId),\n\t\t\t\tRegion: pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(localDomain.DomainName),\n\t\t\t},\n\t\t\tRemoteDomainInfo: \u0026opensearch.OutboundConnectionRemoteDomainInfoArgs{\n\t\t\t\tOwnerId: pulumi.String(current.AccountId),\n\t\t\t\tRegion: pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(remoteDomain.DomainName),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewInboundConnectionAccepter(ctx, \"foo\", \u0026opensearch.InboundConnectionAccepterArgs{\n\t\t\tConnectionId: foo.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.opensearch.OutboundConnection;\nimport com.pulumi.aws.opensearch.OutboundConnectionArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionLocalDomainInfoArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionRemoteDomainInfoArgs;\nimport com.pulumi.aws.opensearch.InboundConnectionAccepter;\nimport com.pulumi.aws.opensearch.InboundConnectionAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var foo = new OutboundConnection(\"foo\", OutboundConnectionArgs.builder() \n .connectionAlias(\"outbound_connection\")\n .localDomainInfo(OutboundConnectionLocalDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(localDomain.domainName())\n .build())\n .remoteDomainInfo(OutboundConnectionRemoteDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(remoteDomain.domainName())\n .build())\n .build());\n\n var fooInboundConnectionAccepter = new InboundConnectionAccepter(\"fooInboundConnectionAccepter\", InboundConnectionAccepterArgs.builder() \n .connectionId(foo.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:opensearch:OutboundConnection\n properties:\n connectionAlias: outbound_connection\n localDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${localDomain.domainName}\n remoteDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${remoteDomain.domainName}\n fooInboundConnectionAccepter:\n type: aws:opensearch:InboundConnectionAccepter\n name: foo\n properties:\n connectionId: ${foo.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS Opensearch Inbound Connection Accepters using the Inbound Connection ID. For example:\n\n```sh\n$ pulumi import aws:opensearch/inboundConnectionAccepter:InboundConnectionAccepter foo connection-id\n```\n", "properties": { "connectionId": { "type": "string", @@ -285080,7 +285080,7 @@ } }, "aws:opensearch/outboundConnection:OutboundConnection": { - "description": "Manages an AWS Opensearch Outbound Connection.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetRegion = aws.getRegion({});\nconst foo = new aws.opensearch.OutboundConnection(\"foo\", {\n connectionAlias: \"outbound_connection\",\n connectionMode: \"DIRECT\",\n localDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: localDomain.domainName,\n },\n remoteDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: remoteDomain.domainName,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_region = aws.get_region()\nfoo = aws.opensearch.OutboundConnection(\"foo\",\n connection_alias=\"outbound_connection\",\n connection_mode=\"DIRECT\",\n local_domain_info=aws.opensearch.OutboundConnectionLocalDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=local_domain[\"domainName\"],\n ),\n remote_domain_info=aws.opensearch.OutboundConnectionRemoteDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=remote_domain[\"domainName\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var foo = new Aws.OpenSearch.OutboundConnection(\"foo\", new()\n {\n ConnectionAlias = \"outbound_connection\",\n ConnectionMode = \"DIRECT\",\n LocalDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionLocalDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = localDomain.DomainName,\n },\n RemoteDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionRemoteDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = remoteDomain.DomainName,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewOutboundConnection(ctx, \"foo\", \u0026opensearch.OutboundConnectionArgs{\n\t\t\tConnectionAlias: pulumi.String(\"outbound_connection\"),\n\t\t\tConnectionMode: pulumi.String(\"DIRECT\"),\n\t\t\tLocalDomainInfo: \u0026opensearch.OutboundConnectionLocalDomainInfoArgs{\n\t\t\t\tOwnerId: *pulumi.String(current.AccountId),\n\t\t\t\tRegion: *pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(localDomain.DomainName),\n\t\t\t},\n\t\t\tRemoteDomainInfo: \u0026opensearch.OutboundConnectionRemoteDomainInfoArgs{\n\t\t\t\tOwnerId: *pulumi.String(current.AccountId),\n\t\t\t\tRegion: *pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(remoteDomain.DomainName),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.opensearch.OutboundConnection;\nimport com.pulumi.aws.opensearch.OutboundConnectionArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionLocalDomainInfoArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionRemoteDomainInfoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var foo = new OutboundConnection(\"foo\", OutboundConnectionArgs.builder() \n .connectionAlias(\"outbound_connection\")\n .connectionMode(\"DIRECT\")\n .localDomainInfo(OutboundConnectionLocalDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(localDomain.domainName())\n .build())\n .remoteDomainInfo(OutboundConnectionRemoteDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(remoteDomain.domainName())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:opensearch:OutboundConnection\n properties:\n connectionAlias: outbound_connection\n connectionMode: DIRECT\n localDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${localDomain.domainName}\n remoteDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${remoteDomain.domainName}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS Opensearch Outbound Connections using the Outbound Connection ID. For example:\n\n```sh\n$ pulumi import aws:opensearch/outboundConnection:OutboundConnection foo connection-id\n```\n", + "description": "Manages an AWS Opensearch Outbound Connection.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetRegion = aws.getRegion({});\nconst foo = new aws.opensearch.OutboundConnection(\"foo\", {\n connectionAlias: \"outbound_connection\",\n connectionMode: \"DIRECT\",\n localDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: localDomain.domainName,\n },\n remoteDomainInfo: {\n ownerId: current.then(current =\u003e current.accountId),\n region: currentGetRegion.then(currentGetRegion =\u003e currentGetRegion.name),\n domainName: remoteDomain.domainName,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_region = aws.get_region()\nfoo = aws.opensearch.OutboundConnection(\"foo\",\n connection_alias=\"outbound_connection\",\n connection_mode=\"DIRECT\",\n local_domain_info=aws.opensearch.OutboundConnectionLocalDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=local_domain[\"domainName\"],\n ),\n remote_domain_info=aws.opensearch.OutboundConnectionRemoteDomainInfoArgs(\n owner_id=current.account_id,\n region=current_get_region.name,\n domain_name=remote_domain[\"domainName\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var foo = new Aws.OpenSearch.OutboundConnection(\"foo\", new()\n {\n ConnectionAlias = \"outbound_connection\",\n ConnectionMode = \"DIRECT\",\n LocalDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionLocalDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = localDomain.DomainName,\n },\n RemoteDomainInfo = new Aws.OpenSearch.Inputs.OutboundConnectionRemoteDomainInfoArgs\n {\n OwnerId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Region = currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name),\n DomainName = remoteDomain.DomainName,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewOutboundConnection(ctx, \"foo\", \u0026opensearch.OutboundConnectionArgs{\n\t\t\tConnectionAlias: pulumi.String(\"outbound_connection\"),\n\t\t\tConnectionMode: pulumi.String(\"DIRECT\"),\n\t\t\tLocalDomainInfo: \u0026opensearch.OutboundConnectionLocalDomainInfoArgs{\n\t\t\t\tOwnerId: pulumi.String(current.AccountId),\n\t\t\t\tRegion: pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(localDomain.DomainName),\n\t\t\t},\n\t\t\tRemoteDomainInfo: \u0026opensearch.OutboundConnectionRemoteDomainInfoArgs{\n\t\t\t\tOwnerId: pulumi.String(current.AccountId),\n\t\t\t\tRegion: pulumi.String(currentGetRegion.Name),\n\t\t\t\tDomainName: pulumi.Any(remoteDomain.DomainName),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.opensearch.OutboundConnection;\nimport com.pulumi.aws.opensearch.OutboundConnectionArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionLocalDomainInfoArgs;\nimport com.pulumi.aws.opensearch.inputs.OutboundConnectionRemoteDomainInfoArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var foo = new OutboundConnection(\"foo\", OutboundConnectionArgs.builder() \n .connectionAlias(\"outbound_connection\")\n .connectionMode(\"DIRECT\")\n .localDomainInfo(OutboundConnectionLocalDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(localDomain.domainName())\n .build())\n .remoteDomainInfo(OutboundConnectionRemoteDomainInfoArgs.builder()\n .ownerId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .region(currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .domainName(remoteDomain.domainName())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:opensearch:OutboundConnection\n properties:\n connectionAlias: outbound_connection\n connectionMode: DIRECT\n localDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${localDomain.domainName}\n remoteDomainInfo:\n ownerId: ${current.accountId}\n region: ${currentGetRegion.name}\n domainName: ${remoteDomain.domainName}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n currentGetRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS Opensearch Outbound Connections using the Outbound Connection ID. For example:\n\n```sh\n$ pulumi import aws:opensearch/outboundConnection:OutboundConnection foo connection-id\n```\n", "properties": { "acceptConnection": { "type": "boolean", @@ -292737,7 +292737,7 @@ } }, "aws:organizations/policy:Policy": { - "description": "Provides a resource to manage an [AWS Organizations policy](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"*\"],\n resources: [\"*\"],\n }],\n});\nconst examplePolicy = new aws.organizations.Policy(\"example\", {\n name: \"example\",\n content: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"*\"],\n resources=[\"*\"],\n)])\nexample_policy = aws.organizations.Policy(\"example\",\n name=\"example\",\n content=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Organizations.Policy(\"example\", new()\n {\n Name = \"example\",\n Content = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewPolicy(ctx, \"example\", \u0026organizations.PolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tContent: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.organizations.Policy;\nimport com.pulumi.aws.organizations.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"*\")\n .resources(\"*\")\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example\")\n .content(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:organizations:Policy\n name: example\n properties:\n name: example\n content: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - '*'\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_organizations_policy` using the policy ID. For example:\n\n```sh\n$ pulumi import aws:organizations/policy:Policy example p-12345678\n```\n", + "description": "Provides a resource to manage an [AWS Organizations policy](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"*\"],\n resources: [\"*\"],\n }],\n});\nconst examplePolicy = new aws.organizations.Policy(\"example\", {\n name: \"example\",\n content: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"*\"],\n resources=[\"*\"],\n)])\nexample_policy = aws.organizations.Policy(\"example\",\n name=\"example\",\n content=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Organizations.Policy(\"example\", new()\n {\n Name = \"example\",\n Content = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewPolicy(ctx, \"example\", \u0026organizations.PolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tContent: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.organizations.Policy;\nimport com.pulumi.aws.organizations.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"*\")\n .resources(\"*\")\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example\")\n .content(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:organizations:Policy\n name: example\n properties:\n name: example\n content: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - '*'\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_organizations_policy` using the policy ID. For example:\n\n```sh\n$ pulumi import aws:organizations/policy:Policy example p-12345678\n```\n", "properties": { "arn": { "type": "string", @@ -293888,7 +293888,7 @@ } }, "aws:pinpoint/emailChannel:EmailChannel": { - "description": "Provides a Pinpoint Email Channel resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"pinpoint.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst email = new aws.pinpoint.EmailChannel(\"email\", {\n applicationId: app.applicationId,\n fromAddress: \"user@example.com\",\n roleArn: role.arn,\n});\nconst identity = new aws.ses.DomainIdentity(\"identity\", {domain: \"example.com\"});\nconst rolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\",\n ],\n resources: [\"*\"],\n }],\n});\nconst rolePolicyRolePolicy = new aws.iam.RolePolicy(\"role_policy\", {\n name: \"role_policy\",\n role: role.id,\n policy: rolePolicy.then(rolePolicy =\u003e rolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"pinpoint.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nemail = aws.pinpoint.EmailChannel(\"email\",\n application_id=app.application_id,\n from_address=\"user@example.com\",\n role_arn=role.arn)\nidentity = aws.ses.DomainIdentity(\"identity\", domain=\"example.com\")\nrole_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\",\n ],\n resources=[\"*\"],\n)])\nrole_policy_role_policy = aws.iam.RolePolicy(\"role_policy\",\n name=\"role_policy\",\n role=role.id,\n policy=role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var app = new Aws.Pinpoint.App(\"app\");\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"pinpoint.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var email = new Aws.Pinpoint.EmailChannel(\"email\", new()\n {\n ApplicationId = app.ApplicationId,\n FromAddress = \"user@example.com\",\n RoleArn = role.Arn,\n });\n\n var identity = new Aws.Ses.DomainIdentity(\"identity\", new()\n {\n Domain = \"example.com\",\n });\n\n var rolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var rolePolicyRolePolicy = new Aws.Iam.RolePolicy(\"role_policy\", new()\n {\n Name = \"role_policy\",\n Role = role.Id,\n Policy = rolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"pinpoint.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewEmailChannel(ctx, \"email\", \u0026pinpoint.EmailChannelArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tFromAddress: pulumi.String(\"user@example.com\"),\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewDomainIdentity(ctx, \"identity\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"mobileanalytics:PutEvents\",\n\t\t\t\t\t\t\"mobileanalytics:PutItems\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"role_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"role_policy\"),\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: *pulumi.String(rolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.pinpoint.App;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.pinpoint.EmailChannel;\nimport com.pulumi.aws.pinpoint.EmailChannelArgs;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var app = new App(\"app\");\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"pinpoint.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var email = new EmailChannel(\"email\", EmailChannelArgs.builder() \n .applicationId(app.applicationId())\n .fromAddress(\"user@example.com\")\n .roleArn(role.arn())\n .build());\n\n var identity = new DomainIdentity(\"identity\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n final var rolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\")\n .resources(\"*\")\n .build())\n .build());\n\n var rolePolicyRolePolicy = new RolePolicy(\"rolePolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"role_policy\")\n .role(role.id())\n .policy(rolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n email:\n type: aws:pinpoint:EmailChannel\n properties:\n applicationId: ${app.applicationId}\n fromAddress: user@example.com\n roleArn: ${role.arn}\n app:\n type: aws:pinpoint:App\n identity:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n rolePolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: role_policy\n properties:\n name: role_policy\n role: ${role.id}\n policy: ${rolePolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - pinpoint.amazonaws.com\n actions:\n - sts:AssumeRole\n rolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - mobileanalytics:PutEvents\n - mobileanalytics:PutItems\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Pinpoint Email Channel using the `application-id`. For example:\n\n```sh\n$ pulumi import aws:pinpoint/emailChannel:EmailChannel email application-id\n```\n", + "description": "Provides a Pinpoint Email Channel resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"pinpoint.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst email = new aws.pinpoint.EmailChannel(\"email\", {\n applicationId: app.applicationId,\n fromAddress: \"user@example.com\",\n roleArn: role.arn,\n});\nconst identity = new aws.ses.DomainIdentity(\"identity\", {domain: \"example.com\"});\nconst rolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\",\n ],\n resources: [\"*\"],\n }],\n});\nconst rolePolicyRolePolicy = new aws.iam.RolePolicy(\"role_policy\", {\n name: \"role_policy\",\n role: role.id,\n policy: rolePolicy.then(rolePolicy =\u003e rolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"pinpoint.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nemail = aws.pinpoint.EmailChannel(\"email\",\n application_id=app.application_id,\n from_address=\"user@example.com\",\n role_arn=role.arn)\nidentity = aws.ses.DomainIdentity(\"identity\", domain=\"example.com\")\nrole_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\",\n ],\n resources=[\"*\"],\n)])\nrole_policy_role_policy = aws.iam.RolePolicy(\"role_policy\",\n name=\"role_policy\",\n role=role.id,\n policy=role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var app = new Aws.Pinpoint.App(\"app\");\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"pinpoint.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var email = new Aws.Pinpoint.EmailChannel(\"email\", new()\n {\n ApplicationId = app.ApplicationId,\n FromAddress = \"user@example.com\",\n RoleArn = role.Arn,\n });\n\n var identity = new Aws.Ses.DomainIdentity(\"identity\", new()\n {\n Domain = \"example.com\",\n });\n\n var rolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var rolePolicyRolePolicy = new Aws.Iam.RolePolicy(\"role_policy\", new()\n {\n Name = \"role_policy\",\n Role = role.Id,\n Policy = rolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"pinpoint.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewEmailChannel(ctx, \"email\", \u0026pinpoint.EmailChannelArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tFromAddress: pulumi.String(\"user@example.com\"),\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewDomainIdentity(ctx, \"identity\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"mobileanalytics:PutEvents\",\n\t\t\t\t\t\t\"mobileanalytics:PutItems\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"role_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"role_policy\"),\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: pulumi.String(rolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.pinpoint.App;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.pinpoint.EmailChannel;\nimport com.pulumi.aws.pinpoint.EmailChannelArgs;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var app = new App(\"app\");\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"pinpoint.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var email = new EmailChannel(\"email\", EmailChannelArgs.builder() \n .applicationId(app.applicationId())\n .fromAddress(\"user@example.com\")\n .roleArn(role.arn())\n .build());\n\n var identity = new DomainIdentity(\"identity\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n final var rolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\")\n .resources(\"*\")\n .build())\n .build());\n\n var rolePolicyRolePolicy = new RolePolicy(\"rolePolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"role_policy\")\n .role(role.id())\n .policy(rolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n email:\n type: aws:pinpoint:EmailChannel\n properties:\n applicationId: ${app.applicationId}\n fromAddress: user@example.com\n roleArn: ${role.arn}\n app:\n type: aws:pinpoint:App\n identity:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n rolePolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: role_policy\n properties:\n name: role_policy\n role: ${role.id}\n policy: ${rolePolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - pinpoint.amazonaws.com\n actions:\n - sts:AssumeRole\n rolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - mobileanalytics:PutEvents\n - mobileanalytics:PutItems\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Pinpoint Email Channel using the `application-id`. For example:\n\n```sh\n$ pulumi import aws:pinpoint/emailChannel:EmailChannel email application-id\n```\n", "properties": { "applicationId": { "type": "string", @@ -293994,7 +293994,7 @@ } }, "aws:pinpoint/eventStream:EventStream": { - "description": "Provides a Pinpoint Event Stream resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst testStream = new aws.kinesis.Stream(\"test_stream\", {\n name: \"pinpoint-kinesis-test\",\n shardCount: 1,\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"pinpoint.us-east-1.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst testRole = new aws.iam.Role(\"test_role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst stream = new aws.pinpoint.EventStream(\"stream\", {\n applicationId: app.applicationId,\n destinationStreamArn: testStream.arn,\n roleArn: testRole.arn,\n});\nconst testRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\",\n ],\n resources: [\"arn:aws:kinesis:us-east-1:*:*/*\"],\n }],\n});\nconst testRolePolicyRolePolicy = new aws.iam.RolePolicy(\"test_role_policy\", {\n name: \"test_policy\",\n role: testRole.id,\n policy: testRolePolicy.then(testRolePolicy =\u003e testRolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\ntest_stream = aws.kinesis.Stream(\"test_stream\",\n name=\"pinpoint-kinesis-test\",\n shard_count=1)\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"pinpoint.us-east-1.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ntest_role = aws.iam.Role(\"test_role\", assume_role_policy=assume_role.json)\nstream = aws.pinpoint.EventStream(\"stream\",\n application_id=app.application_id,\n destination_stream_arn=test_stream.arn,\n role_arn=test_role.arn)\ntest_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\",\n ],\n resources=[\"arn:aws:kinesis:us-east-1:*:*/*\"],\n)])\ntest_role_policy_role_policy = aws.iam.RolePolicy(\"test_role_policy\",\n name=\"test_policy\",\n role=test_role.id,\n policy=test_role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var app = new Aws.Pinpoint.App(\"app\");\n\n var testStream = new Aws.Kinesis.Stream(\"test_stream\", new()\n {\n Name = \"pinpoint-kinesis-test\",\n ShardCount = 1,\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"pinpoint.us-east-1.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var stream = new Aws.Pinpoint.EventStream(\"stream\", new()\n {\n ApplicationId = app.ApplicationId,\n DestinationStreamArn = testStream.Arn,\n RoleArn = testRole.Arn,\n });\n\n var testRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\",\n },\n Resources = new[]\n {\n \"arn:aws:kinesis:us-east-1:*:*/*\",\n },\n },\n },\n });\n\n var testRolePolicyRolePolicy = new Aws.Iam.RolePolicy(\"test_role_policy\", new()\n {\n Name = \"test_policy\",\n Role = testRole.Id,\n Policy = testRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewStream(ctx, \"test_stream\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"pinpoint-kinesis-test\"),\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"pinpoint.us-east-1.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewEventStream(ctx, \"stream\", \u0026pinpoint.EventStreamArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tDestinationStreamArn: testStream.Arn,\n\t\t\tRoleArn: testRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kinesis:PutRecords\",\n\t\t\t\t\t\t\"kinesis:DescribeStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:kinesis:us-east-1:*:*/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"test_role_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"test_policy\"),\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: *pulumi.String(testRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.pinpoint.App;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.pinpoint.EventStream;\nimport com.pulumi.aws.pinpoint.EventStreamArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var app = new App(\"app\");\n\n var testStream = new Stream(\"testStream\", StreamArgs.builder() \n .name(\"pinpoint-kinesis-test\")\n .shardCount(1)\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"pinpoint.us-east-1.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var stream = new EventStream(\"stream\", EventStreamArgs.builder() \n .applicationId(app.applicationId())\n .destinationStreamArn(testStream.arn())\n .roleArn(testRole.arn())\n .build());\n\n final var testRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\")\n .resources(\"arn:aws:kinesis:us-east-1:*:*/*\")\n .build())\n .build());\n\n var testRolePolicyRolePolicy = new RolePolicy(\"testRolePolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"test_policy\")\n .role(testRole.id())\n .policy(testRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n stream:\n type: aws:pinpoint:EventStream\n properties:\n applicationId: ${app.applicationId}\n destinationStreamArn: ${testStream.arn}\n roleArn: ${testRole.arn}\n app:\n type: aws:pinpoint:App\n testStream:\n type: aws:kinesis:Stream\n name: test_stream\n properties:\n name: pinpoint-kinesis-test\n shardCount: 1\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n testRolePolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: test_role_policy\n properties:\n name: test_policy\n role: ${testRole.id}\n policy: ${testRolePolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - pinpoint.us-east-1.amazonaws.com\n actions:\n - sts:AssumeRole\n testRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - kinesis:PutRecords\n - kinesis:DescribeStream\n resources:\n - arn:aws:kinesis:us-east-1:*:*/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Pinpoint Event Stream using the `application-id`. For example:\n\n```sh\n$ pulumi import aws:pinpoint/eventStream:EventStream stream application-id\n```\n", + "description": "Provides a Pinpoint Event Stream resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst testStream = new aws.kinesis.Stream(\"test_stream\", {\n name: \"pinpoint-kinesis-test\",\n shardCount: 1,\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"pinpoint.us-east-1.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst testRole = new aws.iam.Role(\"test_role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst stream = new aws.pinpoint.EventStream(\"stream\", {\n applicationId: app.applicationId,\n destinationStreamArn: testStream.arn,\n roleArn: testRole.arn,\n});\nconst testRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\",\n ],\n resources: [\"arn:aws:kinesis:us-east-1:*:*/*\"],\n }],\n});\nconst testRolePolicyRolePolicy = new aws.iam.RolePolicy(\"test_role_policy\", {\n name: \"test_policy\",\n role: testRole.id,\n policy: testRolePolicy.then(testRolePolicy =\u003e testRolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\ntest_stream = aws.kinesis.Stream(\"test_stream\",\n name=\"pinpoint-kinesis-test\",\n shard_count=1)\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"pinpoint.us-east-1.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ntest_role = aws.iam.Role(\"test_role\", assume_role_policy=assume_role.json)\nstream = aws.pinpoint.EventStream(\"stream\",\n application_id=app.application_id,\n destination_stream_arn=test_stream.arn,\n role_arn=test_role.arn)\ntest_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\",\n ],\n resources=[\"arn:aws:kinesis:us-east-1:*:*/*\"],\n)])\ntest_role_policy_role_policy = aws.iam.RolePolicy(\"test_role_policy\",\n name=\"test_policy\",\n role=test_role.id,\n policy=test_role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var app = new Aws.Pinpoint.App(\"app\");\n\n var testStream = new Aws.Kinesis.Stream(\"test_stream\", new()\n {\n Name = \"pinpoint-kinesis-test\",\n ShardCount = 1,\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"pinpoint.us-east-1.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var stream = new Aws.Pinpoint.EventStream(\"stream\", new()\n {\n ApplicationId = app.ApplicationId,\n DestinationStreamArn = testStream.Arn,\n RoleArn = testRole.Arn,\n });\n\n var testRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\",\n },\n Resources = new[]\n {\n \"arn:aws:kinesis:us-east-1:*:*/*\",\n },\n },\n },\n });\n\n var testRolePolicyRolePolicy = new Aws.Iam.RolePolicy(\"test_role_policy\", new()\n {\n Name = \"test_policy\",\n Role = testRole.Id,\n Policy = testRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewStream(ctx, \"test_stream\", \u0026kinesis.StreamArgs{\n\t\t\tName: pulumi.String(\"pinpoint-kinesis-test\"),\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"pinpoint.us-east-1.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewEventStream(ctx, \"stream\", \u0026pinpoint.EventStreamArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tDestinationStreamArn: testStream.Arn,\n\t\t\tRoleArn: testRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kinesis:PutRecords\",\n\t\t\t\t\t\t\"kinesis:DescribeStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:kinesis:us-east-1:*:*/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"test_role_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"test_policy\"),\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: pulumi.String(testRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.pinpoint.App;\nimport com.pulumi.aws.kinesis.Stream;\nimport com.pulumi.aws.kinesis.StreamArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.pinpoint.EventStream;\nimport com.pulumi.aws.pinpoint.EventStreamArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var app = new App(\"app\");\n\n var testStream = new Stream(\"testStream\", StreamArgs.builder() \n .name(\"pinpoint-kinesis-test\")\n .shardCount(1)\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"pinpoint.us-east-1.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var stream = new EventStream(\"stream\", EventStreamArgs.builder() \n .applicationId(app.applicationId())\n .destinationStreamArn(testStream.arn())\n .roleArn(testRole.arn())\n .build());\n\n final var testRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\")\n .resources(\"arn:aws:kinesis:us-east-1:*:*/*\")\n .build())\n .build());\n\n var testRolePolicyRolePolicy = new RolePolicy(\"testRolePolicyRolePolicy\", RolePolicyArgs.builder() \n .name(\"test_policy\")\n .role(testRole.id())\n .policy(testRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n stream:\n type: aws:pinpoint:EventStream\n properties:\n applicationId: ${app.applicationId}\n destinationStreamArn: ${testStream.arn}\n roleArn: ${testRole.arn}\n app:\n type: aws:pinpoint:App\n testStream:\n type: aws:kinesis:Stream\n name: test_stream\n properties:\n name: pinpoint-kinesis-test\n shardCount: 1\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n testRolePolicyRolePolicy:\n type: aws:iam:RolePolicy\n name: test_role_policy\n properties:\n name: test_policy\n role: ${testRole.id}\n policy: ${testRolePolicy.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - pinpoint.us-east-1.amazonaws.com\n actions:\n - sts:AssumeRole\n testRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - kinesis:PutRecords\n - kinesis:DescribeStream\n resources:\n - arn:aws:kinesis:us-east-1:*:*/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Pinpoint Event Stream using the `application-id`. For example:\n\n```sh\n$ pulumi import aws:pinpoint/eventStream:EventStream stream application-id\n```\n", "properties": { "applicationId": { "type": "string", @@ -297812,7 +297812,7 @@ } }, "aws:ram/resourceShareAccepter:ResourceShareAccepter": { - "description": "Manage accepting a Resource Access Manager (RAM) Resource Share invitation. From a _receiver_ AWS account, accept an invitation to share resources that were shared by a _sender_ AWS account. To create a resource share in the _sender_, see the `aws.ram.ResourceShare` resource.\n\n\u003e **Note:** If both AWS accounts are in the same Organization and [RAM Sharing with AWS Organizations is enabled](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html#getting-started-sharing-orgs), this resource is not necessary as RAM Resource Share invitations are not used.\n\n## Example Usage\n\nThis configuration provides an example of using multiple AWS providers to configure two different AWS accounts. In the _sender_ account, the configuration creates a `aws.ram.ResourceShare` and uses a data source in the _receiver_ account to create a `aws.ram.PrincipalAssociation` resource with the _receiver's_ account ID. In the _receiver_ account, the configuration accepts the invitation to share resources with the `aws.ram.ResourceShareAccepter`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst senderShare = new aws.ram.ResourceShare(\"sender_share\", {\n name: \"tf-test-resource-share\",\n allowExternalPrincipals: true,\n tags: {\n Name: \"tf-test-resource-share\",\n },\n});\nconst receiver = aws.getCallerIdentity({});\nconst senderInvite = new aws.ram.PrincipalAssociation(\"sender_invite\", {\n principal: receiver.then(receiver =\u003e receiver.accountId),\n resourceShareArn: senderShare.arn,\n});\nconst receiverAccept = new aws.ram.ResourceShareAccepter(\"receiver_accept\", {shareArn: senderInvite.resourceShareArn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsender_share = aws.ram.ResourceShare(\"sender_share\",\n name=\"tf-test-resource-share\",\n allow_external_principals=True,\n tags={\n \"Name\": \"tf-test-resource-share\",\n })\nreceiver = aws.get_caller_identity()\nsender_invite = aws.ram.PrincipalAssociation(\"sender_invite\",\n principal=receiver.account_id,\n resource_share_arn=sender_share.arn)\nreceiver_accept = aws.ram.ResourceShareAccepter(\"receiver_accept\", share_arn=sender_invite.resource_share_arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var senderShare = new Aws.Ram.ResourceShare(\"sender_share\", new()\n {\n Name = \"tf-test-resource-share\",\n AllowExternalPrincipals = true,\n Tags = \n {\n { \"Name\", \"tf-test-resource-share\" },\n },\n });\n\n var receiver = Aws.GetCallerIdentity.Invoke();\n\n var senderInvite = new Aws.Ram.PrincipalAssociation(\"sender_invite\", new()\n {\n Principal = receiver.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n ResourceShareArn = senderShare.Arn,\n });\n\n var receiverAccept = new Aws.Ram.ResourceShareAccepter(\"receiver_accept\", new()\n {\n ShareArn = senderInvite.ResourceShareArn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsenderShare, err := ram.NewResourceShare(ctx, \"sender_share\", \u0026ram.ResourceShareArgs{\n\t\t\tName: pulumi.String(\"tf-test-resource-share\"),\n\t\t\tAllowExternalPrincipals: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-test-resource-share\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treceiver, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsenderInvite, err := ram.NewPrincipalAssociation(ctx, \"sender_invite\", \u0026ram.PrincipalAssociationArgs{\n\t\t\tPrincipal: *pulumi.String(receiver.AccountId),\n\t\t\tResourceShareArn: senderShare.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ram.NewResourceShareAccepter(ctx, \"receiver_accept\", \u0026ram.ResourceShareAccepterArgs{\n\t\t\tShareArn: senderInvite.ResourceShareArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ram.ResourceShare;\nimport com.pulumi.aws.ram.ResourceShareArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ram.PrincipalAssociation;\nimport com.pulumi.aws.ram.PrincipalAssociationArgs;\nimport com.pulumi.aws.ram.ResourceShareAccepter;\nimport com.pulumi.aws.ram.ResourceShareAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var senderShare = new ResourceShare(\"senderShare\", ResourceShareArgs.builder() \n .name(\"tf-test-resource-share\")\n .allowExternalPrincipals(true)\n .tags(Map.of(\"Name\", \"tf-test-resource-share\"))\n .build());\n\n final var receiver = AwsFunctions.getCallerIdentity();\n\n var senderInvite = new PrincipalAssociation(\"senderInvite\", PrincipalAssociationArgs.builder() \n .principal(receiver.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .resourceShareArn(senderShare.arn())\n .build());\n\n var receiverAccept = new ResourceShareAccepter(\"receiverAccept\", ResourceShareAccepterArgs.builder() \n .shareArn(senderInvite.resourceShareArn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n senderShare:\n type: aws:ram:ResourceShare\n name: sender_share\n properties:\n name: tf-test-resource-share\n allowExternalPrincipals: true\n tags:\n Name: tf-test-resource-share\n senderInvite:\n type: aws:ram:PrincipalAssociation\n name: sender_invite\n properties:\n principal: ${receiver.accountId}\n resourceShareArn: ${senderShare.arn}\n receiverAccept:\n type: aws:ram:ResourceShareAccepter\n name: receiver_accept\n properties:\n shareArn: ${senderInvite.resourceShareArn}\nvariables:\n receiver:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import resource share accepters using the resource share ARN. For example:\n\n```sh\n$ pulumi import aws:ram/resourceShareAccepter:ResourceShareAccepter example arn:aws:ram:us-east-1:123456789012:resource-share/c4b56393-e8d9-89d9-6dc9-883752de4767\n```\n", + "description": "Manage accepting a Resource Access Manager (RAM) Resource Share invitation. From a _receiver_ AWS account, accept an invitation to share resources that were shared by a _sender_ AWS account. To create a resource share in the _sender_, see the `aws.ram.ResourceShare` resource.\n\n\u003e **Note:** If both AWS accounts are in the same Organization and [RAM Sharing with AWS Organizations is enabled](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html#getting-started-sharing-orgs), this resource is not necessary as RAM Resource Share invitations are not used.\n\n## Example Usage\n\nThis configuration provides an example of using multiple AWS providers to configure two different AWS accounts. In the _sender_ account, the configuration creates a `aws.ram.ResourceShare` and uses a data source in the _receiver_ account to create a `aws.ram.PrincipalAssociation` resource with the _receiver's_ account ID. In the _receiver_ account, the configuration accepts the invitation to share resources with the `aws.ram.ResourceShareAccepter`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst senderShare = new aws.ram.ResourceShare(\"sender_share\", {\n name: \"tf-test-resource-share\",\n allowExternalPrincipals: true,\n tags: {\n Name: \"tf-test-resource-share\",\n },\n});\nconst receiver = aws.getCallerIdentity({});\nconst senderInvite = new aws.ram.PrincipalAssociation(\"sender_invite\", {\n principal: receiver.then(receiver =\u003e receiver.accountId),\n resourceShareArn: senderShare.arn,\n});\nconst receiverAccept = new aws.ram.ResourceShareAccepter(\"receiver_accept\", {shareArn: senderInvite.resourceShareArn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsender_share = aws.ram.ResourceShare(\"sender_share\",\n name=\"tf-test-resource-share\",\n allow_external_principals=True,\n tags={\n \"Name\": \"tf-test-resource-share\",\n })\nreceiver = aws.get_caller_identity()\nsender_invite = aws.ram.PrincipalAssociation(\"sender_invite\",\n principal=receiver.account_id,\n resource_share_arn=sender_share.arn)\nreceiver_accept = aws.ram.ResourceShareAccepter(\"receiver_accept\", share_arn=sender_invite.resource_share_arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var senderShare = new Aws.Ram.ResourceShare(\"sender_share\", new()\n {\n Name = \"tf-test-resource-share\",\n AllowExternalPrincipals = true,\n Tags = \n {\n { \"Name\", \"tf-test-resource-share\" },\n },\n });\n\n var receiver = Aws.GetCallerIdentity.Invoke();\n\n var senderInvite = new Aws.Ram.PrincipalAssociation(\"sender_invite\", new()\n {\n Principal = receiver.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n ResourceShareArn = senderShare.Arn,\n });\n\n var receiverAccept = new Aws.Ram.ResourceShareAccepter(\"receiver_accept\", new()\n {\n ShareArn = senderInvite.ResourceShareArn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsenderShare, err := ram.NewResourceShare(ctx, \"sender_share\", \u0026ram.ResourceShareArgs{\n\t\t\tName: pulumi.String(\"tf-test-resource-share\"),\n\t\t\tAllowExternalPrincipals: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-test-resource-share\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treceiver, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsenderInvite, err := ram.NewPrincipalAssociation(ctx, \"sender_invite\", \u0026ram.PrincipalAssociationArgs{\n\t\t\tPrincipal: pulumi.String(receiver.AccountId),\n\t\t\tResourceShareArn: senderShare.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ram.NewResourceShareAccepter(ctx, \"receiver_accept\", \u0026ram.ResourceShareAccepterArgs{\n\t\t\tShareArn: senderInvite.ResourceShareArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ram.ResourceShare;\nimport com.pulumi.aws.ram.ResourceShareArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ram.PrincipalAssociation;\nimport com.pulumi.aws.ram.PrincipalAssociationArgs;\nimport com.pulumi.aws.ram.ResourceShareAccepter;\nimport com.pulumi.aws.ram.ResourceShareAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var senderShare = new ResourceShare(\"senderShare\", ResourceShareArgs.builder() \n .name(\"tf-test-resource-share\")\n .allowExternalPrincipals(true)\n .tags(Map.of(\"Name\", \"tf-test-resource-share\"))\n .build());\n\n final var receiver = AwsFunctions.getCallerIdentity();\n\n var senderInvite = new PrincipalAssociation(\"senderInvite\", PrincipalAssociationArgs.builder() \n .principal(receiver.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .resourceShareArn(senderShare.arn())\n .build());\n\n var receiverAccept = new ResourceShareAccepter(\"receiverAccept\", ResourceShareAccepterArgs.builder() \n .shareArn(senderInvite.resourceShareArn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n senderShare:\n type: aws:ram:ResourceShare\n name: sender_share\n properties:\n name: tf-test-resource-share\n allowExternalPrincipals: true\n tags:\n Name: tf-test-resource-share\n senderInvite:\n type: aws:ram:PrincipalAssociation\n name: sender_invite\n properties:\n principal: ${receiver.accountId}\n resourceShareArn: ${senderShare.arn}\n receiverAccept:\n type: aws:ram:ResourceShareAccepter\n name: receiver_accept\n properties:\n shareArn: ${senderInvite.resourceShareArn}\nvariables:\n receiver:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import resource share accepters using the resource share ARN. For example:\n\n```sh\n$ pulumi import aws:ram/resourceShareAccepter:ResourceShareAccepter example arn:aws:ram:us-east-1:123456789012:resource-share/c4b56393-e8d9-89d9-6dc9-883752de4767\n```\n", "properties": { "invitationArn": { "type": "string", @@ -298082,7 +298082,7 @@ } }, "aws:rds/cluster:Cluster": { - "description": "Manages a [RDS Aurora Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html). To manage cluster instances that inherit configuration from the cluster (when not running the cluster in `serverless` engine mode), see the `aws.rds.ClusterInstance` resource. To manage non-Aurora databases (e.g., MySQL, PostgreSQL, SQL Server, etc.), see the `aws.rds.Instance` resource.\n\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n\nChanges to an RDS Cluster can occur when you manually change a\nparameter, such as `port`, and are reflected in the next maintenance\nwindow. Because of this, this provider may report a difference in its planning\nphase because a modification has not yet taken place. You can use the\n`apply_immediately` flag to instruct the service to apply the change immediately\n(see documentation below).\n\n\u003e **Note:** using `apply_immediately` can result in a\nbrief downtime as the server reboots. See the AWS Docs on [RDS Maintenance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html)\nfor more information.\n\n## Example Usage\n\n### Aurora MySQL 2.x (MySQL 5.7)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n engine: \"aurora-mysql\",\n engineVersion: \"5.7.mysql_aurora.2.03.2\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n engine=\"aurora-mysql\",\n engine_version=\"5.7.mysql_aurora.2.03.2\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n Engine = \"aurora-mysql\",\n EngineVersion = \"5.7.mysql_aurora.2.03.2\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tEngine: pulumi.String(\"aurora-mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.mysql_aurora.2.03.2\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .engine(\"aurora-mysql\")\n .engineVersion(\"5.7.mysql_aurora.2.03.2\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n engine: aurora-mysql\n engineVersion: 5.7.mysql_aurora.2.03.2\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Aurora MySQL 1.x (MySQL 5.6)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Aurora with PostgreSQL engine\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst postgresql = new aws.rds.Cluster(\"postgresql\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n engine: \"aurora-postgresql\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npostgresql = aws.rds.Cluster(\"postgresql\",\n cluster_identifier=\"aurora-cluster-demo\",\n engine=\"aurora-postgresql\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var postgresql = new Aws.Rds.Cluster(\"postgresql\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n Engine = \"aurora-postgresql\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"postgresql\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var postgresql = new Cluster(\"postgresql\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .engine(\"aurora-postgresql\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n postgresql:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n engine: aurora-postgresql\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Multi-AZ Cluster\n\n\u003e More information about RDS Multi-AZ Clusters can be found in the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html).\n\nTo create a Multi-AZ RDS cluster, you must additionally specify the `engine`, `storage_type`, `allocated_storage`, `iops` and `db_cluster_instance_class` attributes.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {\n clusterIdentifier: \"example\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n engine: \"mysql\",\n dbClusterInstanceClass: \"db.r6gd.xlarge\",\n storageType: \"io1\",\n allocatedStorage: 100,\n iops: 1000,\n masterUsername: \"test\",\n masterPassword: \"mustbeeightcharaters\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\",\n cluster_identifier=\"example\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n engine=\"mysql\",\n db_cluster_instance_class=\"db.r6gd.xlarge\",\n storage_type=\"io1\",\n allocated_storage=100,\n iops=1000,\n master_username=\"test\",\n master_password=\"mustbeeightcharaters\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Cluster(\"example\", new()\n {\n ClusterIdentifier = \"example\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n Engine = \"mysql\",\n DbClusterInstanceClass = \"db.r6gd.xlarge\",\n StorageType = \"io1\",\n AllocatedStorage = 100,\n Iops = 1000,\n MasterUsername = \"test\",\n MasterPassword = \"mustbeeightcharaters\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"example\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tDbClusterInstanceClass: pulumi.String(\"db.r6gd.xlarge\"),\n\t\t\tStorageType: pulumi.String(\"io1\"),\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tIops: pulumi.Int(1000),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t\tMasterPassword: pulumi.String(\"mustbeeightcharaters\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .engine(\"mysql\")\n .dbClusterInstanceClass(\"db.r6gd.xlarge\")\n .storageType(\"io1\")\n .allocatedStorage(100)\n .iops(1000)\n .masterUsername(\"test\")\n .masterPassword(\"mustbeeightcharaters\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n engine: mysql\n dbClusterInstanceClass: db.r6gd.xlarge\n storageType: io1\n allocatedStorage: 100\n iops: 1000\n masterUsername: test\n masterPassword: mustbeeightcharaters\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Serverless v2 Cluster\n\n\u003e More information about RDS Serverless v2 Clusters can be found in the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html).\n\n\u003e **Note:** Unlike Serverless v1, in Serverless v2 the `storage_encrypted` value is set to `false` by default.\nThis is because Serverless v1 uses the `serverless` `engine_mode`, but Serverless v2 uses the `provisioned` `engine_mode`.\n\nTo create a Serverless v2 RDS cluster, you must additionally specify the `engine_mode` and `serverlessv2_scaling_configuration` attributes. An `aws.rds.ClusterInstance` resource must also be added to the cluster with the `instance_class` attribute specified.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {\n clusterIdentifier: \"example\",\n engine: \"aurora-postgresql\",\n engineMode: \"provisioned\",\n engineVersion: \"13.6\",\n databaseName: \"test\",\n masterUsername: \"test\",\n masterPassword: \"must_be_eight_characters\",\n storageEncrypted: true,\n serverlessv2ScalingConfiguration: {\n maxCapacity: 1,\n minCapacity: 0.5,\n },\n});\nconst exampleClusterInstance = new aws.rds.ClusterInstance(\"example\", {\n clusterIdentifier: example.id,\n instanceClass: \"db.serverless\",\n engine: example.engine,\n engineVersion: example.engineVersion,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\",\n cluster_identifier=\"example\",\n engine=\"aurora-postgresql\",\n engine_mode=\"provisioned\",\n engine_version=\"13.6\",\n database_name=\"test\",\n master_username=\"test\",\n master_password=\"must_be_eight_characters\",\n storage_encrypted=True,\n serverlessv2_scaling_configuration=aws.rds.ClusterServerlessv2ScalingConfigurationArgs(\n max_capacity=1,\n min_capacity=0.5,\n ))\nexample_cluster_instance = aws.rds.ClusterInstance(\"example\",\n cluster_identifier=example.id,\n instance_class=\"db.serverless\",\n engine=example.engine,\n engine_version=example.engine_version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Cluster(\"example\", new()\n {\n ClusterIdentifier = \"example\",\n Engine = \"aurora-postgresql\",\n EngineMode = \"provisioned\",\n EngineVersion = \"13.6\",\n DatabaseName = \"test\",\n MasterUsername = \"test\",\n MasterPassword = \"must_be_eight_characters\",\n StorageEncrypted = true,\n Serverlessv2ScalingConfiguration = new Aws.Rds.Inputs.ClusterServerlessv2ScalingConfigurationArgs\n {\n MaxCapacity = 1,\n MinCapacity = 0.5,\n },\n });\n\n var exampleClusterInstance = new Aws.Rds.ClusterInstance(\"example\", new()\n {\n ClusterIdentifier = example.Id,\n InstanceClass = \"db.serverless\",\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewCluster(ctx, \"example\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tEngineMode: pulumi.String(\"provisioned\"),\n\t\t\tEngineVersion: pulumi.String(\"13.6\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t\tMasterPassword: pulumi.String(\"must_be_eight_characters\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tServerlessv2ScalingConfiguration: \u0026rds.ClusterServerlessv2ScalingConfigurationArgs{\n\t\t\t\tMaxCapacity: pulumi.Float64(1),\n\t\t\t\tMinCapacity: pulumi.Float64(0.5),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"example\", \u0026rds.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: example.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.serverless\"),\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.inputs.ClusterServerlessv2ScalingConfigurationArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .engine(\"aurora-postgresql\")\n .engineMode(\"provisioned\")\n .engineVersion(\"13.6\")\n .databaseName(\"test\")\n .masterUsername(\"test\")\n .masterPassword(\"must_be_eight_characters\")\n .storageEncrypted(true)\n .serverlessv2ScalingConfiguration(ClusterServerlessv2ScalingConfigurationArgs.builder()\n .maxCapacity(1)\n .minCapacity(0.5)\n .build())\n .build());\n\n var exampleClusterInstance = new ClusterInstance(\"exampleClusterInstance\", ClusterInstanceArgs.builder() \n .clusterIdentifier(example.id())\n .instanceClass(\"db.serverless\")\n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n engine: aurora-postgresql\n engineMode: provisioned\n engineVersion: '13.6'\n databaseName: test\n masterUsername: test\n masterPassword: must_be_eight_characters\n storageEncrypted: true\n serverlessv2ScalingConfiguration:\n maxCapacity: 1\n minCapacity: 0.5\n exampleClusterInstance:\n type: aws:rds:ClusterInstance\n name: example\n properties:\n clusterIdentifier: ${example.id}\n instanceClass: db.serverless\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS/Aurora Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `master_password` attribute (removal is required).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.rds.Cluster(\"test\", {\n clusterIdentifier: \"example\",\n databaseName: \"test\",\n manageMasterUserPassword: true,\n masterUsername: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.Cluster(\"test\",\n cluster_identifier=\"example\",\n database_name=\"test\",\n manage_master_user_password=True,\n master_username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Rds.Cluster(\"test\", new()\n {\n ClusterIdentifier = \"example\",\n DatabaseName = \"test\",\n ManageMasterUserPassword = true,\n MasterUsername = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"test\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Cluster(\"test\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .databaseName(\"test\")\n .manageMasterUserPassword(true)\n .masterUsername(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n databaseName: test\n manageMasterUserPassword: true\n masterUsername: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS/Aurora Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst test = new aws.rds.Cluster(\"test\", {\n clusterIdentifier: \"example\",\n databaseName: \"test\",\n manageMasterUserPassword: true,\n masterUsername: \"test\",\n masterUserSecretKmsKeyId: example.keyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ntest = aws.rds.Cluster(\"test\",\n cluster_identifier=\"example\",\n database_name=\"test\",\n manage_master_user_password=True,\n master_username=\"test\",\n master_user_secret_kms_key_id=example.key_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var test = new Aws.Rds.Cluster(\"test\", new()\n {\n ClusterIdentifier = \"example\",\n DatabaseName = \"test\",\n ManageMasterUserPassword = true,\n MasterUsername = \"test\",\n MasterUserSecretKmsKeyId = example.KeyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCluster(ctx, \"test\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder() \n .description(\"Example KMS Key\")\n .build());\n\n var test = new Cluster(\"test\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .databaseName(\"test\")\n .manageMasterUserPassword(true)\n .masterUsername(\"test\")\n .masterUserSecretKmsKeyId(example.keyId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n test:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n databaseName: test\n manageMasterUserPassword: true\n masterUsername: test\n masterUserSecretKmsKeyId: ${example.keyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Global Cluster Restored From Snapshot\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.rds.getClusterSnapshot({\n dbClusterIdentifier: \"example-original-cluster\",\n mostRecent: true,\n});\nconst exampleCluster = new aws.rds.Cluster(\"example\", {\n engine: \"aurora\",\n engineVersion: \"5.6.mysql_aurora.1.22.4\",\n clusterIdentifier: \"example\",\n snapshotIdentifier: example.then(example =\u003e example.id),\n});\nconst exampleGlobalCluster = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n forceDestroy: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.get_cluster_snapshot(db_cluster_identifier=\"example-original-cluster\",\n most_recent=True)\nexample_cluster = aws.rds.Cluster(\"example\",\n engine=\"aurora\",\n engine_version=\"5.6.mysql_aurora.1.22.4\",\n cluster_identifier=\"example\",\n snapshot_identifier=example.id)\nexample_global_cluster = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn,\n force_destroy=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Rds.GetClusterSnapshot.Invoke(new()\n {\n DbClusterIdentifier = \"example-original-cluster\",\n MostRecent = true,\n });\n\n var exampleCluster = new Aws.Rds.Cluster(\"example\", new()\n {\n Engine = \"aurora\",\n EngineVersion = \"5.6.mysql_aurora.1.22.4\",\n ClusterIdentifier = \"example\",\n SnapshotIdentifier = example.Apply(getClusterSnapshotResult =\u003e getClusterSnapshotResult.Id),\n });\n\n var exampleGlobalCluster = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n ForceDestroy = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.LookupClusterSnapshot(ctx, \u0026rds.LookupClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.StringRef(\"example-original-cluster\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCluster, err := rds.NewCluster(ctx, \"example\", \u0026rds.ClusterArgs{\n\t\t\tEngine: pulumi.String(\"aurora\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.mysql_aurora.1.22.4\"),\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSnapshotIdentifier: *pulumi.String(example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetClusterSnapshotArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = RdsFunctions.getClusterSnapshot(GetClusterSnapshotArgs.builder()\n .dbClusterIdentifier(\"example-original-cluster\")\n .mostRecent(true)\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .engine(\"aurora\")\n .engineVersion(\"5.6.mysql_aurora.1.22.4\")\n .clusterIdentifier(\"example\")\n .snapshotIdentifier(example.applyValue(getClusterSnapshotResult -\u003e getClusterSnapshotResult.id()))\n .build());\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .forceDestroy(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:rds:Cluster\n name: example\n properties:\n engine: aurora\n engineVersion: 5.6.mysql_aurora.1.22.4\n clusterIdentifier: example\n snapshotIdentifier: ${example.id}\n exampleGlobalCluster:\n type: aws:rds:GlobalCluster\n name: example\n properties:\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n forceDestroy: true\nvariables:\n example:\n fn::invoke:\n Function: aws:rds:getClusterSnapshot\n Arguments:\n dbClusterIdentifier: example-original-cluster\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Clusters using the `cluster_identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/cluster:Cluster aurora_cluster aurora-prod-cluster\n```\n", + "description": "Manages a [RDS Aurora Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html). To manage cluster instances that inherit configuration from the cluster (when not running the cluster in `serverless` engine mode), see the `aws.rds.ClusterInstance` resource. To manage non-Aurora databases (e.g., MySQL, PostgreSQL, SQL Server, etc.), see the `aws.rds.Instance` resource.\n\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n\nChanges to an RDS Cluster can occur when you manually change a\nparameter, such as `port`, and are reflected in the next maintenance\nwindow. Because of this, this provider may report a difference in its planning\nphase because a modification has not yet taken place. You can use the\n`apply_immediately` flag to instruct the service to apply the change immediately\n(see documentation below).\n\n\u003e **Note:** using `apply_immediately` can result in a\nbrief downtime as the server reboots. See the AWS Docs on [RDS Maintenance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html)\nfor more information.\n\n## Example Usage\n\n### Aurora MySQL 2.x (MySQL 5.7)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n engine: aws.rds.EngineType.AuroraMysql,\n engineVersion: \"5.7.mysql_aurora.2.03.2\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n engine=aws.rds.EngineType.AURORA_MYSQL,\n engine_version=\"5.7.mysql_aurora.2.03.2\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n Engine = Aws.Rds.EngineType.AuroraMysql,\n EngineVersion = \"5.7.mysql_aurora.2.03.2\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tEngine: pulumi.String(rds.EngineTypeAuroraMysql),\n\t\t\tEngineVersion: pulumi.String(\"5.7.mysql_aurora.2.03.2\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .engine(\"aurora-mysql\")\n .engineVersion(\"5.7.mysql_aurora.2.03.2\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n engine: aurora-mysql\n engineVersion: 5.7.mysql_aurora.2.03.2\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Aurora MySQL 1.x (MySQL 5.6)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Aurora with PostgreSQL engine\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst postgresql = new aws.rds.Cluster(\"postgresql\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n engine: aws.rds.EngineType.AuroraPostgresql,\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npostgresql = aws.rds.Cluster(\"postgresql\",\n cluster_identifier=\"aurora-cluster-demo\",\n engine=aws.rds.EngineType.AURORA_POSTGRESQL,\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var postgresql = new Aws.Rds.Cluster(\"postgresql\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n Engine = Aws.Rds.EngineType.AuroraPostgresql,\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"postgresql\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tEngine: pulumi.String(rds.EngineTypeAuroraPostgresql),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var postgresql = new Cluster(\"postgresql\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .engine(\"aurora-postgresql\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n postgresql:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n engine: aurora-postgresql\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Multi-AZ Cluster\n\n\u003e More information about RDS Multi-AZ Clusters can be found in the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html).\n\nTo create a Multi-AZ RDS cluster, you must additionally specify the `engine`, `storage_type`, `allocated_storage`, `iops` and `db_cluster_instance_class` attributes.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {\n clusterIdentifier: \"example\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n engine: \"mysql\",\n dbClusterInstanceClass: \"db.r6gd.xlarge\",\n storageType: \"io1\",\n allocatedStorage: 100,\n iops: 1000,\n masterUsername: \"test\",\n masterPassword: \"mustbeeightcharaters\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\",\n cluster_identifier=\"example\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n engine=\"mysql\",\n db_cluster_instance_class=\"db.r6gd.xlarge\",\n storage_type=\"io1\",\n allocated_storage=100,\n iops=1000,\n master_username=\"test\",\n master_password=\"mustbeeightcharaters\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Cluster(\"example\", new()\n {\n ClusterIdentifier = \"example\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n Engine = \"mysql\",\n DbClusterInstanceClass = \"db.r6gd.xlarge\",\n StorageType = \"io1\",\n AllocatedStorage = 100,\n Iops = 1000,\n MasterUsername = \"test\",\n MasterPassword = \"mustbeeightcharaters\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"example\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tDbClusterInstanceClass: pulumi.String(\"db.r6gd.xlarge\"),\n\t\t\tStorageType: pulumi.String(\"io1\"),\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tIops: pulumi.Int(1000),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t\tMasterPassword: pulumi.String(\"mustbeeightcharaters\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .engine(\"mysql\")\n .dbClusterInstanceClass(\"db.r6gd.xlarge\")\n .storageType(\"io1\")\n .allocatedStorage(100)\n .iops(1000)\n .masterUsername(\"test\")\n .masterPassword(\"mustbeeightcharaters\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n engine: mysql\n dbClusterInstanceClass: db.r6gd.xlarge\n storageType: io1\n allocatedStorage: 100\n iops: 1000\n masterUsername: test\n masterPassword: mustbeeightcharaters\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Serverless v2 Cluster\n\n\u003e More information about RDS Serverless v2 Clusters can be found in the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html).\n\n\u003e **Note:** Unlike Serverless v1, in Serverless v2 the `storage_encrypted` value is set to `false` by default.\nThis is because Serverless v1 uses the `serverless` `engine_mode`, but Serverless v2 uses the `provisioned` `engine_mode`.\n\nTo create a Serverless v2 RDS cluster, you must additionally specify the `engine_mode` and `serverlessv2_scaling_configuration` attributes. An `aws.rds.ClusterInstance` resource must also be added to the cluster with the `instance_class` attribute specified.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {\n clusterIdentifier: \"example\",\n engine: aws.rds.EngineType.AuroraPostgresql,\n engineMode: aws.rds.EngineMode.Provisioned,\n engineVersion: \"13.6\",\n databaseName: \"test\",\n masterUsername: \"test\",\n masterPassword: \"must_be_eight_characters\",\n storageEncrypted: true,\n serverlessv2ScalingConfiguration: {\n maxCapacity: 1,\n minCapacity: 0.5,\n },\n});\nconst exampleClusterInstance = new aws.rds.ClusterInstance(\"example\", {\n clusterIdentifier: example.id,\n instanceClass: \"db.serverless\",\n engine: example.engine,\n engineVersion: example.engineVersion,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\",\n cluster_identifier=\"example\",\n engine=aws.rds.EngineType.AURORA_POSTGRESQL,\n engine_mode=aws.rds.EngineMode.PROVISIONED,\n engine_version=\"13.6\",\n database_name=\"test\",\n master_username=\"test\",\n master_password=\"must_be_eight_characters\",\n storage_encrypted=True,\n serverlessv2_scaling_configuration=aws.rds.ClusterServerlessv2ScalingConfigurationArgs(\n max_capacity=1,\n min_capacity=0.5,\n ))\nexample_cluster_instance = aws.rds.ClusterInstance(\"example\",\n cluster_identifier=example.id,\n instance_class=\"db.serverless\",\n engine=example.engine,\n engine_version=example.engine_version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Cluster(\"example\", new()\n {\n ClusterIdentifier = \"example\",\n Engine = Aws.Rds.EngineType.AuroraPostgresql,\n EngineMode = Aws.Rds.EngineMode.Provisioned,\n EngineVersion = \"13.6\",\n DatabaseName = \"test\",\n MasterUsername = \"test\",\n MasterPassword = \"must_be_eight_characters\",\n StorageEncrypted = true,\n Serverlessv2ScalingConfiguration = new Aws.Rds.Inputs.ClusterServerlessv2ScalingConfigurationArgs\n {\n MaxCapacity = 1,\n MinCapacity = 0.5,\n },\n });\n\n var exampleClusterInstance = new Aws.Rds.ClusterInstance(\"example\", new()\n {\n ClusterIdentifier = example.Id,\n InstanceClass = \"db.serverless\",\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewCluster(ctx, \"example\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tEngine: pulumi.String(rds.EngineTypeAuroraPostgresql),\n\t\t\tEngineMode: pulumi.String(rds.EngineModeProvisioned),\n\t\t\tEngineVersion: pulumi.String(\"13.6\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t\tMasterPassword: pulumi.String(\"must_be_eight_characters\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tServerlessv2ScalingConfiguration: \u0026rds.ClusterServerlessv2ScalingConfigurationArgs{\n\t\t\t\tMaxCapacity: pulumi.Float64(1),\n\t\t\t\tMinCapacity: pulumi.Float64(0.5),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"example\", \u0026rds.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: example.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.serverless\"),\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.inputs.ClusterServerlessv2ScalingConfigurationArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .engine(\"aurora-postgresql\")\n .engineMode(\"provisioned\")\n .engineVersion(\"13.6\")\n .databaseName(\"test\")\n .masterUsername(\"test\")\n .masterPassword(\"must_be_eight_characters\")\n .storageEncrypted(true)\n .serverlessv2ScalingConfiguration(ClusterServerlessv2ScalingConfigurationArgs.builder()\n .maxCapacity(1)\n .minCapacity(0.5)\n .build())\n .build());\n\n var exampleClusterInstance = new ClusterInstance(\"exampleClusterInstance\", ClusterInstanceArgs.builder() \n .clusterIdentifier(example.id())\n .instanceClass(\"db.serverless\")\n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n engine: aurora-postgresql\n engineMode: provisioned\n engineVersion: '13.6'\n databaseName: test\n masterUsername: test\n masterPassword: must_be_eight_characters\n storageEncrypted: true\n serverlessv2ScalingConfiguration:\n maxCapacity: 1\n minCapacity: 0.5\n exampleClusterInstance:\n type: aws:rds:ClusterInstance\n name: example\n properties:\n clusterIdentifier: ${example.id}\n instanceClass: db.serverless\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS/Aurora Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `master_password` attribute (removal is required).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.rds.Cluster(\"test\", {\n clusterIdentifier: \"example\",\n databaseName: \"test\",\n manageMasterUserPassword: true,\n masterUsername: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.Cluster(\"test\",\n cluster_identifier=\"example\",\n database_name=\"test\",\n manage_master_user_password=True,\n master_username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Rds.Cluster(\"test\", new()\n {\n ClusterIdentifier = \"example\",\n DatabaseName = \"test\",\n ManageMasterUserPassword = true,\n MasterUsername = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"test\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Cluster(\"test\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .databaseName(\"test\")\n .manageMasterUserPassword(true)\n .masterUsername(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n databaseName: test\n manageMasterUserPassword: true\n masterUsername: test\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS/Aurora Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst test = new aws.rds.Cluster(\"test\", {\n clusterIdentifier: \"example\",\n databaseName: \"test\",\n manageMasterUserPassword: true,\n masterUsername: \"test\",\n masterUserSecretKmsKeyId: example.keyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ntest = aws.rds.Cluster(\"test\",\n cluster_identifier=\"example\",\n database_name=\"test\",\n manage_master_user_password=True,\n master_username=\"test\",\n master_user_secret_kms_key_id=example.key_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var test = new Aws.Rds.Cluster(\"test\", new()\n {\n ClusterIdentifier = \"example\",\n DatabaseName = \"test\",\n ManageMasterUserPassword = true,\n MasterUsername = \"test\",\n MasterUserSecretKmsKeyId = example.KeyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCluster(ctx, \"test\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUsername: pulumi.String(\"test\"),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder() \n .description(\"Example KMS Key\")\n .build());\n\n var test = new Cluster(\"test\", ClusterArgs.builder() \n .clusterIdentifier(\"example\")\n .databaseName(\"test\")\n .manageMasterUserPassword(true)\n .masterUsername(\"test\")\n .masterUserSecretKmsKeyId(example.keyId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n test:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: example\n databaseName: test\n manageMasterUserPassword: true\n masterUsername: test\n masterUserSecretKmsKeyId: ${example.keyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Global Cluster Restored From Snapshot\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.rds.getClusterSnapshot({\n dbClusterIdentifier: \"example-original-cluster\",\n mostRecent: true,\n});\nconst exampleCluster = new aws.rds.Cluster(\"example\", {\n engine: aws.rds.EngineType.Aurora,\n engineVersion: \"5.6.mysql_aurora.1.22.4\",\n clusterIdentifier: \"example\",\n snapshotIdentifier: example.then(example =\u003e example.id),\n});\nconst exampleGlobalCluster = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n forceDestroy: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.get_cluster_snapshot(db_cluster_identifier=\"example-original-cluster\",\n most_recent=True)\nexample_cluster = aws.rds.Cluster(\"example\",\n engine=aws.rds.EngineType.AURORA,\n engine_version=\"5.6.mysql_aurora.1.22.4\",\n cluster_identifier=\"example\",\n snapshot_identifier=example.id)\nexample_global_cluster = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn,\n force_destroy=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Rds.GetClusterSnapshot.Invoke(new()\n {\n DbClusterIdentifier = \"example-original-cluster\",\n MostRecent = true,\n });\n\n var exampleCluster = new Aws.Rds.Cluster(\"example\", new()\n {\n Engine = Aws.Rds.EngineType.Aurora,\n EngineVersion = \"5.6.mysql_aurora.1.22.4\",\n ClusterIdentifier = \"example\",\n SnapshotIdentifier = example.Apply(getClusterSnapshotResult =\u003e getClusterSnapshotResult.Id),\n });\n\n var exampleGlobalCluster = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n ForceDestroy = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.LookupClusterSnapshot(ctx, \u0026rds.LookupClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.StringRef(\"example-original-cluster\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCluster, err := rds.NewCluster(ctx, \"example\", \u0026rds.ClusterArgs{\n\t\t\tEngine: pulumi.String(rds.EngineTypeAurora),\n\t\t\tEngineVersion: pulumi.String(\"5.6.mysql_aurora.1.22.4\"),\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSnapshotIdentifier: pulumi.String(example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetClusterSnapshotArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = RdsFunctions.getClusterSnapshot(GetClusterSnapshotArgs.builder()\n .dbClusterIdentifier(\"example-original-cluster\")\n .mostRecent(true)\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .engine(\"aurora\")\n .engineVersion(\"5.6.mysql_aurora.1.22.4\")\n .clusterIdentifier(\"example\")\n .snapshotIdentifier(example.applyValue(getClusterSnapshotResult -\u003e getClusterSnapshotResult.id()))\n .build());\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .forceDestroy(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:rds:Cluster\n name: example\n properties:\n engine: aurora\n engineVersion: 5.6.mysql_aurora.1.22.4\n clusterIdentifier: example\n snapshotIdentifier: ${example.id}\n exampleGlobalCluster:\n type: aws:rds:GlobalCluster\n name: example\n properties:\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n forceDestroy: true\nvariables:\n example:\n fn::invoke:\n Function: aws:rds:getClusterSnapshot\n Arguments:\n dbClusterIdentifier: example-original-cluster\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Clusters using the `cluster_identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/cluster:Cluster aurora_cluster aurora-prod-cluster\n```\n", "properties": { "allocatedStorage": { "type": "integer", @@ -298952,7 +298952,7 @@ } }, "aws:rds/clusterActivityStream:ClusterActivityStream": { - "description": "Manages RDS Aurora Cluster Database Activity Streams.\n\nDatabase Activity Streams have some limits and requirements, refer to the [Monitoring Amazon Aurora using Database Activity Streams](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.html) documentation for detailed limitations and requirements.\n\n\u003e **Note:** This resource always calls the RDS [`StartActivityStream`][2] API with the `ApplyImmediately` parameter set to `true`. This is because the provider needs the activity stream to be started in order for it to get the associated attributes.\n\n\u003e **Note:** This resource depends on having at least one `aws.rds.ClusterInstance` created. To avoid race conditions when all resources are being created together, add an explicit resource reference using the resource `depends_on` meta-argument.\n\n\u003e **Note:** This resource is available in all regions except the following: `cn-north-1`, `cn-northwest-1`, `us-gov-east-1`, `us-gov-west-1`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"mustbeeightcharaters\",\n engine: \"aurora-postgresql\",\n engineVersion: \"13.4\",\n});\nconst defaultClusterInstance = new aws.rds.ClusterInstance(\"default\", {\n identifier: \"aurora-instance-demo\",\n clusterIdentifier: _default.clusterIdentifier,\n engine: _default.engine,\n instanceClass: \"db.r6g.large\",\n});\nconst defaultKey = new aws.kms.Key(\"default\", {description: \"AWS KMS Key to encrypt Database Activity Stream\"});\nconst defaultClusterActivityStream = new aws.rds.ClusterActivityStream(\"default\", {\n resourceArn: _default.arn,\n mode: \"async\",\n kmsKeyId: defaultKey.keyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"mustbeeightcharaters\",\n engine=\"aurora-postgresql\",\n engine_version=\"13.4\")\ndefault_cluster_instance = aws.rds.ClusterInstance(\"default\",\n identifier=\"aurora-instance-demo\",\n cluster_identifier=default.cluster_identifier,\n engine=default.engine,\n instance_class=\"db.r6g.large\")\ndefault_key = aws.kms.Key(\"default\", description=\"AWS KMS Key to encrypt Database Activity Stream\")\ndefault_cluster_activity_stream = aws.rds.ClusterActivityStream(\"default\",\n resource_arn=default.arn,\n mode=\"async\",\n kms_key_id=default_key.key_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"mustbeeightcharaters\",\n Engine = \"aurora-postgresql\",\n EngineVersion = \"13.4\",\n });\n\n var defaultClusterInstance = new Aws.Rds.ClusterInstance(\"default\", new()\n {\n Identifier = \"aurora-instance-demo\",\n ClusterIdentifier = @default.ClusterIdentifier,\n Engine = @default.Engine,\n InstanceClass = \"db.r6g.large\",\n });\n\n var defaultKey = new Aws.Kms.Key(\"default\", new()\n {\n Description = \"AWS KMS Key to encrypt Database Activity Stream\",\n });\n\n var defaultClusterActivityStream = new Aws.Rds.ClusterActivityStream(\"default\", new()\n {\n ResourceArn = @default.Arn,\n Mode = \"async\",\n KmsKeyId = defaultKey.KeyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"mustbeeightcharaters\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tEngineVersion: pulumi.String(\"13.4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"default\", \u0026rds.ClusterInstanceArgs{\n\t\t\tIdentifier: pulumi.String(\"aurora-instance-demo\"),\n\t\t\tClusterIdentifier: _default.ClusterIdentifier,\n\t\t\tEngine: _default.Engine,\n\t\t\tInstanceClass: pulumi.String(\"db.r6g.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultKey, err := kms.NewKey(ctx, \"default\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"AWS KMS Key to encrypt Database Activity Stream\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterActivityStream(ctx, \"default\", \u0026rds.ClusterActivityStreamArgs{\n\t\t\tResourceArn: _default.Arn,\n\t\t\tMode: pulumi.String(\"async\"),\n\t\t\tKmsKeyId: defaultKey.KeyId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.ClusterActivityStream;\nimport com.pulumi.aws.rds.ClusterActivityStreamArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"mustbeeightcharaters\")\n .engine(\"aurora-postgresql\")\n .engineVersion(\"13.4\")\n .build());\n\n var defaultClusterInstance = new ClusterInstance(\"defaultClusterInstance\", ClusterInstanceArgs.builder() \n .identifier(\"aurora-instance-demo\")\n .clusterIdentifier(default_.clusterIdentifier())\n .engine(default_.engine())\n .instanceClass(\"db.r6g.large\")\n .build());\n\n var defaultKey = new Key(\"defaultKey\", KeyArgs.builder() \n .description(\"AWS KMS Key to encrypt Database Activity Stream\")\n .build());\n\n var defaultClusterActivityStream = new ClusterActivityStream(\"defaultClusterActivityStream\", ClusterActivityStreamArgs.builder() \n .resourceArn(default_.arn())\n .mode(\"async\")\n .kmsKeyId(defaultKey.keyId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: mustbeeightcharaters\n engine: aurora-postgresql\n engineVersion: '13.4'\n defaultClusterInstance:\n type: aws:rds:ClusterInstance\n name: default\n properties:\n identifier: aurora-instance-demo\n clusterIdentifier: ${default.clusterIdentifier}\n engine: ${default.engine}\n instanceClass: db.r6g.large\n defaultKey:\n type: aws:kms:Key\n name: default\n properties:\n description: AWS KMS Key to encrypt Database Activity Stream\n defaultClusterActivityStream:\n type: aws:rds:ClusterActivityStream\n name: default\n properties:\n resourceArn: ${default.arn}\n mode: async\n kmsKeyId: ${defaultKey.keyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Aurora Cluster Database Activity Streams using the `resource_arn`. For example:\n\n```sh\n$ pulumi import aws:rds/clusterActivityStream:ClusterActivityStream default arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster-demo\n```\n", + "description": "Manages RDS Aurora Cluster Database Activity Streams.\n\nDatabase Activity Streams have some limits and requirements, refer to the [Monitoring Amazon Aurora using Database Activity Streams](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.html) documentation for detailed limitations and requirements.\n\n\u003e **Note:** This resource always calls the RDS [`StartActivityStream`][2] API with the `ApplyImmediately` parameter set to `true`. This is because the provider needs the activity stream to be started in order for it to get the associated attributes.\n\n\u003e **Note:** This resource depends on having at least one `aws.rds.ClusterInstance` created. To avoid race conditions when all resources are being created together, add an explicit resource reference using the resource `depends_on` meta-argument.\n\n\u003e **Note:** This resource is available in all regions except the following: `cn-north-1`, `cn-northwest-1`, `us-gov-east-1`, `us-gov-west-1`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"mustbeeightcharaters\",\n engine: aws.rds.EngineType.AuroraPostgresql,\n engineVersion: \"13.4\",\n});\nconst defaultClusterInstance = new aws.rds.ClusterInstance(\"default\", {\n identifier: \"aurora-instance-demo\",\n clusterIdentifier: _default.clusterIdentifier,\n engine: _default.engine,\n instanceClass: aws.rds.InstanceType.R6G_Large,\n});\nconst defaultKey = new aws.kms.Key(\"default\", {description: \"AWS KMS Key to encrypt Database Activity Stream\"});\nconst defaultClusterActivityStream = new aws.rds.ClusterActivityStream(\"default\", {\n resourceArn: _default.arn,\n mode: \"async\",\n kmsKeyId: defaultKey.keyId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"mustbeeightcharaters\",\n engine=aws.rds.EngineType.AURORA_POSTGRESQL,\n engine_version=\"13.4\")\ndefault_cluster_instance = aws.rds.ClusterInstance(\"default\",\n identifier=\"aurora-instance-demo\",\n cluster_identifier=default.cluster_identifier,\n engine=default.engine,\n instance_class=aws.rds.InstanceType.R6_G_LARGE)\ndefault_key = aws.kms.Key(\"default\", description=\"AWS KMS Key to encrypt Database Activity Stream\")\ndefault_cluster_activity_stream = aws.rds.ClusterActivityStream(\"default\",\n resource_arn=default.arn,\n mode=\"async\",\n kms_key_id=default_key.key_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"mustbeeightcharaters\",\n Engine = Aws.Rds.EngineType.AuroraPostgresql,\n EngineVersion = \"13.4\",\n });\n\n var defaultClusterInstance = new Aws.Rds.ClusterInstance(\"default\", new()\n {\n Identifier = \"aurora-instance-demo\",\n ClusterIdentifier = @default.ClusterIdentifier,\n Engine = @default.Engine,\n InstanceClass = Aws.Rds.InstanceType.R6G_Large,\n });\n\n var defaultKey = new Aws.Kms.Key(\"default\", new()\n {\n Description = \"AWS KMS Key to encrypt Database Activity Stream\",\n });\n\n var defaultClusterActivityStream = new Aws.Rds.ClusterActivityStream(\"default\", new()\n {\n ResourceArn = @default.Arn,\n Mode = \"async\",\n KmsKeyId = defaultKey.KeyId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"mustbeeightcharaters\"),\n\t\t\tEngine: pulumi.String(rds.EngineTypeAuroraPostgresql),\n\t\t\tEngineVersion: pulumi.String(\"13.4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"default\", \u0026rds.ClusterInstanceArgs{\n\t\t\tIdentifier: pulumi.String(\"aurora-instance-demo\"),\n\t\t\tClusterIdentifier: _default.ClusterIdentifier,\n\t\t\tEngine: _default.Engine,\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_R6G_Large),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultKey, err := kms.NewKey(ctx, \"default\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"AWS KMS Key to encrypt Database Activity Stream\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterActivityStream(ctx, \"default\", \u0026rds.ClusterActivityStreamArgs{\n\t\t\tResourceArn: _default.Arn,\n\t\t\tMode: pulumi.String(\"async\"),\n\t\t\tKmsKeyId: defaultKey.KeyId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.ClusterActivityStream;\nimport com.pulumi.aws.rds.ClusterActivityStreamArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"mustbeeightcharaters\")\n .engine(\"aurora-postgresql\")\n .engineVersion(\"13.4\")\n .build());\n\n var defaultClusterInstance = new ClusterInstance(\"defaultClusterInstance\", ClusterInstanceArgs.builder() \n .identifier(\"aurora-instance-demo\")\n .clusterIdentifier(default_.clusterIdentifier())\n .engine(default_.engine())\n .instanceClass(\"db.r6g.large\")\n .build());\n\n var defaultKey = new Key(\"defaultKey\", KeyArgs.builder() \n .description(\"AWS KMS Key to encrypt Database Activity Stream\")\n .build());\n\n var defaultClusterActivityStream = new ClusterActivityStream(\"defaultClusterActivityStream\", ClusterActivityStreamArgs.builder() \n .resourceArn(default_.arn())\n .mode(\"async\")\n .kmsKeyId(defaultKey.keyId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: mustbeeightcharaters\n engine: aurora-postgresql\n engineVersion: '13.4'\n defaultClusterInstance:\n type: aws:rds:ClusterInstance\n name: default\n properties:\n identifier: aurora-instance-demo\n clusterIdentifier: ${default.clusterIdentifier}\n engine: ${default.engine}\n instanceClass: db.r6g.large\n defaultKey:\n type: aws:kms:Key\n name: default\n properties:\n description: AWS KMS Key to encrypt Database Activity Stream\n defaultClusterActivityStream:\n type: aws:rds:ClusterActivityStream\n name: default\n properties:\n resourceArn: ${default.arn}\n mode: async\n kmsKeyId: ${defaultKey.keyId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Aurora Cluster Database Activity Streams using the `resource_arn`. For example:\n\n```sh\n$ pulumi import aws:rds/clusterActivityStream:ClusterActivityStream default arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster-demo\n```\n", "properties": { "engineNativeAuditFieldsIncluded": { "type": "boolean", @@ -299040,7 +299040,7 @@ } }, "aws:rds/clusterEndpoint:ClusterEndpoint": { - "description": "Manages an RDS Aurora Cluster Endpoint.\nYou can refer to the [User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html#Aurora.Endpoints.Cluster).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\nconst test1 = new aws.rds.ClusterInstance(\"test1\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test1\",\n instanceClass: \"db.t2.small\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst test2 = new aws.rds.ClusterInstance(\"test2\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test2\",\n instanceClass: \"db.t2.small\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst test3 = new aws.rds.ClusterInstance(\"test3\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test3\",\n instanceClass: \"db.t2.small\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst eligible = new aws.rds.ClusterEndpoint(\"eligible\", {\n clusterIdentifier: _default.id,\n clusterEndpointIdentifier: \"reader\",\n customEndpointType: \"READER\",\n excludedMembers: [\n test1.id,\n test2.id,\n ],\n});\nconst static = new aws.rds.ClusterEndpoint(\"static\", {\n clusterIdentifier: _default.id,\n clusterEndpointIdentifier: \"static\",\n customEndpointType: \"READER\",\n staticMembers: [\n test1.id,\n test3.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\ntest1 = aws.rds.ClusterInstance(\"test1\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test1\",\n instance_class=\"db.t2.small\",\n engine=default.engine,\n engine_version=default.engine_version)\ntest2 = aws.rds.ClusterInstance(\"test2\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test2\",\n instance_class=\"db.t2.small\",\n engine=default.engine,\n engine_version=default.engine_version)\ntest3 = aws.rds.ClusterInstance(\"test3\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test3\",\n instance_class=\"db.t2.small\",\n engine=default.engine,\n engine_version=default.engine_version)\neligible = aws.rds.ClusterEndpoint(\"eligible\",\n cluster_identifier=default.id,\n cluster_endpoint_identifier=\"reader\",\n custom_endpoint_type=\"READER\",\n excluded_members=[\n test1.id,\n test2.id,\n ])\nstatic = aws.rds.ClusterEndpoint(\"static\",\n cluster_identifier=default.id,\n cluster_endpoint_identifier=\"static\",\n custom_endpoint_type=\"READER\",\n static_members=[\n test1.id,\n test3.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n var test1 = new Aws.Rds.ClusterInstance(\"test1\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test1\",\n InstanceClass = \"db.t2.small\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n\n var test2 = new Aws.Rds.ClusterInstance(\"test2\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test2\",\n InstanceClass = \"db.t2.small\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n\n var test3 = new Aws.Rds.ClusterInstance(\"test3\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test3\",\n InstanceClass = \"db.t2.small\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n\n var eligible = new Aws.Rds.ClusterEndpoint(\"eligible\", new()\n {\n ClusterIdentifier = @default.Id,\n ClusterEndpointIdentifier = \"reader\",\n CustomEndpointType = \"READER\",\n ExcludedMembers = new[]\n {\n test1.Id,\n test2.Id,\n },\n });\n\n var @static = new Aws.Rds.ClusterEndpoint(\"static\", new()\n {\n ClusterIdentifier = @default.Id,\n ClusterEndpointIdentifier = \"static\",\n CustomEndpointType = \"READER\",\n StaticMembers = new[]\n {\n test1.Id,\n test3.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest1, err := rds.NewClusterInstance(ctx, \"test1\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test1\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest2, err := rds.NewClusterInstance(ctx, \"test2\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test2\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest3, err := rds.NewClusterInstance(ctx, \"test3\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test3\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterEndpoint(ctx, \"eligible\", \u0026rds.ClusterEndpointArgs{\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tClusterEndpointIdentifier: pulumi.String(\"reader\"),\n\t\t\tCustomEndpointType: pulumi.String(\"READER\"),\n\t\t\tExcludedMembers: pulumi.StringArray{\n\t\t\t\ttest1.ID(),\n\t\t\t\ttest2.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterEndpoint(ctx, \"static\", \u0026rds.ClusterEndpointArgs{\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tClusterEndpointIdentifier: pulumi.String(\"static\"),\n\t\t\tCustomEndpointType: pulumi.String(\"READER\"),\n\t\t\tStaticMembers: pulumi.StringArray{\n\t\t\t\ttest1.ID(),\n\t\t\t\ttest3.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.aws.rds.ClusterEndpoint;\nimport com.pulumi.aws.rds.ClusterEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n var test1 = new ClusterInstance(\"test1\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(default_.id())\n .identifier(\"test1\")\n .instanceClass(\"db.t2.small\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n var test2 = new ClusterInstance(\"test2\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(default_.id())\n .identifier(\"test2\")\n .instanceClass(\"db.t2.small\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n var test3 = new ClusterInstance(\"test3\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(default_.id())\n .identifier(\"test3\")\n .instanceClass(\"db.t2.small\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n var eligible = new ClusterEndpoint(\"eligible\", ClusterEndpointArgs.builder() \n .clusterIdentifier(default_.id())\n .clusterEndpointIdentifier(\"reader\")\n .customEndpointType(\"READER\")\n .excludedMembers( \n test1.id(),\n test2.id())\n .build());\n\n var static_ = new ClusterEndpoint(\"static\", ClusterEndpointArgs.builder() \n .clusterIdentifier(default_.id())\n .clusterEndpointIdentifier(\"static\")\n .customEndpointType(\"READER\")\n .staticMembers( \n test1.id(),\n test3.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n test1:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${default.id}\n identifier: test1\n instanceClass: db.t2.small\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n test2:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${default.id}\n identifier: test2\n instanceClass: db.t2.small\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n test3:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${default.id}\n identifier: test3\n instanceClass: db.t2.small\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n eligible:\n type: aws:rds:ClusterEndpoint\n properties:\n clusterIdentifier: ${default.id}\n clusterEndpointIdentifier: reader\n customEndpointType: READER\n excludedMembers:\n - ${test1.id}\n - ${test2.id}\n static:\n type: aws:rds:ClusterEndpoint\n properties:\n clusterIdentifier: ${default.id}\n clusterEndpointIdentifier: static\n customEndpointType: READER\n staticMembers:\n - ${test1.id}\n - ${test3.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Clusters Endpoint using the `cluster_endpoint_identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/clusterEndpoint:ClusterEndpoint custom_reader aurora-prod-cluster-custom-reader\n```\n", + "description": "Manages an RDS Aurora Cluster Endpoint.\nYou can refer to the [User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html#Aurora.Endpoints.Cluster).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\nconst test1 = new aws.rds.ClusterInstance(\"test1\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test1\",\n instanceClass: aws.rds.InstanceType.T2_Small,\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst test2 = new aws.rds.ClusterInstance(\"test2\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test2\",\n instanceClass: aws.rds.InstanceType.T2_Small,\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst test3 = new aws.rds.ClusterInstance(\"test3\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test3\",\n instanceClass: aws.rds.InstanceType.T2_Small,\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst eligible = new aws.rds.ClusterEndpoint(\"eligible\", {\n clusterIdentifier: _default.id,\n clusterEndpointIdentifier: \"reader\",\n customEndpointType: \"READER\",\n excludedMembers: [\n test1.id,\n test2.id,\n ],\n});\nconst static = new aws.rds.ClusterEndpoint(\"static\", {\n clusterIdentifier: _default.id,\n clusterEndpointIdentifier: \"static\",\n customEndpointType: \"READER\",\n staticMembers: [\n test1.id,\n test3.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\ntest1 = aws.rds.ClusterInstance(\"test1\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test1\",\n instance_class=aws.rds.InstanceType.T2_SMALL,\n engine=default.engine,\n engine_version=default.engine_version)\ntest2 = aws.rds.ClusterInstance(\"test2\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test2\",\n instance_class=aws.rds.InstanceType.T2_SMALL,\n engine=default.engine,\n engine_version=default.engine_version)\ntest3 = aws.rds.ClusterInstance(\"test3\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test3\",\n instance_class=aws.rds.InstanceType.T2_SMALL,\n engine=default.engine,\n engine_version=default.engine_version)\neligible = aws.rds.ClusterEndpoint(\"eligible\",\n cluster_identifier=default.id,\n cluster_endpoint_identifier=\"reader\",\n custom_endpoint_type=\"READER\",\n excluded_members=[\n test1.id,\n test2.id,\n ])\nstatic = aws.rds.ClusterEndpoint(\"static\",\n cluster_identifier=default.id,\n cluster_endpoint_identifier=\"static\",\n custom_endpoint_type=\"READER\",\n static_members=[\n test1.id,\n test3.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n\n var test1 = new Aws.Rds.ClusterInstance(\"test1\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test1\",\n InstanceClass = Aws.Rds.InstanceType.T2_Small,\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n\n var test2 = new Aws.Rds.ClusterInstance(\"test2\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test2\",\n InstanceClass = Aws.Rds.InstanceType.T2_Small,\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n\n var test3 = new Aws.Rds.ClusterInstance(\"test3\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test3\",\n InstanceClass = Aws.Rds.InstanceType.T2_Small,\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n\n var eligible = new Aws.Rds.ClusterEndpoint(\"eligible\", new()\n {\n ClusterIdentifier = @default.Id,\n ClusterEndpointIdentifier = \"reader\",\n CustomEndpointType = \"READER\",\n ExcludedMembers = new[]\n {\n test1.Id,\n test2.Id,\n },\n });\n\n var @static = new Aws.Rds.ClusterEndpoint(\"static\", new()\n {\n ClusterIdentifier = @default.Id,\n ClusterEndpointIdentifier = \"static\",\n CustomEndpointType = \"READER\",\n StaticMembers = new[]\n {\n test1.Id,\n test3.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest1, err := rds.NewClusterInstance(ctx, \"test1\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test1\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Small),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest2, err := rds.NewClusterInstance(ctx, \"test2\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test2\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Small),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest3, err := rds.NewClusterInstance(ctx, \"test3\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test3\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Small),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterEndpoint(ctx, \"eligible\", \u0026rds.ClusterEndpointArgs{\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tClusterEndpointIdentifier: pulumi.String(\"reader\"),\n\t\t\tCustomEndpointType: pulumi.String(\"READER\"),\n\t\t\tExcludedMembers: pulumi.StringArray{\n\t\t\t\ttest1.ID(),\n\t\t\t\ttest2.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterEndpoint(ctx, \"static\", \u0026rds.ClusterEndpointArgs{\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tClusterEndpointIdentifier: pulumi.String(\"static\"),\n\t\t\tCustomEndpointType: pulumi.String(\"READER\"),\n\t\t\tStaticMembers: pulumi.StringArray{\n\t\t\t\ttest1.ID(),\n\t\t\t\ttest3.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.aws.rds.ClusterEndpoint;\nimport com.pulumi.aws.rds.ClusterEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"bar\")\n .backupRetentionPeriod(5)\n .preferredBackupWindow(\"07:00-09:00\")\n .build());\n\n var test1 = new ClusterInstance(\"test1\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(default_.id())\n .identifier(\"test1\")\n .instanceClass(\"db.t2.small\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n var test2 = new ClusterInstance(\"test2\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(default_.id())\n .identifier(\"test2\")\n .instanceClass(\"db.t2.small\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n var test3 = new ClusterInstance(\"test3\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(default_.id())\n .identifier(\"test3\")\n .instanceClass(\"db.t2.small\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n var eligible = new ClusterEndpoint(\"eligible\", ClusterEndpointArgs.builder() \n .clusterIdentifier(default_.id())\n .clusterEndpointIdentifier(\"reader\")\n .customEndpointType(\"READER\")\n .excludedMembers( \n test1.id(),\n test2.id())\n .build());\n\n var static_ = new ClusterEndpoint(\"static\", ClusterEndpointArgs.builder() \n .clusterIdentifier(default_.id())\n .clusterEndpointIdentifier(\"static\")\n .customEndpointType(\"READER\")\n .staticMembers( \n test1.id(),\n test3.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: bar\n backupRetentionPeriod: 5\n preferredBackupWindow: 07:00-09:00\n test1:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${default.id}\n identifier: test1\n instanceClass: db.t2.small\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n test2:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${default.id}\n identifier: test2\n instanceClass: db.t2.small\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n test3:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${default.id}\n identifier: test3\n instanceClass: db.t2.small\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n eligible:\n type: aws:rds:ClusterEndpoint\n properties:\n clusterIdentifier: ${default.id}\n clusterEndpointIdentifier: reader\n customEndpointType: READER\n excludedMembers:\n - ${test1.id}\n - ${test2.id}\n static:\n type: aws:rds:ClusterEndpoint\n properties:\n clusterIdentifier: ${default.id}\n clusterEndpointIdentifier: static\n customEndpointType: READER\n staticMembers:\n - ${test1.id}\n - ${test3.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Clusters Endpoint using the `cluster_endpoint_identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/clusterEndpoint:ClusterEndpoint custom_reader aurora-prod-cluster-custom-reader\n```\n", "properties": { "arn": { "type": "string", @@ -299201,7 +299201,7 @@ } }, "aws:rds/clusterInstance:ClusterInstance": { - "description": "Provides an RDS Cluster Instance Resource. A Cluster Instance Resource defines\nattributes that are specific to a single instance in a RDS Cluster,\nspecifically running Amazon Aurora.\n\nUnlike other RDS resources that support replication, with Amazon Aurora you do\nnot designate a primary and subsequent replicas. Instead, you simply add RDS\nInstances and Aurora manages the replication. You can use the [count][5]\nmeta-parameter to make multiple instances and join them all to the same RDS\nCluster, or you may specify different Cluster Instance resources with various\n`instance_class` sizes.\n\nFor more information on Amazon Aurora, see [Aurora on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html) in the Amazon RDS User Guide.\n\n\u003e **NOTE:** Deletion Protection from the RDS service can only be enabled at the cluster level, not for individual cluster instances. You can still add the [`protect` CustomResourceOption](https://www.pulumi.com/docs/intro/concepts/programming-model/#protect) to this resource configuration if you desire protection from accidental deletion.\n\n\u003e **NOTE:** `aurora` is no longer a valid `engine` because of [Amazon Aurora's MySQL-Compatible Edition version 1 end of life](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.MySQL56.EOL.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"barbut8chars\",\n});\nconst clusterInstances: aws.rds.ClusterInstance[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n clusterInstances.push(new aws.rds.ClusterInstance(`cluster_instances-${range.value}`, {\n identifier: `aurora-cluster-demo-${range.value}`,\n clusterIdentifier: _default.id,\n instanceClass: \"db.r4.large\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"barbut8chars\")\ncluster_instances = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n cluster_instances.append(aws.rds.ClusterInstance(f\"cluster_instances-{range['value']}\",\n identifier=f\"aurora-cluster-demo-{range['value']}\",\n cluster_identifier=default.id,\n instance_class=\"db.r4.large\",\n engine=default.engine,\n engine_version=default.engine_version))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"barbut8chars\",\n });\n\n var clusterInstances = new List\u003cAws.Rds.ClusterInstance\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n clusterInstances.Add(new Aws.Rds.ClusterInstance($\"cluster_instances-{range.Value}\", new()\n {\n Identifier = $\"aurora-cluster-demo-{range.Value}\",\n ClusterIdentifier = @default.Id,\n InstanceClass = \"db.r4.large\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n }));\n }\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"barbut8chars\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar clusterInstances []*rds.ClusterInstance\n\t\tfor index := 0; index \u003c 2; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := rds.NewClusterInstance(ctx, fmt.Sprintf(\"cluster_instances-%v\", key0), \u0026rds.ClusterInstanceArgs{\n\t\t\t\tIdentifier: pulumi.String(fmt.Sprintf(\"aurora-cluster-demo-%v\", val0)),\n\t\t\t\tClusterIdentifier: _default.ID(),\n\t\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\t\tEngine: _default.Engine,\n\t\t\t\tEngineVersion: _default.EngineVersion,\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tclusterInstances = append(clusterInstances, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"barbut8chars\")\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new ClusterInstance(\"clusterInstances-\" + i, ClusterInstanceArgs.builder() \n .identifier(String.format(\"aurora-cluster-demo-%s\", range.value()))\n .clusterIdentifier(default_.id())\n .instanceClass(\"db.r4.large\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n \n}\n }\n}\n```\n```yaml\nresources:\n clusterInstances:\n type: aws:rds:ClusterInstance\n name: cluster_instances\n properties:\n identifier: aurora-cluster-demo-${range.value}\n clusterIdentifier: ${default.id}\n instanceClass: db.r4.large\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n options: {}\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: barbut8chars\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Cluster Instances using the `identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/clusterInstance:ClusterInstance prod_instance_1 aurora-cluster-instance-1\n```\n", + "description": "Provides an RDS Cluster Instance Resource. A Cluster Instance Resource defines\nattributes that are specific to a single instance in a RDS Cluster,\nspecifically running Amazon Aurora.\n\nUnlike other RDS resources that support replication, with Amazon Aurora you do\nnot designate a primary and subsequent replicas. Instead, you simply add RDS\nInstances and Aurora manages the replication. You can use the [count][5]\nmeta-parameter to make multiple instances and join them all to the same RDS\nCluster, or you may specify different Cluster Instance resources with various\n`instance_class` sizes.\n\nFor more information on Amazon Aurora, see [Aurora on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html) in the Amazon RDS User Guide.\n\n\u003e **NOTE:** Deletion Protection from the RDS service can only be enabled at the cluster level, not for individual cluster instances. You can still add the [`protect` CustomResourceOption](https://www.pulumi.com/docs/intro/concepts/programming-model/#protect) to this resource configuration if you desire protection from accidental deletion.\n\n\u003e **NOTE:** `aurora` is no longer a valid `engine` because of [Amazon Aurora's MySQL-Compatible Edition version 1 end of life](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.MySQL56.EOL.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"barbut8chars\",\n});\nconst clusterInstances: aws.rds.ClusterInstance[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n clusterInstances.push(new aws.rds.ClusterInstance(`cluster_instances-${range.value}`, {\n identifier: `aurora-cluster-demo-${range.value}`,\n clusterIdentifier: _default.id,\n instanceClass: aws.rds.InstanceType.R4_Large,\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"barbut8chars\")\ncluster_instances = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n cluster_instances.append(aws.rds.ClusterInstance(f\"cluster_instances-{range['value']}\",\n identifier=f\"aurora-cluster-demo-{range['value']}\",\n cluster_identifier=default.id,\n instance_class=aws.rds.InstanceType.R4_LARGE,\n engine=default.engine,\n engine_version=default.engine_version))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Cluster(\"default\", new()\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"barbut8chars\",\n });\n\n var clusterInstances = new List\u003cAws.Rds.ClusterInstance\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n clusterInstances.Add(new Aws.Rds.ClusterInstance($\"cluster_instances-{range.Value}\", new()\n {\n Identifier = $\"aurora-cluster-demo-{range.Value}\",\n ClusterIdentifier = @default.Id,\n InstanceClass = Aws.Rds.InstanceType.R4_Large,\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n }));\n }\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"default\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"barbut8chars\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar clusterInstances []*rds.ClusterInstance\n\t\tfor index := 0; index \u003c 2; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := rds.NewClusterInstance(ctx, fmt.Sprintf(\"cluster_instances-%v\", key0), \u0026rds.ClusterInstanceArgs{\n\t\t\t\tIdentifier: pulumi.String(fmt.Sprintf(\"aurora-cluster-demo-%v\", val0)),\n\t\t\t\tClusterIdentifier: _default.ID(),\n\t\t\t\tInstanceClass: pulumi.String(rds.InstanceType_R4_Large),\n\t\t\t\tEngine: _default.Engine,\n\t\t\t\tEngineVersion: _default.EngineVersion,\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tclusterInstances = append(clusterInstances, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Cluster(\"default\", ClusterArgs.builder() \n .clusterIdentifier(\"aurora-cluster-demo\")\n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .databaseName(\"mydb\")\n .masterUsername(\"foo\")\n .masterPassword(\"barbut8chars\")\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new ClusterInstance(\"clusterInstances-\" + i, ClusterInstanceArgs.builder() \n .identifier(String.format(\"aurora-cluster-demo-%s\", range.value()))\n .clusterIdentifier(default_.id())\n .instanceClass(\"db.r4.large\")\n .engine(default_.engine())\n .engineVersion(default_.engineVersion())\n .build());\n\n \n}\n }\n}\n```\n```yaml\nresources:\n clusterInstances:\n type: aws:rds:ClusterInstance\n name: cluster_instances\n properties:\n identifier: aurora-cluster-demo-${range.value}\n clusterIdentifier: ${default.id}\n instanceClass: db.r4.large\n engine: ${default.engine}\n engineVersion: ${default.engineVersion}\n options: {}\n default:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: aurora-cluster-demo\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n databaseName: mydb\n masterUsername: foo\n masterPassword: barbut8chars\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS Cluster Instances using the `identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/clusterInstance:ClusterInstance prod_instance_1 aurora-cluster-instance-1\n```\n", "properties": { "applyImmediately": { "type": "boolean", @@ -300352,7 +300352,7 @@ } }, "aws:rds/eventSubscription:EventSubscription": { - "description": "Provides a DB event subscription resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: \"db.t2.micro\",\n dbName: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst defaultTopic = new aws.sns.Topic(\"default\", {name: \"rds-events\"});\nconst defaultEventSubscription = new aws.rds.EventSubscription(\"default\", {\n name: \"rds-event-sub\",\n snsTopic: defaultTopic.arn,\n sourceType: \"db-instance\",\n sourceIds: [_default.identifier],\n eventCategories: [\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\ndefault_topic = aws.sns.Topic(\"default\", name=\"rds-events\")\ndefault_event_subscription = aws.rds.EventSubscription(\"default\",\n name=\"rds-event-sub\",\n sns_topic=default_topic.arn,\n source_type=\"db-instance\",\n source_ids=[default.identifier],\n event_categories=[\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var defaultTopic = new Aws.Sns.Topic(\"default\", new()\n {\n Name = \"rds-events\",\n });\n\n var defaultEventSubscription = new Aws.Rds.EventSubscription(\"default\", new()\n {\n Name = \"rds-event-sub\",\n SnsTopic = defaultTopic.Arn,\n SourceType = \"db-instance\",\n SourceIds = new[]\n {\n @default.Identifier,\n },\n EventCategories = new[]\n {\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTopic, err := sns.NewTopic(ctx, \"default\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"rds-events\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewEventSubscription(ctx, \"default\", \u0026rds.EventSubscriptionArgs{\n\t\t\tName: pulumi.String(\"rds-event-sub\"),\n\t\t\tSnsTopic: defaultTopic.Arn,\n\t\t\tSourceType: pulumi.String(\"db-instance\"),\n\t\t\tSourceIds: pulumi.StringArray{\n\t\t\t\t_default.Identifier,\n\t\t\t},\n\t\t\tEventCategories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"availability\"),\n\t\t\t\tpulumi.String(\"deletion\"),\n\t\t\t\tpulumi.String(\"failover\"),\n\t\t\t\tpulumi.String(\"failure\"),\n\t\t\t\tpulumi.String(\"low storage\"),\n\t\t\t\tpulumi.String(\"maintenance\"),\n\t\t\t\tpulumi.String(\"notification\"),\n\t\t\t\tpulumi.String(\"read replica\"),\n\t\t\t\tpulumi.String(\"recovery\"),\n\t\t\t\tpulumi.String(\"restoration\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.rds.EventSubscription;\nimport com.pulumi.aws.rds.EventSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.17\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(\"bar\")\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n var defaultTopic = new Topic(\"defaultTopic\", TopicArgs.builder() \n .name(\"rds-events\")\n .build());\n\n var defaultEventSubscription = new EventSubscription(\"defaultEventSubscription\", EventSubscriptionArgs.builder() \n .name(\"rds-event-sub\")\n .snsTopic(defaultTopic.arn())\n .sourceType(\"db-instance\")\n .sourceIds(default_.identifier())\n .eventCategories( \n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.17\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: bar\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.6\n defaultTopic:\n type: aws:sns:Topic\n name: default\n properties:\n name: rds-events\n defaultEventSubscription:\n type: aws:rds:EventSubscription\n name: default\n properties:\n name: rds-event-sub\n snsTopic: ${defaultTopic.arn}\n sourceType: db-instance\n sourceIds:\n - ${default.identifier}\n eventCategories:\n - availability\n - deletion\n - failover\n - failure\n - low storage\n - maintenance\n - notification\n - read replica\n - recovery\n - restoration\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DB Event Subscriptions using the `name`. For example:\n\n```sh\n$ pulumi import aws:rds/eventSubscription:EventSubscription default rds-event-sub\n```\n", + "description": "Provides a DB event subscription resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: aws.rds.InstanceType.T2_Micro,\n dbName: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst defaultTopic = new aws.sns.Topic(\"default\", {name: \"rds-events\"});\nconst defaultEventSubscription = new aws.rds.EventSubscription(\"default\", {\n name: \"rds-event-sub\",\n snsTopic: defaultTopic.arn,\n sourceType: \"db-instance\",\n sourceIds: [_default.identifier],\n eventCategories: [\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=aws.rds.InstanceType.T2_MICRO,\n db_name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\ndefault_topic = aws.sns.Topic(\"default\", name=\"rds-events\")\ndefault_event_subscription = aws.rds.EventSubscription(\"default\",\n name=\"rds-event-sub\",\n sns_topic=default_topic.arn,\n source_type=\"db-instance\",\n source_ids=[default.identifier],\n event_categories=[\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = Aws.Rds.InstanceType.T2_Micro,\n DbName = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var defaultTopic = new Aws.Sns.Topic(\"default\", new()\n {\n Name = \"rds-events\",\n });\n\n var defaultEventSubscription = new Aws.Rds.EventSubscription(\"default\", new()\n {\n Name = \"rds-event-sub\",\n SnsTopic = defaultTopic.Arn,\n SourceType = \"db-instance\",\n SourceIds = new[]\n {\n @default.Identifier,\n },\n EventCategories = new[]\n {\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Micro),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTopic, err := sns.NewTopic(ctx, \"default\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"rds-events\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewEventSubscription(ctx, \"default\", \u0026rds.EventSubscriptionArgs{\n\t\t\tName: pulumi.String(\"rds-event-sub\"),\n\t\t\tSnsTopic: defaultTopic.Arn,\n\t\t\tSourceType: pulumi.String(\"db-instance\"),\n\t\t\tSourceIds: pulumi.StringArray{\n\t\t\t\t_default.Identifier,\n\t\t\t},\n\t\t\tEventCategories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"availability\"),\n\t\t\t\tpulumi.String(\"deletion\"),\n\t\t\t\tpulumi.String(\"failover\"),\n\t\t\t\tpulumi.String(\"failure\"),\n\t\t\t\tpulumi.String(\"low storage\"),\n\t\t\t\tpulumi.String(\"maintenance\"),\n\t\t\t\tpulumi.String(\"notification\"),\n\t\t\t\tpulumi.String(\"read replica\"),\n\t\t\t\tpulumi.String(\"recovery\"),\n\t\t\t\tpulumi.String(\"restoration\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.rds.EventSubscription;\nimport com.pulumi.aws.rds.EventSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.17\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(\"bar\")\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n var defaultTopic = new Topic(\"defaultTopic\", TopicArgs.builder() \n .name(\"rds-events\")\n .build());\n\n var defaultEventSubscription = new EventSubscription(\"defaultEventSubscription\", EventSubscriptionArgs.builder() \n .name(\"rds-event-sub\")\n .snsTopic(defaultTopic.arn())\n .sourceType(\"db-instance\")\n .sourceIds(default_.identifier())\n .eventCategories( \n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.17\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: bar\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.6\n defaultTopic:\n type: aws:sns:Topic\n name: default\n properties:\n name: rds-events\n defaultEventSubscription:\n type: aws:rds:EventSubscription\n name: default\n properties:\n name: rds-event-sub\n snsTopic: ${defaultTopic.arn}\n sourceType: db-instance\n sourceIds:\n - ${default.identifier}\n eventCategories:\n - availability\n - deletion\n - failover\n - failure\n - low storage\n - maintenance\n - notification\n - read replica\n - recovery\n - restoration\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DB Event Subscriptions using the `name`. For example:\n\n```sh\n$ pulumi import aws:rds/eventSubscription:EventSubscription default rds-event-sub\n```\n", "properties": { "arn": { "type": "string", @@ -300535,7 +300535,7 @@ } }, "aws:rds/exportTask:ExportTask": { - "description": "Resource for managing an AWS RDS (Relational Database) Export Task.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.ExportTask(\"example\", {\n exportTaskIdentifier: \"example\",\n sourceArn: exampleAwsDbSnapshot.dbSnapshotArn,\n s3BucketName: exampleAwsS3Bucket.id,\n iamRoleArn: exampleAwsIamRole.arn,\n kmsKeyId: exampleAwsKmsKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.ExportTask(\"example\",\n export_task_identifier=\"example\",\n source_arn=example_aws_db_snapshot[\"dbSnapshotArn\"],\n s3_bucket_name=example_aws_s3_bucket[\"id\"],\n iam_role_arn=example_aws_iam_role[\"arn\"],\n kms_key_id=example_aws_kms_key[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.ExportTask(\"example\", new()\n {\n ExportTaskIdentifier = \"example\",\n SourceArn = exampleAwsDbSnapshot.DbSnapshotArn,\n S3BucketName = exampleAwsS3Bucket.Id,\n IamRoleArn = exampleAwsIamRole.Arn,\n KmsKeyId = exampleAwsKmsKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewExportTask(ctx, \"example\", \u0026rds.ExportTaskArgs{\n\t\t\tExportTaskIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceArn: pulumi.Any(exampleAwsDbSnapshot.DbSnapshotArn),\n\t\t\tS3BucketName: pulumi.Any(exampleAwsS3Bucket.Id),\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tKmsKeyId: pulumi.Any(exampleAwsKmsKey.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.ExportTask;\nimport com.pulumi.aws.rds.ExportTaskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ExportTask(\"example\", ExportTaskArgs.builder() \n .exportTaskIdentifier(\"example\")\n .sourceArn(exampleAwsDbSnapshot.dbSnapshotArn())\n .s3BucketName(exampleAwsS3Bucket.id())\n .iamRoleArn(exampleAwsIamRole.arn())\n .kmsKeyId(exampleAwsKmsKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:ExportTask\n properties:\n exportTaskIdentifier: example\n sourceArn: ${exampleAwsDbSnapshot.dbSnapshotArn}\n s3BucketName: ${exampleAwsS3Bucket.id}\n iamRoleArn: ${exampleAwsIamRole.arn}\n kmsKeyId: ${exampleAwsKmsKey.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Complete Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {\n bucket: \"example\",\n forceDestroy: true,\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"export.rds.amazonaws.com\",\n },\n }],\n }),\n});\nconst example = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n actions: [\"s3:ListAllMyBuckets\"],\n resources: [\"*\"],\n },\n {\n actions: [\n \"s3:GetBucketLocation\",\n \"s3:ListBucket\",\n ],\n resources: [exampleBucketV2.arn],\n },\n {\n actions: [\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n ],\n resources: [pulumi.interpolate`${exampleBucketV2.arn}/*`],\n },\n ],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"example\",\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n role: exampleRole.name,\n policyArn: examplePolicy.arn,\n});\nconst exampleKey = new aws.kms.Key(\"example\", {deletionWindowInDays: 10});\nconst exampleInstance = new aws.rds.Instance(\"example\", {\n identifier: \"example\",\n allocatedStorage: 10,\n dbName: \"test\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n username: \"foo\",\n password: \"foobarbaz\",\n parameterGroupName: \"default.mysql5.7\",\n skipFinalSnapshot: true,\n});\nconst exampleSnapshot = new aws.rds.Snapshot(\"example\", {\n dbInstanceIdentifier: exampleInstance.identifier,\n dbSnapshotIdentifier: \"example\",\n});\nconst exampleExportTask = new aws.rds.ExportTask(\"example\", {\n exportTaskIdentifier: \"example\",\n sourceArn: exampleSnapshot.dbSnapshotArn,\n s3BucketName: exampleBucketV2.id,\n iamRoleArn: exampleRole.arn,\n kmsKeyId: exampleKey.arn,\n exportOnlies: [\"database\"],\n s3Prefix: \"my_prefix/example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\",\n bucket=\"example\",\n force_destroy=True)\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"export.rds.amazonaws.com\",\n },\n }],\n }))\nexample = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListAllMyBuckets\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"s3:GetBucketLocation\",\n \"s3:ListBucket\",\n ],\n resources=[example_bucket_v2.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n ],\n resources=[example_bucket_v2.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"example\",\n policy=example.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n role=example_role.name,\n policy_arn=example_policy.arn)\nexample_key = aws.kms.Key(\"example\", deletion_window_in_days=10)\nexample_instance = aws.rds.Instance(\"example\",\n identifier=\"example\",\n allocated_storage=10,\n db_name=\"test\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n username=\"foo\",\n password=\"foobarbaz\",\n parameter_group_name=\"default.mysql5.7\",\n skip_final_snapshot=True)\nexample_snapshot = aws.rds.Snapshot(\"example\",\n db_instance_identifier=example_instance.identifier,\n db_snapshot_identifier=\"example\")\nexample_export_task = aws.rds.ExportTask(\"example\",\n export_task_identifier=\"example\",\n source_arn=example_snapshot.db_snapshot_arn,\n s3_bucket_name=example_bucket_v2.id,\n iam_role_arn=example_role.arn,\n kms_key_id=example_key.arn,\n export_onlies=[\"database\"],\n s3_prefix=\"my_prefix/example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n ForceDestroy = true,\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"export.rds.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:ListAllMyBuckets\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetBucketLocation\",\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n },\n Resources = new[]\n {\n $\"{exampleBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"example\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n Role = exampleRole.Name,\n PolicyArn = examplePolicy.Arn,\n });\n\n var exampleKey = new Aws.Kms.Key(\"example\", new()\n {\n DeletionWindowInDays = 10,\n });\n\n var exampleInstance = new Aws.Rds.Instance(\"example\", new()\n {\n Identifier = \"example\",\n AllocatedStorage = 10,\n DbName = \"test\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n Username = \"foo\",\n Password = \"foobarbaz\",\n ParameterGroupName = \"default.mysql5.7\",\n SkipFinalSnapshot = true,\n });\n\n var exampleSnapshot = new Aws.Rds.Snapshot(\"example\", new()\n {\n DbInstanceIdentifier = exampleInstance.Identifier,\n DbSnapshotIdentifier = \"example\",\n });\n\n var exampleExportTask = new Aws.Rds.ExportTask(\"example\", new()\n {\n ExportTaskIdentifier = \"example\",\n SourceArn = exampleSnapshot.DbSnapshotArn,\n S3BucketName = exampleBucketV2.Id,\n IamRoleArn = exampleRole.Arn,\n KmsKeyId = exampleKey.Arn,\n ExportOnlies = new[]\n {\n \"database\",\n },\n S3Prefix = \"my_prefix/example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"export.rds.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ListAllMyBuckets\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketLocation\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:DeleteObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\texamplePolicy, err := iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tPolicy: example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026example.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: exampleRole.Name,\n\t\t\tPolicyArn: examplePolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDeletionWindowInDays: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleInstance, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tIdentifier: pulumi.String(\"example\"),\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSnapshot, err := rds.NewSnapshot(ctx, \"example\", \u0026rds.SnapshotArgs{\n\t\t\tDbInstanceIdentifier: exampleInstance.Identifier,\n\t\t\tDbSnapshotIdentifier: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewExportTask(ctx, \"example\", \u0026rds.ExportTaskArgs{\n\t\t\tExportTaskIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceArn: exampleSnapshot.DbSnapshotArn,\n\t\t\tS3BucketName: exampleBucketV2.ID(),\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t\tKmsKeyId: exampleKey.Arn,\n\t\t\tExportOnlies: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"database\"),\n\t\t\t},\n\t\t\tS3Prefix: pulumi.String(\"my_prefix/example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.Snapshot;\nimport com.pulumi.aws.rds.SnapshotArgs;\nimport com.pulumi.aws.rds.ExportTask;\nimport com.pulumi.aws.rds.ExportTaskArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .forceDestroy(true)\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"export.rds.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:ListAllMyBuckets\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"s3:GetBucketLocation\",\n \"s3:ListBucket\")\n .resources(exampleBucketV2.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\")\n .resources(exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(exampleRole.name())\n .policyArn(examplePolicy.arn())\n .build());\n\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .deletionWindowInDays(10)\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .identifier(\"example\")\n .allocatedStorage(10)\n .dbName(\"test\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .username(\"foo\")\n .password(\"foobarbaz\")\n .parameterGroupName(\"default.mysql5.7\")\n .skipFinalSnapshot(true)\n .build());\n\n var exampleSnapshot = new Snapshot(\"exampleSnapshot\", SnapshotArgs.builder() \n .dbInstanceIdentifier(exampleInstance.identifier())\n .dbSnapshotIdentifier(\"example\")\n .build());\n\n var exampleExportTask = new ExportTask(\"exampleExportTask\", ExportTaskArgs.builder() \n .exportTaskIdentifier(\"example\")\n .sourceArn(exampleSnapshot.dbSnapshotArn())\n .s3BucketName(exampleBucketV2.id())\n .iamRoleArn(exampleRole.arn())\n .kmsKeyId(exampleKey.arn())\n .exportOnlies(\"database\")\n .s3Prefix(\"my_prefix/example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n forceDestroy: true\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: export.rds.amazonaws.com\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: example\n policy: ${example.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n role: ${exampleRole.name}\n policyArn: ${examplePolicy.arn}\n exampleKey:\n type: aws:kms:Key\n name: example\n properties:\n deletionWindowInDays: 10\n exampleInstance:\n type: aws:rds:Instance\n name: example\n properties:\n identifier: example\n allocatedStorage: 10\n dbName: test\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n username: foo\n password: foobarbaz\n parameterGroupName: default.mysql5.7\n skipFinalSnapshot: true\n exampleSnapshot:\n type: aws:rds:Snapshot\n name: example\n properties:\n dbInstanceIdentifier: ${exampleInstance.identifier}\n dbSnapshotIdentifier: example\n exampleExportTask:\n type: aws:rds:ExportTask\n name: example\n properties:\n exportTaskIdentifier: example\n sourceArn: ${exampleSnapshot.dbSnapshotArn}\n s3BucketName: ${exampleBucketV2.id}\n iamRoleArn: ${exampleRole.arn}\n kmsKeyId: ${exampleKey.arn}\n exportOnlies:\n - database\n s3Prefix: my_prefix/example\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:ListAllMyBuckets\n resources:\n - '*'\n - actions:\n - s3:GetBucketLocation\n - s3:ListBucket\n resources:\n - ${exampleBucketV2.arn}\n - actions:\n - s3:GetObject\n - s3:PutObject\n - s3:DeleteObject\n resources:\n - ${exampleBucketV2.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import a RDS (Relational Database) Export Task using the `export_task_identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/exportTask:ExportTask example example\n```\n", + "description": "Resource for managing an AWS RDS (Relational Database) Export Task.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.ExportTask(\"example\", {\n exportTaskIdentifier: \"example\",\n sourceArn: exampleAwsDbSnapshot.dbSnapshotArn,\n s3BucketName: exampleAwsS3Bucket.id,\n iamRoleArn: exampleAwsIamRole.arn,\n kmsKeyId: exampleAwsKmsKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.ExportTask(\"example\",\n export_task_identifier=\"example\",\n source_arn=example_aws_db_snapshot[\"dbSnapshotArn\"],\n s3_bucket_name=example_aws_s3_bucket[\"id\"],\n iam_role_arn=example_aws_iam_role[\"arn\"],\n kms_key_id=example_aws_kms_key[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.ExportTask(\"example\", new()\n {\n ExportTaskIdentifier = \"example\",\n SourceArn = exampleAwsDbSnapshot.DbSnapshotArn,\n S3BucketName = exampleAwsS3Bucket.Id,\n IamRoleArn = exampleAwsIamRole.Arn,\n KmsKeyId = exampleAwsKmsKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewExportTask(ctx, \"example\", \u0026rds.ExportTaskArgs{\n\t\t\tExportTaskIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceArn: pulumi.Any(exampleAwsDbSnapshot.DbSnapshotArn),\n\t\t\tS3BucketName: pulumi.Any(exampleAwsS3Bucket.Id),\n\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tKmsKeyId: pulumi.Any(exampleAwsKmsKey.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.ExportTask;\nimport com.pulumi.aws.rds.ExportTaskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ExportTask(\"example\", ExportTaskArgs.builder() \n .exportTaskIdentifier(\"example\")\n .sourceArn(exampleAwsDbSnapshot.dbSnapshotArn())\n .s3BucketName(exampleAwsS3Bucket.id())\n .iamRoleArn(exampleAwsIamRole.arn())\n .kmsKeyId(exampleAwsKmsKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:ExportTask\n properties:\n exportTaskIdentifier: example\n sourceArn: ${exampleAwsDbSnapshot.dbSnapshotArn}\n s3BucketName: ${exampleAwsS3Bucket.id}\n iamRoleArn: ${exampleAwsIamRole.arn}\n kmsKeyId: ${exampleAwsKmsKey.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Complete Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {\n bucket: \"example\",\n forceDestroy: true,\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n acl: \"private\",\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: \"sts:AssumeRole\",\n effect: \"Allow\",\n sid: \"\",\n principal: {\n service: \"export.rds.amazonaws.com\",\n },\n }],\n }),\n});\nconst example = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n actions: [\"s3:ListAllMyBuckets\"],\n resources: [\"*\"],\n },\n {\n actions: [\n \"s3:GetBucketLocation\",\n \"s3:ListBucket\",\n ],\n resources: [exampleBucketV2.arn],\n },\n {\n actions: [\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n ],\n resources: [pulumi.interpolate`${exampleBucketV2.arn}/*`],\n },\n ],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"example\",\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n role: exampleRole.name,\n policyArn: examplePolicy.arn,\n});\nconst exampleKey = new aws.kms.Key(\"example\", {deletionWindowInDays: 10});\nconst exampleInstance = new aws.rds.Instance(\"example\", {\n identifier: \"example\",\n allocatedStorage: 10,\n dbName: \"test\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n username: \"foo\",\n password: \"foobarbaz\",\n parameterGroupName: \"default.mysql5.7\",\n skipFinalSnapshot: true,\n});\nconst exampleSnapshot = new aws.rds.Snapshot(\"example\", {\n dbInstanceIdentifier: exampleInstance.identifier,\n dbSnapshotIdentifier: \"example\",\n});\nconst exampleExportTask = new aws.rds.ExportTask(\"example\", {\n exportTaskIdentifier: \"example\",\n sourceArn: exampleSnapshot.dbSnapshotArn,\n s3BucketName: exampleBucketV2.id,\n iamRoleArn: exampleRole.arn,\n kmsKeyId: exampleKey.arn,\n exportOnlies: [\"database\"],\n s3Prefix: \"my_prefix/example\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\",\n bucket=\"example\",\n force_destroy=True)\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n acl=\"private\")\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": \"sts:AssumeRole\",\n \"effect\": \"Allow\",\n \"sid\": \"\",\n \"principal\": {\n \"service\": \"export.rds.amazonaws.com\",\n },\n }],\n }))\nexample = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListAllMyBuckets\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"s3:GetBucketLocation\",\n \"s3:ListBucket\",\n ],\n resources=[example_bucket_v2.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n ],\n resources=[example_bucket_v2.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"example\",\n policy=example.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n role=example_role.name,\n policy_arn=example_policy.arn)\nexample_key = aws.kms.Key(\"example\", deletion_window_in_days=10)\nexample_instance = aws.rds.Instance(\"example\",\n identifier=\"example\",\n allocated_storage=10,\n db_name=\"test\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n username=\"foo\",\n password=\"foobarbaz\",\n parameter_group_name=\"default.mysql5.7\",\n skip_final_snapshot=True)\nexample_snapshot = aws.rds.Snapshot(\"example\",\n db_instance_identifier=example_instance.identifier,\n db_snapshot_identifier=\"example\")\nexample_export_task = aws.rds.ExportTask(\"example\",\n export_task_identifier=\"example\",\n source_arn=example_snapshot.db_snapshot_arn,\n s3_bucket_name=example_bucket_v2.id,\n iam_role_arn=example_role.arn,\n kms_key_id=example_key.arn,\n export_onlies=[\"database\"],\n s3_prefix=\"my_prefix/example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n ForceDestroy = true,\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Acl = \"private\",\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = \"sts:AssumeRole\",\n [\"effect\"] = \"Allow\",\n [\"sid\"] = \"\",\n [\"principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"service\"] = \"export.rds.amazonaws.com\",\n },\n },\n },\n }),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:ListAllMyBuckets\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetBucketLocation\",\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\",\n },\n Resources = new[]\n {\n $\"{exampleBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"example\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n Role = exampleRole.Name,\n PolicyArn = examplePolicy.Arn,\n });\n\n var exampleKey = new Aws.Kms.Key(\"example\", new()\n {\n DeletionWindowInDays = 10,\n });\n\n var exampleInstance = new Aws.Rds.Instance(\"example\", new()\n {\n Identifier = \"example\",\n AllocatedStorage = 10,\n DbName = \"test\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n Username = \"foo\",\n Password = \"foobarbaz\",\n ParameterGroupName = \"default.mysql5.7\",\n SkipFinalSnapshot = true,\n });\n\n var exampleSnapshot = new Aws.Rds.Snapshot(\"example\", new()\n {\n DbInstanceIdentifier = exampleInstance.Identifier,\n DbSnapshotIdentifier = \"example\",\n });\n\n var exampleExportTask = new Aws.Rds.ExportTask(\"example\", new()\n {\n ExportTaskIdentifier = \"example\",\n SourceArn = exampleSnapshot.DbSnapshotArn,\n S3BucketName = exampleBucketV2.Id,\n IamRoleArn = exampleRole.Arn,\n KmsKeyId = exampleKey.Arn,\n ExportOnlies = new[]\n {\n \"database\",\n },\n S3Prefix = \"my_prefix/example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"sid\": \"\",\n\t\t\t\t\t\"principal\": map[string]interface{}{\n\t\t\t\t\t\t\"service\": \"export.rds.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ListAllMyBuckets\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketLocation\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:DeleteObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\texamplePolicy, err := iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tPolicy: example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026example.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: exampleRole.Name,\n\t\t\tPolicyArn: examplePolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDeletionWindowInDays: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleInstance, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tIdentifier: pulumi.String(\"example\"),\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSnapshot, err := rds.NewSnapshot(ctx, \"example\", \u0026rds.SnapshotArgs{\n\t\t\tDbInstanceIdentifier: exampleInstance.Identifier,\n\t\t\tDbSnapshotIdentifier: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewExportTask(ctx, \"example\", \u0026rds.ExportTaskArgs{\n\t\t\tExportTaskIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceArn: exampleSnapshot.DbSnapshotArn,\n\t\t\tS3BucketName: exampleBucketV2.ID(),\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t\tKmsKeyId: exampleKey.Arn,\n\t\t\tExportOnlies: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"database\"),\n\t\t\t},\n\t\t\tS3Prefix: pulumi.String(\"my_prefix/example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.Snapshot;\nimport com.pulumi.aws.rds.SnapshotArgs;\nimport com.pulumi.aws.rds.ExportTask;\nimport com.pulumi.aws.rds.ExportTaskArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .forceDestroy(true)\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .acl(\"private\")\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", \"sts:AssumeRole\"),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"sid\", \"\"),\n jsonProperty(\"principal\", jsonObject(\n jsonProperty(\"service\", \"export.rds.amazonaws.com\")\n ))\n )))\n )))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:ListAllMyBuckets\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"s3:GetBucketLocation\",\n \"s3:ListBucket\")\n .resources(exampleBucketV2.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"s3:GetObject\",\n \"s3:PutObject\",\n \"s3:DeleteObject\")\n .resources(exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(exampleRole.name())\n .policyArn(examplePolicy.arn())\n .build());\n\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .deletionWindowInDays(10)\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .identifier(\"example\")\n .allocatedStorage(10)\n .dbName(\"test\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .username(\"foo\")\n .password(\"foobarbaz\")\n .parameterGroupName(\"default.mysql5.7\")\n .skipFinalSnapshot(true)\n .build());\n\n var exampleSnapshot = new Snapshot(\"exampleSnapshot\", SnapshotArgs.builder() \n .dbInstanceIdentifier(exampleInstance.identifier())\n .dbSnapshotIdentifier(\"example\")\n .build());\n\n var exampleExportTask = new ExportTask(\"exampleExportTask\", ExportTaskArgs.builder() \n .exportTaskIdentifier(\"example\")\n .sourceArn(exampleSnapshot.dbSnapshotArn())\n .s3BucketName(exampleBucketV2.id())\n .iamRoleArn(exampleRole.arn())\n .kmsKeyId(exampleKey.arn())\n .exportOnlies(\"database\")\n .s3Prefix(\"my_prefix/example\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n forceDestroy: true\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n acl: private\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action: sts:AssumeRole\n effect: Allow\n sid:\n principal:\n service: export.rds.amazonaws.com\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: example\n policy: ${example.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n role: ${exampleRole.name}\n policyArn: ${examplePolicy.arn}\n exampleKey:\n type: aws:kms:Key\n name: example\n properties:\n deletionWindowInDays: 10\n exampleInstance:\n type: aws:rds:Instance\n name: example\n properties:\n identifier: example\n allocatedStorage: 10\n dbName: test\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n username: foo\n password: foobarbaz\n parameterGroupName: default.mysql5.7\n skipFinalSnapshot: true\n exampleSnapshot:\n type: aws:rds:Snapshot\n name: example\n properties:\n dbInstanceIdentifier: ${exampleInstance.identifier}\n dbSnapshotIdentifier: example\n exampleExportTask:\n type: aws:rds:ExportTask\n name: example\n properties:\n exportTaskIdentifier: example\n sourceArn: ${exampleSnapshot.dbSnapshotArn}\n s3BucketName: ${exampleBucketV2.id}\n iamRoleArn: ${exampleRole.arn}\n kmsKeyId: ${exampleKey.arn}\n exportOnlies:\n - database\n s3Prefix: my_prefix/example\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:ListAllMyBuckets\n resources:\n - '*'\n - actions:\n - s3:GetBucketLocation\n - s3:ListBucket\n resources:\n - ${exampleBucketV2.arn}\n - actions:\n - s3:GetObject\n - s3:PutObject\n - s3:DeleteObject\n resources:\n - ${exampleBucketV2.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import a RDS (Relational Database) Export Task using the `export_task_identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/exportTask:ExportTask example example\n```\n", "properties": { "exportOnlies": { "type": "array", @@ -300737,7 +300737,7 @@ } }, "aws:rds/globalCluster:GlobalCluster": { - "description": "Manages an RDS Global Cluster, which is an Aurora global database spread across multiple regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.\n\nMore information about Aurora global databases can be found in the [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database-creating).\n\n## Example Usage\n\n### New MySQL Global Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora\",\n engineVersion: \"5.6.mysql_aurora.1.22.2\",\n databaseName: \"example_db\",\n});\nconst primary = new aws.rds.Cluster(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primary.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n});\nconst secondary = new aws.rds.Cluster(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondary.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora\",\n engine_version=\"5.6.mysql_aurora.1.22.2\",\n database_name=\"example_db\")\nprimary = aws.rds.Cluster(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\")\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\")\nsecondary = aws.rds.Cluster(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\")\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora\",\n EngineVersion = \"5.6.mysql_aurora.1.22.2\",\n DatabaseName = \"example_db\",\n });\n\n var primary = new Aws.Rds.Cluster(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primary.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n });\n\n var secondary = new Aws.Rds.Cluster(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondary.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.mysql_aurora.1.22.2\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := rds.NewCluster(ctx, \"primary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primary.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondary, err := rds.NewCluster(ctx, \"secondary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondary.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora\")\n .engineVersion(\"5.6.mysql_aurora.1.22.2\")\n .databaseName(\"example_db\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora\n engineVersion: 5.6.mysql_aurora.1.22.2\n databaseName: example_db\n primary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: primary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n secondary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: secondary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### New PostgreSQL Global Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora-postgresql\",\n engineVersion: \"11.9\",\n databaseName: \"example_db\",\n});\nconst primary = new aws.rds.Cluster(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primary.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n});\nconst secondary = new aws.rds.Cluster(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n skipFinalSnapshot: true,\n dbSubnetGroupName: \"default\",\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondary.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora-postgresql\",\n engine_version=\"11.9\",\n database_name=\"example_db\")\nprimary = aws.rds.Cluster(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\")\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\")\nsecondary = aws.rds.Cluster(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n skip_final_snapshot=True,\n db_subnet_group_name=\"default\")\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora-postgresql\",\n EngineVersion = \"11.9\",\n DatabaseName = \"example_db\",\n });\n\n var primary = new Aws.Rds.Cluster(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primary.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n });\n\n var secondary = new Aws.Rds.Cluster(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n SkipFinalSnapshot = true,\n DbSubnetGroupName = \"default\",\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondary.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tEngineVersion: pulumi.String(\"11.9\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := rds.NewCluster(ctx, \"primary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primary.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondary, err := rds.NewCluster(ctx, \"secondary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondary.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora-postgresql\")\n .engineVersion(\"11.9\")\n .databaseName(\"example_db\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .skipFinalSnapshot(true)\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora-postgresql\n engineVersion: '11.9'\n databaseName: example_db\n primary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: primary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n secondary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n skipFinalSnapshot: true\n dbSubnetGroupName: default\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: secondary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### New Global Cluster From Existing DB Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {});\nconst exampleGlobalCluster = new aws.rds.GlobalCluster(\"example\", {\n forceDestroy: true,\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\")\nexample_global_cluster = aws.rds.GlobalCluster(\"example\",\n force_destroy=True,\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Cluster(\"example\");\n\n var exampleGlobalCluster = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n ForceDestroy = true,\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewCluster(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .forceDestroy(true)\n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Cluster\n exampleGlobalCluster:\n type: aws:rds:GlobalCluster\n name: example\n properties:\n forceDestroy: true\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Upgrading Engine Versions\n\nWhen you upgrade the version of an `aws.rds.GlobalCluster`, the provider will attempt to in-place upgrade the engine versions of all associated clusters. Since the `aws.rds.Cluster` resource is being updated through the `aws.rds.GlobalCluster`, you are likely to get an error (`Provider produced inconsistent final plan`). To avoid this, use the `lifecycle` `ignore_changes` meta argument as shown below on the `aws.rds.Cluster`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"kyivkharkiv\",\n engine: \"aurora-mysql\",\n engineVersion: \"5.7.mysql_aurora.2.07.5\",\n});\nconst primary = new aws.rds.Cluster(\"primary\", {\n allowMajorVersionUpgrade: true,\n applyImmediately: true,\n clusterIdentifier: \"odessadnipro\",\n databaseName: \"totoro\",\n engine: example.engine,\n engineVersion: example.engineVersion,\n globalClusterIdentifier: example.id,\n masterPassword: \"satsukimae\",\n masterUsername: \"maesatsuki\",\n skipFinalSnapshot: true,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primary\", {\n applyImmediately: true,\n clusterIdentifier: primary.id,\n engine: primary.engine,\n engineVersion: primary.engineVersion,\n identifier: \"donetsklviv\",\n instanceClass: \"db.r4.large\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"kyivkharkiv\",\n engine=\"aurora-mysql\",\n engine_version=\"5.7.mysql_aurora.2.07.5\")\nprimary = aws.rds.Cluster(\"primary\",\n allow_major_version_upgrade=True,\n apply_immediately=True,\n cluster_identifier=\"odessadnipro\",\n database_name=\"totoro\",\n engine=example.engine,\n engine_version=example.engine_version,\n global_cluster_identifier=example.id,\n master_password=\"satsukimae\",\n master_username=\"maesatsuki\",\n skip_final_snapshot=True)\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primary\",\n apply_immediately=True,\n cluster_identifier=primary.id,\n engine=primary.engine,\n engine_version=primary.engine_version,\n identifier=\"donetsklviv\",\n instance_class=\"db.r4.large\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"kyivkharkiv\",\n Engine = \"aurora-mysql\",\n EngineVersion = \"5.7.mysql_aurora.2.07.5\",\n });\n\n var primary = new Aws.Rds.Cluster(\"primary\", new()\n {\n AllowMajorVersionUpgrade = true,\n ApplyImmediately = true,\n ClusterIdentifier = \"odessadnipro\",\n DatabaseName = \"totoro\",\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n GlobalClusterIdentifier = example.Id,\n MasterPassword = \"satsukimae\",\n MasterUsername = \"maesatsuki\",\n SkipFinalSnapshot = true,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primary\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = primary.Id,\n Engine = primary.Engine,\n EngineVersion = primary.EngineVersion,\n Identifier = \"donetsklviv\",\n InstanceClass = \"db.r4.large\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"kyivkharkiv\"),\n\t\t\tEngine: pulumi.String(\"aurora-mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.mysql_aurora.2.07.5\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := rds.NewCluster(ctx, \"primary\", \u0026rds.ClusterArgs{\n\t\t\tAllowMajorVersionUpgrade: pulumi.Bool(true),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: pulumi.String(\"odessadnipro\"),\n\t\t\tDatabaseName: pulumi.String(\"totoro\"),\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tMasterPassword: pulumi.String(\"satsukimae\"),\n\t\t\tMasterUsername: pulumi.String(\"maesatsuki\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: primary.ID(),\n\t\t\tEngine: primary.Engine,\n\t\t\tEngineVersion: primary.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"donetsklviv\"),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"kyivkharkiv\")\n .engine(\"aurora-mysql\")\n .engineVersion(\"5.7.mysql_aurora.2.07.5\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder() \n .allowMajorVersionUpgrade(true)\n .applyImmediately(true)\n .clusterIdentifier(\"odessadnipro\")\n .databaseName(\"totoro\")\n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .globalClusterIdentifier(example.id())\n .masterPassword(\"satsukimae\")\n .masterUsername(\"maesatsuki\")\n .skipFinalSnapshot(true)\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(primary.id())\n .engine(primary.engine())\n .engineVersion(primary.engineVersion())\n .identifier(\"donetsklviv\")\n .instanceClass(\"db.r4.large\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: kyivkharkiv\n engine: aurora-mysql\n engineVersion: 5.7.mysql_aurora.2.07.5\n primary:\n type: aws:rds:Cluster\n properties:\n allowMajorVersionUpgrade: true\n applyImmediately: true\n clusterIdentifier: odessadnipro\n databaseName: totoro\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n globalClusterIdentifier: ${example.id}\n masterPassword: satsukimae\n masterUsername: maesatsuki\n skipFinalSnapshot: true\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: primary\n properties:\n applyImmediately: true\n clusterIdentifier: ${primary.id}\n engine: ${primary.engine}\n engineVersion: ${primary.engineVersion}\n identifier: donetsklviv\n instanceClass: db.r4.large\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_rds_global_cluster` using the RDS Global Cluster identifier. For example:\n\n```sh\n$ pulumi import aws:rds/globalCluster:GlobalCluster example example\n```\nCertain resource arguments, like `force_destroy`, only exist within this provider. If the argument is set in the the provider configuration on an imported resource, This provider will show a difference on the first plan after import to update the state value. This change is safe to apply immediately so the state matches the desired configuration.\n\nCertain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", + "description": "Manages an RDS Global Cluster, which is an Aurora global database spread across multiple regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.\n\nMore information about Aurora global databases can be found in the [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database-creating).\n\n## Example Usage\n\n### New MySQL Global Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora\",\n engineVersion: \"5.6.mysql_aurora.1.22.2\",\n databaseName: \"example_db\",\n});\nconst primary = new aws.rds.Cluster(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primary.id,\n instanceClass: aws.rds.InstanceType.R4_Large,\n dbSubnetGroupName: \"default\",\n});\nconst secondary = new aws.rds.Cluster(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondary.id,\n instanceClass: aws.rds.InstanceType.R4_Large,\n dbSubnetGroupName: \"default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora\",\n engine_version=\"5.6.mysql_aurora.1.22.2\",\n database_name=\"example_db\")\nprimary = aws.rds.Cluster(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\")\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary.id,\n instance_class=aws.rds.InstanceType.R4_LARGE,\n db_subnet_group_name=\"default\")\nsecondary = aws.rds.Cluster(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\")\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary.id,\n instance_class=aws.rds.InstanceType.R4_LARGE,\n db_subnet_group_name=\"default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora\",\n EngineVersion = \"5.6.mysql_aurora.1.22.2\",\n DatabaseName = \"example_db\",\n });\n\n var primary = new Aws.Rds.Cluster(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primary.Id,\n InstanceClass = Aws.Rds.InstanceType.R4_Large,\n DbSubnetGroupName = \"default\",\n });\n\n var secondary = new Aws.Rds.Cluster(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondary.Id,\n InstanceClass = Aws.Rds.InstanceType.R4_Large,\n DbSubnetGroupName = \"default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.mysql_aurora.1.22.2\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := rds.NewCluster(ctx, \"primary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primary.ID(),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_R4_Large),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondary, err := rds.NewCluster(ctx, \"secondary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondary.ID(),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_R4_Large),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora\")\n .engineVersion(\"5.6.mysql_aurora.1.22.2\")\n .databaseName(\"example_db\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora\n engineVersion: 5.6.mysql_aurora.1.22.2\n databaseName: example_db\n primary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: primary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n secondary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: secondary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### New PostgreSQL Global Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora-postgresql\",\n engineVersion: \"11.9\",\n databaseName: \"example_db\",\n});\nconst primary = new aws.rds.Cluster(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primary.id,\n instanceClass: aws.rds.InstanceType.R4_Large,\n dbSubnetGroupName: \"default\",\n});\nconst secondary = new aws.rds.Cluster(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n skipFinalSnapshot: true,\n dbSubnetGroupName: \"default\",\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondary\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondary.id,\n instanceClass: aws.rds.InstanceType.R4_Large,\n dbSubnetGroupName: \"default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora-postgresql\",\n engine_version=\"11.9\",\n database_name=\"example_db\")\nprimary = aws.rds.Cluster(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\")\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary.id,\n instance_class=aws.rds.InstanceType.R4_LARGE,\n db_subnet_group_name=\"default\")\nsecondary = aws.rds.Cluster(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n skip_final_snapshot=True,\n db_subnet_group_name=\"default\")\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondary\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary.id,\n instance_class=aws.rds.InstanceType.R4_LARGE,\n db_subnet_group_name=\"default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora-postgresql\",\n EngineVersion = \"11.9\",\n DatabaseName = \"example_db\",\n });\n\n var primary = new Aws.Rds.Cluster(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primary.Id,\n InstanceClass = Aws.Rds.InstanceType.R4_Large,\n DbSubnetGroupName = \"default\",\n });\n\n var secondary = new Aws.Rds.Cluster(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n SkipFinalSnapshot = true,\n DbSubnetGroupName = \"default\",\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondary\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondary.Id,\n InstanceClass = Aws.Rds.InstanceType.R4_Large,\n DbSubnetGroupName = \"default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tEngineVersion: pulumi.String(\"11.9\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := rds.NewCluster(ctx, \"primary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primary.ID(),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_R4_Large),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondary, err := rds.NewCluster(ctx, \"secondary\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondary.ID(),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_R4_Large),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora-postgresql\")\n .engineVersion(\"11.9\")\n .databaseName(\"example_db\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondary = new Cluster(\"secondary\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .skipFinalSnapshot(true)\n .dbSubnetGroupName(\"default\")\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondary.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora-postgresql\n engineVersion: '11.9'\n databaseName: example_db\n primary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: primary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n secondary:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n skipFinalSnapshot: true\n dbSubnetGroupName: default\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: secondary\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondary.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### New Global Cluster From Existing DB Cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {});\nconst exampleGlobalCluster = new aws.rds.GlobalCluster(\"example\", {\n forceDestroy: true,\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\")\nexample_global_cluster = aws.rds.GlobalCluster(\"example\",\n force_destroy=True,\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Cluster(\"example\");\n\n var exampleGlobalCluster = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n ForceDestroy = true,\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewCluster(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .forceDestroy(true)\n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Cluster\n exampleGlobalCluster:\n type: aws:rds:GlobalCluster\n name: example\n properties:\n forceDestroy: true\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Upgrading Engine Versions\n\nWhen you upgrade the version of an `aws.rds.GlobalCluster`, the provider will attempt to in-place upgrade the engine versions of all associated clusters. Since the `aws.rds.Cluster` resource is being updated through the `aws.rds.GlobalCluster`, you are likely to get an error (`Provider produced inconsistent final plan`). To avoid this, use the `lifecycle` `ignore_changes` meta argument as shown below on the `aws.rds.Cluster`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"kyivkharkiv\",\n engine: \"aurora-mysql\",\n engineVersion: \"5.7.mysql_aurora.2.07.5\",\n});\nconst primary = new aws.rds.Cluster(\"primary\", {\n allowMajorVersionUpgrade: true,\n applyImmediately: true,\n clusterIdentifier: \"odessadnipro\",\n databaseName: \"totoro\",\n engine: example.engine,\n engineVersion: example.engineVersion,\n globalClusterIdentifier: example.id,\n masterPassword: \"satsukimae\",\n masterUsername: \"maesatsuki\",\n skipFinalSnapshot: true,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primary\", {\n applyImmediately: true,\n clusterIdentifier: primary.id,\n engine: primary.engine,\n engineVersion: primary.engineVersion,\n identifier: \"donetsklviv\",\n instanceClass: aws.rds.InstanceType.R4_Large,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"kyivkharkiv\",\n engine=\"aurora-mysql\",\n engine_version=\"5.7.mysql_aurora.2.07.5\")\nprimary = aws.rds.Cluster(\"primary\",\n allow_major_version_upgrade=True,\n apply_immediately=True,\n cluster_identifier=\"odessadnipro\",\n database_name=\"totoro\",\n engine=example.engine,\n engine_version=example.engine_version,\n global_cluster_identifier=example.id,\n master_password=\"satsukimae\",\n master_username=\"maesatsuki\",\n skip_final_snapshot=True)\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primary\",\n apply_immediately=True,\n cluster_identifier=primary.id,\n engine=primary.engine,\n engine_version=primary.engine_version,\n identifier=\"donetsklviv\",\n instance_class=aws.rds.InstanceType.R4_LARGE)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"kyivkharkiv\",\n Engine = \"aurora-mysql\",\n EngineVersion = \"5.7.mysql_aurora.2.07.5\",\n });\n\n var primary = new Aws.Rds.Cluster(\"primary\", new()\n {\n AllowMajorVersionUpgrade = true,\n ApplyImmediately = true,\n ClusterIdentifier = \"odessadnipro\",\n DatabaseName = \"totoro\",\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n GlobalClusterIdentifier = example.Id,\n MasterPassword = \"satsukimae\",\n MasterUsername = \"maesatsuki\",\n SkipFinalSnapshot = true,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primary\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = primary.Id,\n Engine = primary.Engine,\n EngineVersion = primary.EngineVersion,\n Identifier = \"donetsklviv\",\n InstanceClass = Aws.Rds.InstanceType.R4_Large,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"kyivkharkiv\"),\n\t\t\tEngine: pulumi.String(\"aurora-mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.mysql_aurora.2.07.5\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimary, err := rds.NewCluster(ctx, \"primary\", \u0026rds.ClusterArgs{\n\t\t\tAllowMajorVersionUpgrade: pulumi.Bool(true),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: pulumi.String(\"odessadnipro\"),\n\t\t\tDatabaseName: pulumi.String(\"totoro\"),\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tMasterPassword: pulumi.String(\"satsukimae\"),\n\t\t\tMasterUsername: pulumi.String(\"maesatsuki\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primary\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: primary.ID(),\n\t\t\tEngine: primary.Engine,\n\t\t\tEngineVersion: primary.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"donetsklviv\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_R4_Large),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"kyivkharkiv\")\n .engine(\"aurora-mysql\")\n .engineVersion(\"5.7.mysql_aurora.2.07.5\")\n .build());\n\n var primary = new Cluster(\"primary\", ClusterArgs.builder() \n .allowMajorVersionUpgrade(true)\n .applyImmediately(true)\n .clusterIdentifier(\"odessadnipro\")\n .databaseName(\"totoro\")\n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .globalClusterIdentifier(example.id())\n .masterPassword(\"satsukimae\")\n .masterUsername(\"maesatsuki\")\n .skipFinalSnapshot(true)\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(primary.id())\n .engine(primary.engine())\n .engineVersion(primary.engineVersion())\n .identifier(\"donetsklviv\")\n .instanceClass(\"db.r4.large\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: kyivkharkiv\n engine: aurora-mysql\n engineVersion: 5.7.mysql_aurora.2.07.5\n primary:\n type: aws:rds:Cluster\n properties:\n allowMajorVersionUpgrade: true\n applyImmediately: true\n clusterIdentifier: odessadnipro\n databaseName: totoro\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n globalClusterIdentifier: ${example.id}\n masterPassword: satsukimae\n masterUsername: maesatsuki\n skipFinalSnapshot: true\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n name: primary\n properties:\n applyImmediately: true\n clusterIdentifier: ${primary.id}\n engine: ${primary.engine}\n engineVersion: ${primary.engineVersion}\n identifier: donetsklviv\n instanceClass: db.r4.large\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_rds_global_cluster` using the RDS Global Cluster identifier. For example:\n\n```sh\n$ pulumi import aws:rds/globalCluster:GlobalCluster example example\n```\nCertain resource arguments, like `force_destroy`, only exist within this provider. If the argument is set in the the provider configuration on an imported resource, This provider will show a difference on the first plan after import to update the state value. This change is safe to apply immediately so the state matches the desired configuration.\n\nCertain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", "properties": { "arn": { "type": "string", @@ -300906,7 +300906,7 @@ } }, "aws:rds/instance:Instance": { - "description": "Provides an RDS instance resource. A DB instance is an isolated database\nenvironment in the cloud. A DB instance can contain multiple user-created\ndatabases.\n\nChanges to a DB instance can occur when you manually change a parameter, such as\n`allocated_storage`, and are reflected in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because a\nmodification has not yet taken place. You can use the `apply_immediately` flag\nto instruct the service to apply the change immediately (see documentation\nbelow).\n\nWhen upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`.\n\n\u003e **Note:** using `apply_immediately` can result in a brief downtime as the server reboots.\nSee the AWS Docs on [RDS Instance Maintenance][instance-maintenance] for more information.\n\n\u003e **Note:** All arguments including the username and password will be stored in the raw state as plain-text.\nRead more about sensitive data instate.\n\n\n\n## RDS Instance Class Types\n\nAmazon RDS supports instance classes for the following use cases: General-purpose, Memory-optimized, Burstable Performance, and Optimized-reads.\nFor more information please read the AWS RDS documentation about [DB Instance Class Types](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\n\n## Low-Downtime Updates\n\nBy default, RDS applies updates to DB Instances in-place, which can lead to service interruptions.\nLow-downtime updates minimize service interruptions by performing the updates with an [RDS Blue/Green deployment][blue-green] and switching over the instances when complete.\n\nLow-downtime updates are only available for DB Instances using MySQL and MariaDB,\nas other engines are not supported by RDS Blue/Green deployments.\nThey cannot be used with DB Instances with replicas.\n\nBackups must be enabled to use low-downtime updates.\n\nEnable low-downtime updates by setting `blue_green_update.enabled` to `true`.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n username: \"foo\",\n password: \"foobarbaz\",\n parameterGroupName: \"default.mysql5.7\",\n skipFinalSnapshot: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n username=\"foo\",\n password=\"foobarbaz\",\n parameter_group_name=\"default.mysql5.7\",\n skip_final_snapshot=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n Username = \"foo\",\n Password = \"foobarbaz\",\n ParameterGroupName = \"default.mysql5.7\",\n SkipFinalSnapshot = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .username(\"foo\")\n .password(\"foobarbaz\")\n .parameterGroupName(\"default.mysql5.7\")\n .skipFinalSnapshot(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n username: foo\n password: foobarbaz\n parameterGroupName: default.mysql5.7\n skipFinalSnapshot: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for Oracle Usage with Replica\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom-oracle = aws.rds.getOrderableDbInstance({\n engine: \"custom-oracle-ee\",\n engineVersion: \"19.c.ee.002\",\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 50,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_oracle.then(custom_oracle =\u003e custom_oracle.engine),\n engineVersion: custom_oracle.then(custom_oracle =\u003e custom_oracle.engineVersion),\n identifier: \"ee-instance-demo\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.instancetype.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n licenseModel: custom_oracle.then(custom_oracle =\u003e custom_oracle.licenseModel),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n storageEncrypted: true,\n});\nconst test_replica = new aws.rds.Instance(\"test-replica\", {\n replicateSourceDb: _default.identifier,\n replicaMode: \"mounted\",\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n identifier: \"ee-instance-replica\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.instancetype.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n skipFinalSnapshot: true,\n storageEncrypted: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_oracle = aws.rds.get_orderable_db_instance(engine=\"custom-oracle-ee\",\n engine_version=\"19.c.ee.002\",\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=50,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_oracle.engine,\n engine_version=custom_oracle.engine_version,\n identifier=\"ee-instance-demo\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)),\n kms_key_id=by_id.arn,\n license_model=custom_oracle.license_model,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n username=\"test\",\n storage_encrypted=True)\ntest_replica = aws.rds.Instance(\"test-replica\",\n replicate_source_db=default.identifier,\n replica_mode=\"mounted\",\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n identifier=\"ee-instance-replica\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n skip_final_snapshot=True,\n storage_encrypted=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_oracle = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-oracle-ee\",\n EngineVersion = \"19.c.ee.002\",\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 50,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"ee-instance-demo\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n LicenseModel = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.LicenseModel)),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n StorageEncrypted = true,\n });\n\n var test_replica = new Aws.Rds.Instance(\"test-replica\", new()\n {\n ReplicateSourceDb = @default.Identifier,\n ReplicaMode = \"mounted\",\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n Identifier = \"ee-instance-replica\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n SkipFinalSnapshot = true,\n StorageEncrypted = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_oracle, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-oracle-ee\",\n\t\t\tEngineVersion: pulumi.StringRef(\"19.c.ee.002\"),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: *pulumi.String(custom_oracle.Engine),\n\t\t\tEngineVersion: *pulumi.String(custom_oracle.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-demo\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: *pulumi.String(byId.Arn),\n\t\t\tLicenseModel: *pulumi.String(custom_oracle.LicenseModel),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"test-replica\", \u0026rds.InstanceArgs{\n\t\t\tReplicateSourceDb: _default.Identifier,\n\t\t\tReplicaMode: pulumi.String(\"mounted\"),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-replica\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: *pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-oracle = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-oracle-ee\")\n .engineVersion(\"19.c.ee.002\")\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(50)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_oracle.engine())\n .engineVersion(custom_oracle.engineVersion())\n .identifier(\"ee-instance-demo\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .licenseModel(custom_oracle.licenseModel())\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .storageEncrypted(true)\n .build());\n\n var test_replica = new Instance(\"test-replica\", InstanceArgs.builder() \n .replicateSourceDb(default_.identifier())\n .replicaMode(\"mounted\")\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .identifier(\"ee-instance-replica\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .skipFinalSnapshot(true)\n .storageEncrypted(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n autoMinorVersionUpgrade: false # Custom for Oracle does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-oracle\"].engine}\n engineVersion: ${[\"custom-oracle\"].engineVersion}\n identifier: ee-instance-demo\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n licenseModel: ${[\"custom-oracle\"].licenseModel}\n multiAz: false # Custom for Oracle does not support multi-az\n password: avoid-plaintext-passwords\n username: test\n storageEncrypted: true\n test-replica:\n type: aws:rds:Instance\n properties:\n replicateSourceDb: ${default.identifier}\n replicaMode: mounted\n autoMinorVersionUpgrade: false\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n identifier: ee-instance-replica\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for Oracle does not support multi-az\n skipFinalSnapshot: true\n storageEncrypted: true\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-oracle:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-oracle-ee\n engineVersion: 19.c.ee.002\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for SQL Server\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom-sqlserver = aws.rds.getOrderableDbInstance({\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.v1\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 500,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomSQLServerInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engine),\n engineVersion: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engineVersion),\n identifier: \"sql-instance-demo\",\n instanceClass: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.instanceClass).apply((x) =\u003e aws.rds.instancetype.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n storageEncrypted: true,\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_sqlserver = aws.rds.get_orderable_db_instance(engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.v1\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\nexample = aws.rds.Instance(\"example\",\n allocated_storage=500,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomSQLServerInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_sqlserver.engine,\n engine_version=custom_sqlserver.engine_version,\n identifier=\"sql-instance-demo\",\n instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n storage_encrypted=True,\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_sqlserver = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.v1\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 500,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomSQLServerInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"sql-instance-demo\",\n InstanceClass = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n StorageEncrypted = true,\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_sqlserver, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-sqlserver-se\",\n\t\t\tEngineVersion: pulumi.StringRef(\"15.00.4249.2.v1\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(500),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomSQLServerInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: *pulumi.String(custom_sqlserver.Engine),\n\t\t\tEngineVersion: *pulumi.String(custom_sqlserver.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"sql-instance-demo\"),\n\t\t\tInstanceClass: custom_sqlserver.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: *pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-sqlserver = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.v1\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(500)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomSQLServerInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_sqlserver.engine())\n .engineVersion(custom_sqlserver.engineVersion())\n .identifier(\"sql-instance-demo\")\n .instanceClass(custom_sqlserver.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .storageEncrypted(true)\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 500\n autoMinorVersionUpgrade: false # Custom for SQL Server does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomSQLServerInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-sqlserver\"].engine}\n engineVersion: ${[\"custom-sqlserver\"].engineVersion}\n identifier: sql-instance-demo\n instanceClass: ${[\"custom-sqlserver\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for SQL Server does support multi-az\n password: avoid-plaintext-passwords\n storageEncrypted: true\n username: test\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-sqlserver:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.v1\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Db2 Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\nconst default = aws.rds.getEngineVersion({\n engine: \"db2-se\",\n});\n// Lookup the available instance classes for the engine in the region being operated in\nconst example = Promise.all([_default, _default]).then(([_default, _default1]) =\u003e aws.rds.getOrderableDbInstance({\n engine: _default.engine,\n engineVersion: _default1.version,\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ],\n}));\n// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nconst exampleParameterGroup = new aws.rds.ParameterGroup(\"example\", {\n name: \"db-db2-params\",\n family: _default.then(_default =\u003e _default.parameterGroupFamily),\n parameters: [\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_customer_id\",\n value: \"0\",\n },\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_site_id\",\n value: \"0\",\n },\n ],\n});\n// Create the RDS Db2 instance, use the data sources defined to set attributes\nconst exampleInstance = new aws.rds.Instance(\"example\", {\n allocatedStorage: 100,\n backupRetentionPeriod: 7,\n dbName: \"test\",\n engine: example.then(example =\u003e example.engine),\n engineVersion: example.then(example =\u003e example.engineVersion),\n identifier: \"db2-instance-demo\",\n instanceClass: example.then(example =\u003e example.instanceClass).apply((x) =\u003e aws.rds.instancetype.InstanceType[x]),\n parameterGroupName: exampleParameterGroup.name,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\ndefault = aws.rds.get_engine_version(engine=\"db2-se\")\n# Lookup the available instance classes for the engine in the region being operated in\nexample = aws.rds.get_orderable_db_instance(engine=default.engine,\n engine_version=default.version,\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ])\n# The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nexample_parameter_group = aws.rds.ParameterGroup(\"example\",\n name=\"db-db2-params\",\n family=default.parameter_group_family,\n parameters=[\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_customer_id\",\n value=\"0\",\n ),\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_site_id\",\n value=\"0\",\n ),\n ])\n# Create the RDS Db2 instance, use the data sources defined to set attributes\nexample_instance = aws.rds.Instance(\"example\",\n allocated_storage=100,\n backup_retention_period=7,\n db_name=\"test\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"db2-instance-demo\",\n instance_class=example.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)),\n parameter_group_name=example_parameter_group.name,\n password=\"avoid-plaintext-passwords\",\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n var @default = Aws.Rds.GetEngineVersion.Invoke(new()\n {\n Engine = \"db2-se\",\n });\n\n // Lookup the available instance classes for the engine in the region being operated in\n var example = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Engine),\n EngineVersion = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Version),\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n },\n });\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new Aws.Rds.ParameterGroup(\"example\", new()\n {\n Name = \"db-db2-params\",\n Family = @default.Apply(@default =\u003e @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.ParameterGroupFamily)),\n Parameters = new[]\n {\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_customer_id\",\n Value = \"0\",\n },\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_site_id\",\n Value = \"0\",\n },\n },\n });\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 100,\n BackupRetentionPeriod = 7,\n DbName = \"test\",\n Engine = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine),\n EngineVersion = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion),\n Identifier = \"db2-instance-demo\",\n InstanceClass = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType.InstanceType\u003e),\n ParameterGroupName = exampleParameterGroup.Name,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n\t\t_default, err := rds.GetEngineVersion(ctx, \u0026rds.GetEngineVersionArgs{\n\t\t\tEngine: \"db2-se\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lookup the available instance classes for the engine in the region being operated in\n\t\texample, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: pulumi.StringRef(_default.Version),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.t3.small\",\n\t\t\t\t\"db.r6i.large\",\n\t\t\t\t\"db.m6i.large\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n\t\texampleParameterGroup, err := rds.NewParameterGroup(ctx, \"example\", \u0026rds.ParameterGroupArgs{\n\t\t\tName: pulumi.String(\"db-db2-params\"),\n\t\t\tFamily: *pulumi.String(_default.ParameterGroupFamily),\n\t\t\tParameters: rds.ParameterGroupParameterArray{\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_customer_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_site_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the RDS Db2 instance, use the data sources defined to set attributes\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: *pulumi.String(example.Engine),\n\t\t\tEngineVersion: *pulumi.String(example.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"db2-instance-demo\"),\n\t\t\tInstanceClass: example.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tParameterGroupName: exampleParameterGroup.Name,\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetEngineVersionArgs;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.rds.ParameterGroup;\nimport com.pulumi.aws.rds.ParameterGroupArgs;\nimport com.pulumi.aws.rds.inputs.ParameterGroupParameterArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = RdsFunctions.getEngineVersion(GetEngineVersionArgs.builder()\n .engine(\"db2-se\")\n .build());\n\n final var example = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(default_.engine())\n .engineVersion(default_.version())\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\")\n .build());\n\n var exampleParameterGroup = new ParameterGroup(\"exampleParameterGroup\", ParameterGroupArgs.builder() \n .name(\"db-db2-params\")\n .family(default_.parameterGroupFamily())\n .parameters( \n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_customer_id\")\n .value(0)\n .build(),\n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_site_id\")\n .value(0)\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .allocatedStorage(100)\n .backupRetentionPeriod(7)\n .dbName(\"test\")\n .engine(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engine()))\n .engineVersion(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engineVersion()))\n .identifier(\"db2-instance-demo\")\n .instanceClass(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.instanceClass()))\n .parameterGroupName(exampleParameterGroup.name())\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n exampleParameterGroup:\n type: aws:rds:ParameterGroup\n name: example\n properties:\n name: db-db2-params\n family: ${default.parameterGroupFamily}\n parameters:\n - applyMethod: immediate\n name: rds.ibm_customer_id\n value: 0\n - applyMethod: immediate\n name: rds.ibm_site_id\n value: 0\n # Create the RDS Db2 instance, use the data sources defined to set attributes\n exampleInstance:\n type: aws:rds:Instance\n name: example\n properties:\n allocatedStorage: 100\n backupRetentionPeriod: 7\n dbName: test\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: db2-instance-demo\n instanceClass: ${example.instanceClass}\n parameterGroupName: ${exampleParameterGroup.name}\n password: avoid-plaintext-passwords\n username: test\nvariables:\n # Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n default:\n fn::invoke:\n Function: aws:rds:getEngineVersion\n Arguments:\n engine: db2-se\n # Lookup the available instance classes for the engine in the region being operated in\n example:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: ${default.engine}\n engineVersion: ${default.version}\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.t3.small\n - db.r6i.large\n - db.m6i.large\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Storage Autoscaling\n\nTo enable Storage Autoscaling with instances that support the feature, define the `max_allocated_storage` argument higher than the `allocated_storage` argument. This provider will automatically hide differences with the `allocated_storage` argument value if autoscaling occurs.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 50,\n maxAllocatedStorage: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=50,\n max_allocated_storage=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 50,\n MaxAllocatedStorage = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tMaxAllocatedStorage: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(50)\n .maxAllocatedStorage(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n maxAllocatedStorage: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `password` attribute (removal is required).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n manageMasterUserPassword: true,\n username: \"foo\",\n parameterGroupName: \"default.mysql5.7\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n manage_master_user_password=True,\n username=\"foo\",\n parameter_group_name=\"default.mysql5.7\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ManageMasterUserPassword = true,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .username(\"foo\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n username: foo\n parameterGroupName: default.mysql5.7\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n manageMasterUserPassword: true,\n masterUserSecretKmsKeyId: example.keyId,\n username: \"foo\",\n parameterGroupName: \"default.mysql5.7\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n manage_master_user_password=True,\n master_user_secret_kms_key_id=example.key_id,\n username=\"foo\",\n parameter_group_name=\"default.mysql5.7\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ManageMasterUserPassword = true,\n MasterUserSecretKmsKeyId = example.KeyId,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder() \n .description(\"Example KMS Key\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .masterUserSecretKmsKeyId(example.keyId())\n .username(\"foo\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n masterUserSecretKmsKeyId: ${example.keyId}\n username: foo\n parameterGroupName: default.mysql5.7\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DB Instances using the `identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/instance:Instance default mydb-rds-instance\n```\n", + "description": "Provides an RDS instance resource. A DB instance is an isolated database\nenvironment in the cloud. A DB instance can contain multiple user-created\ndatabases.\n\nChanges to a DB instance can occur when you manually change a parameter, such as\n`allocated_storage`, and are reflected in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because a\nmodification has not yet taken place. You can use the `apply_immediately` flag\nto instruct the service to apply the change immediately (see documentation\nbelow).\n\nWhen upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`.\n\n\u003e **Note:** using `apply_immediately` can result in a brief downtime as the server reboots.\nSee the AWS Docs on [RDS Instance Maintenance][instance-maintenance] for more information.\n\n\u003e **Note:** All arguments including the username and password will be stored in the raw state as plain-text.\nRead more about sensitive data instate.\n\n\n\n## RDS Instance Class Types\n\nAmazon RDS supports instance classes for the following use cases: General-purpose, Memory-optimized, Burstable Performance, and Optimized-reads.\nFor more information please read the AWS RDS documentation about [DB Instance Class Types](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\n\n## Low-Downtime Updates\n\nBy default, RDS applies updates to DB Instances in-place, which can lead to service interruptions.\nLow-downtime updates minimize service interruptions by performing the updates with an [RDS Blue/Green deployment][blue-green] and switching over the instances when complete.\n\nLow-downtime updates are only available for DB Instances using MySQL and MariaDB,\nas other engines are not supported by RDS Blue/Green deployments.\nThey cannot be used with DB Instances with replicas.\n\nBackups must be enabled to use low-downtime updates.\n\nEnable low-downtime updates by setting `blue_green_update.enabled` to `true`.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n username: \"foo\",\n password: \"foobarbaz\",\n parameterGroupName: \"default.mysql5.7\",\n skipFinalSnapshot: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n username=\"foo\",\n password=\"foobarbaz\",\n parameter_group_name=\"default.mysql5.7\",\n skip_final_snapshot=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n Username = \"foo\",\n Password = \"foobarbaz\",\n ParameterGroupName = \"default.mysql5.7\",\n SkipFinalSnapshot = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .username(\"foo\")\n .password(\"foobarbaz\")\n .parameterGroupName(\"default.mysql5.7\")\n .skipFinalSnapshot(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n username: foo\n password: foobarbaz\n parameterGroupName: default.mysql5.7\n skipFinalSnapshot: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for Oracle Usage with Replica\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom-oracle = aws.rds.getOrderableDbInstance({\n engine: \"custom-oracle-ee\",\n engineVersion: \"19.c.ee.002\",\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 50,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_oracle.then(custom_oracle =\u003e custom_oracle.engine),\n engineVersion: custom_oracle.then(custom_oracle =\u003e custom_oracle.engineVersion),\n identifier: \"ee-instance-demo\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n licenseModel: custom_oracle.then(custom_oracle =\u003e custom_oracle.licenseModel),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n storageEncrypted: true,\n});\nconst test_replica = new aws.rds.Instance(\"test-replica\", {\n replicateSourceDb: _default.identifier,\n replicaMode: \"mounted\",\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n identifier: \"ee-instance-replica\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n skipFinalSnapshot: true,\n storageEncrypted: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_oracle = aws.rds.get_orderable_db_instance(engine=\"custom-oracle-ee\",\n engine_version=\"19.c.ee.002\",\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=50,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_oracle.engine,\n engine_version=custom_oracle.engine_version,\n identifier=\"ee-instance-demo\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n license_model=custom_oracle.license_model,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n username=\"test\",\n storage_encrypted=True)\ntest_replica = aws.rds.Instance(\"test-replica\",\n replicate_source_db=default.identifier,\n replica_mode=\"mounted\",\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n identifier=\"ee-instance-replica\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n skip_final_snapshot=True,\n storage_encrypted=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_oracle = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-oracle-ee\",\n EngineVersion = \"19.c.ee.002\",\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 50,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"ee-instance-demo\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n LicenseModel = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.LicenseModel)),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n StorageEncrypted = true,\n });\n\n var test_replica = new Aws.Rds.Instance(\"test-replica\", new()\n {\n ReplicateSourceDb = @default.Identifier,\n ReplicaMode = \"mounted\",\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n Identifier = \"ee-instance-replica\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n SkipFinalSnapshot = true,\n StorageEncrypted = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_oracle, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-oracle-ee\",\n\t\t\tEngineVersion: pulumi.StringRef(\"19.c.ee.002\"),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: pulumi.String(custom_oracle.Engine),\n\t\t\tEngineVersion: pulumi.String(custom_oracle.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-demo\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tLicenseModel: pulumi.String(custom_oracle.LicenseModel),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"test-replica\", \u0026rds.InstanceArgs{\n\t\t\tReplicateSourceDb: _default.Identifier,\n\t\t\tReplicaMode: pulumi.String(\"mounted\"),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-replica\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-oracle = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-oracle-ee\")\n .engineVersion(\"19.c.ee.002\")\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(50)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_oracle.engine())\n .engineVersion(custom_oracle.engineVersion())\n .identifier(\"ee-instance-demo\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .licenseModel(custom_oracle.licenseModel())\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .storageEncrypted(true)\n .build());\n\n var test_replica = new Instance(\"test-replica\", InstanceArgs.builder() \n .replicateSourceDb(default_.identifier())\n .replicaMode(\"mounted\")\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .identifier(\"ee-instance-replica\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .skipFinalSnapshot(true)\n .storageEncrypted(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n autoMinorVersionUpgrade: false # Custom for Oracle does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-oracle\"].engine}\n engineVersion: ${[\"custom-oracle\"].engineVersion}\n identifier: ee-instance-demo\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n licenseModel: ${[\"custom-oracle\"].licenseModel}\n multiAz: false # Custom for Oracle does not support multi-az\n password: avoid-plaintext-passwords\n username: test\n storageEncrypted: true\n test-replica:\n type: aws:rds:Instance\n properties:\n replicateSourceDb: ${default.identifier}\n replicaMode: mounted\n autoMinorVersionUpgrade: false\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n identifier: ee-instance-replica\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for Oracle does not support multi-az\n skipFinalSnapshot: true\n storageEncrypted: true\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-oracle:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-oracle-ee\n engineVersion: 19.c.ee.002\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for SQL Server\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom-sqlserver = aws.rds.getOrderableDbInstance({\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.v1\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 500,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomSQLServerInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engine),\n engineVersion: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engineVersion),\n identifier: \"sql-instance-demo\",\n instanceClass: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n storageEncrypted: true,\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_sqlserver = aws.rds.get_orderable_db_instance(engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.v1\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\nexample = aws.rds.Instance(\"example\",\n allocated_storage=500,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomSQLServerInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_sqlserver.engine,\n engine_version=custom_sqlserver.engine_version,\n identifier=\"sql-instance-demo\",\n instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n storage_encrypted=True,\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_sqlserver = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.v1\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 500,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomSQLServerInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"sql-instance-demo\",\n InstanceClass = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n StorageEncrypted = true,\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_sqlserver, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-sqlserver-se\",\n\t\t\tEngineVersion: pulumi.StringRef(\"15.00.4249.2.v1\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(500),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomSQLServerInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: pulumi.String(custom_sqlserver.Engine),\n\t\t\tEngineVersion: pulumi.String(custom_sqlserver.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"sql-instance-demo\"),\n\t\t\tInstanceClass: custom_sqlserver.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-sqlserver = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.v1\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(500)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomSQLServerInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_sqlserver.engine())\n .engineVersion(custom_sqlserver.engineVersion())\n .identifier(\"sql-instance-demo\")\n .instanceClass(custom_sqlserver.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .storageEncrypted(true)\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 500\n autoMinorVersionUpgrade: false # Custom for SQL Server does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomSQLServerInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-sqlserver\"].engine}\n engineVersion: ${[\"custom-sqlserver\"].engineVersion}\n identifier: sql-instance-demo\n instanceClass: ${[\"custom-sqlserver\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for SQL Server does support multi-az\n password: avoid-plaintext-passwords\n storageEncrypted: true\n username: test\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-sqlserver:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.v1\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Db2 Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\nconst default = aws.rds.getEngineVersion({\n engine: \"db2-se\",\n});\n// Lookup the available instance classes for the engine in the region being operated in\nconst example = Promise.all([_default, _default]).then(([_default, _default1]) =\u003e aws.rds.getOrderableDbInstance({\n engine: _default.engine,\n engineVersion: _default1.version,\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ],\n}));\n// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nconst exampleParameterGroup = new aws.rds.ParameterGroup(\"example\", {\n name: \"db-db2-params\",\n family: _default.then(_default =\u003e _default.parameterGroupFamily),\n parameters: [\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_customer_id\",\n value: \"0\",\n },\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_site_id\",\n value: \"0\",\n },\n ],\n});\n// Create the RDS Db2 instance, use the data sources defined to set attributes\nconst exampleInstance = new aws.rds.Instance(\"example\", {\n allocatedStorage: 100,\n backupRetentionPeriod: 7,\n dbName: \"test\",\n engine: example.then(example =\u003e example.engine),\n engineVersion: example.then(example =\u003e example.engineVersion),\n identifier: \"db2-instance-demo\",\n instanceClass: example.then(example =\u003e example.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n parameterGroupName: exampleParameterGroup.name,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\ndefault = aws.rds.get_engine_version(engine=\"db2-se\")\n# Lookup the available instance classes for the engine in the region being operated in\nexample = aws.rds.get_orderable_db_instance(engine=default.engine,\n engine_version=default.version,\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ])\n# The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nexample_parameter_group = aws.rds.ParameterGroup(\"example\",\n name=\"db-db2-params\",\n family=default.parameter_group_family,\n parameters=[\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_customer_id\",\n value=\"0\",\n ),\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_site_id\",\n value=\"0\",\n ),\n ])\n# Create the RDS Db2 instance, use the data sources defined to set attributes\nexample_instance = aws.rds.Instance(\"example\",\n allocated_storage=100,\n backup_retention_period=7,\n db_name=\"test\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"db2-instance-demo\",\n instance_class=example.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n parameter_group_name=example_parameter_group.name,\n password=\"avoid-plaintext-passwords\",\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n var @default = Aws.Rds.GetEngineVersion.Invoke(new()\n {\n Engine = \"db2-se\",\n });\n\n // Lookup the available instance classes for the engine in the region being operated in\n var example = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Engine),\n EngineVersion = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Version),\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n },\n });\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new Aws.Rds.ParameterGroup(\"example\", new()\n {\n Name = \"db-db2-params\",\n Family = @default.Apply(@default =\u003e @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.ParameterGroupFamily)),\n Parameters = new[]\n {\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_customer_id\",\n Value = \"0\",\n },\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_site_id\",\n Value = \"0\",\n },\n },\n });\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 100,\n BackupRetentionPeriod = 7,\n DbName = \"test\",\n Engine = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine),\n EngineVersion = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion),\n Identifier = \"db2-instance-demo\",\n InstanceClass = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n ParameterGroupName = exampleParameterGroup.Name,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n\t\t_default, err := rds.GetEngineVersion(ctx, \u0026rds.GetEngineVersionArgs{\n\t\t\tEngine: \"db2-se\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lookup the available instance classes for the engine in the region being operated in\n\t\texample, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: pulumi.StringRef(_default.Version),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.t3.small\",\n\t\t\t\t\"db.r6i.large\",\n\t\t\t\t\"db.m6i.large\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n\t\texampleParameterGroup, err := rds.NewParameterGroup(ctx, \"example\", \u0026rds.ParameterGroupArgs{\n\t\t\tName: pulumi.String(\"db-db2-params\"),\n\t\t\tFamily: pulumi.String(_default.ParameterGroupFamily),\n\t\t\tParameters: rds.ParameterGroupParameterArray{\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_customer_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_site_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the RDS Db2 instance, use the data sources defined to set attributes\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: pulumi.String(example.Engine),\n\t\t\tEngineVersion: pulumi.String(example.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"db2-instance-demo\"),\n\t\t\tInstanceClass: example.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tParameterGroupName: exampleParameterGroup.Name,\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetEngineVersionArgs;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.rds.ParameterGroup;\nimport com.pulumi.aws.rds.ParameterGroupArgs;\nimport com.pulumi.aws.rds.inputs.ParameterGroupParameterArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = RdsFunctions.getEngineVersion(GetEngineVersionArgs.builder()\n .engine(\"db2-se\")\n .build());\n\n final var example = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(default_.engine())\n .engineVersion(default_.version())\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\")\n .build());\n\n var exampleParameterGroup = new ParameterGroup(\"exampleParameterGroup\", ParameterGroupArgs.builder() \n .name(\"db-db2-params\")\n .family(default_.parameterGroupFamily())\n .parameters( \n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_customer_id\")\n .value(0)\n .build(),\n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_site_id\")\n .value(0)\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .allocatedStorage(100)\n .backupRetentionPeriod(7)\n .dbName(\"test\")\n .engine(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engine()))\n .engineVersion(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engineVersion()))\n .identifier(\"db2-instance-demo\")\n .instanceClass(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.instanceClass()))\n .parameterGroupName(exampleParameterGroup.name())\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n exampleParameterGroup:\n type: aws:rds:ParameterGroup\n name: example\n properties:\n name: db-db2-params\n family: ${default.parameterGroupFamily}\n parameters:\n - applyMethod: immediate\n name: rds.ibm_customer_id\n value: 0\n - applyMethod: immediate\n name: rds.ibm_site_id\n value: 0\n # Create the RDS Db2 instance, use the data sources defined to set attributes\n exampleInstance:\n type: aws:rds:Instance\n name: example\n properties:\n allocatedStorage: 100\n backupRetentionPeriod: 7\n dbName: test\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: db2-instance-demo\n instanceClass: ${example.instanceClass}\n parameterGroupName: ${exampleParameterGroup.name}\n password: avoid-plaintext-passwords\n username: test\nvariables:\n # Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n default:\n fn::invoke:\n Function: aws:rds:getEngineVersion\n Arguments:\n engine: db2-se\n # Lookup the available instance classes for the engine in the region being operated in\n example:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: ${default.engine}\n engineVersion: ${default.version}\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.t3.small\n - db.r6i.large\n - db.m6i.large\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Storage Autoscaling\n\nTo enable Storage Autoscaling with instances that support the feature, define the `max_allocated_storage` argument higher than the `allocated_storage` argument. This provider will automatically hide differences with the `allocated_storage` argument value if autoscaling occurs.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 50,\n maxAllocatedStorage: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=50,\n max_allocated_storage=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 50,\n MaxAllocatedStorage = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tMaxAllocatedStorage: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(50)\n .maxAllocatedStorage(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n maxAllocatedStorage: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `password` attribute (removal is required).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n manageMasterUserPassword: true,\n username: \"foo\",\n parameterGroupName: \"default.mysql5.7\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n manage_master_user_password=True,\n username=\"foo\",\n parameter_group_name=\"default.mysql5.7\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n ManageMasterUserPassword = true,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .username(\"foo\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n username: foo\n parameterGroupName: default.mysql5.7\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n manageMasterUserPassword: true,\n masterUserSecretKmsKeyId: example.keyId,\n username: \"foo\",\n parameterGroupName: \"default.mysql5.7\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n manage_master_user_password=True,\n master_user_secret_kms_key_id=example.key_id,\n username=\"foo\",\n parameter_group_name=\"default.mysql5.7\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n ManageMasterUserPassword = true,\n MasterUserSecretKmsKeyId = example.KeyId,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder() \n .description(\"Example KMS Key\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .masterUserSecretKmsKeyId(example.keyId())\n .username(\"foo\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n masterUserSecretKmsKeyId: ${example.keyId}\n username: foo\n parameterGroupName: default.mysql5.7\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DB Instances using the `identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/instance:Instance default mydb-rds-instance\n```\n", "properties": { "address": { "type": "string", @@ -301987,7 +301987,7 @@ } }, "aws:rds/instanceAutomatedBackupsReplication:InstanceAutomatedBackupsReplication": { - "description": "Manage cross-region replication of automated backups to a different AWS Region. Documentation for cross-region automated backup replication can be found at:\n\n* [Replicating automated backups to another AWS Region](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html)\n\n\u003e **Note:** This resource has to be created in the destination region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.InstanceAutomatedBackupsReplication(\"default\", {\n sourceDbInstanceArn: \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n retentionPeriod: 14,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.InstanceAutomatedBackupsReplication(\"default\",\n source_db_instance_arn=\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n retention_period=14)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.InstanceAutomatedBackupsReplication(\"default\", new()\n {\n SourceDbInstanceArn = \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n RetentionPeriod = 14,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstanceAutomatedBackupsReplication(ctx, \"default\", \u0026rds.InstanceAutomatedBackupsReplicationArgs{\n\t\t\tSourceDbInstanceArn: pulumi.String(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\"),\n\t\t\tRetentionPeriod: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplication;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new InstanceAutomatedBackupsReplication(\"default\", InstanceAutomatedBackupsReplicationArgs.builder() \n .sourceDbInstanceArn(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\")\n .retentionPeriod(14)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:InstanceAutomatedBackupsReplication\n properties:\n sourceDbInstanceArn: arn:aws:rds:us-west-2:123456789012:db:mydatabase\n retentionPeriod: 14\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Encrypting the automated backup with KMS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.InstanceAutomatedBackupsReplication(\"default\", {\n sourceDbInstanceArn: \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n kmsKeyId: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.InstanceAutomatedBackupsReplication(\"default\",\n source_db_instance_arn=\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n kms_key_id=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.InstanceAutomatedBackupsReplication(\"default\", new()\n {\n SourceDbInstanceArn = \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n KmsKeyId = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstanceAutomatedBackupsReplication(ctx, \"default\", \u0026rds.InstanceAutomatedBackupsReplicationArgs{\n\t\t\tSourceDbInstanceArn: pulumi.String(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\"),\n\t\t\tKmsKeyId: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplication;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new InstanceAutomatedBackupsReplication(\"default\", InstanceAutomatedBackupsReplicationArgs.builder() \n .sourceDbInstanceArn(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\")\n .kmsKeyId(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:InstanceAutomatedBackupsReplication\n properties:\n sourceDbInstanceArn: arn:aws:rds:us-west-2:123456789012:db:mydatabase\n kmsKeyId: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Example including a RDS DB instance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n identifier: \"mydb\",\n engine: \"postgres\",\n engineVersion: \"13.4\",\n instanceClass: \"db.t3.micro\",\n dbName: \"mydb\",\n username: \"masterusername\",\n password: \"mustbeeightcharacters\",\n backupRetentionPeriod: 7,\n storageEncrypted: true,\n skipFinalSnapshot: true,\n});\nconst defaultKey = new aws.kms.Key(\"default\", {description: \"Encryption key for automated backups\"});\nconst defaultInstanceAutomatedBackupsReplication = new aws.rds.InstanceAutomatedBackupsReplication(\"default\", {\n sourceDbInstanceArn: _default.arn,\n kmsKeyId: defaultKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n identifier=\"mydb\",\n engine=\"postgres\",\n engine_version=\"13.4\",\n instance_class=\"db.t3.micro\",\n db_name=\"mydb\",\n username=\"masterusername\",\n password=\"mustbeeightcharacters\",\n backup_retention_period=7,\n storage_encrypted=True,\n skip_final_snapshot=True)\ndefault_key = aws.kms.Key(\"default\", description=\"Encryption key for automated backups\")\ndefault_instance_automated_backups_replication = aws.rds.InstanceAutomatedBackupsReplication(\"default\",\n source_db_instance_arn=default.arn,\n kms_key_id=default_key.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n Identifier = \"mydb\",\n Engine = \"postgres\",\n EngineVersion = \"13.4\",\n InstanceClass = \"db.t3.micro\",\n DbName = \"mydb\",\n Username = \"masterusername\",\n Password = \"mustbeeightcharacters\",\n BackupRetentionPeriod = 7,\n StorageEncrypted = true,\n SkipFinalSnapshot = true,\n });\n\n var defaultKey = new Aws.Kms.Key(\"default\", new()\n {\n Description = \"Encryption key for automated backups\",\n });\n\n var defaultInstanceAutomatedBackupsReplication = new Aws.Rds.InstanceAutomatedBackupsReplication(\"default\", new()\n {\n SourceDbInstanceArn = @default.Arn,\n KmsKeyId = defaultKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tIdentifier: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"postgres\"),\n\t\t\tEngineVersion: pulumi.String(\"13.4\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"masterusername\"),\n\t\t\tPassword: pulumi.String(\"mustbeeightcharacters\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultKey, err := kms.NewKey(ctx, \"default\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Encryption key for automated backups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstanceAutomatedBackupsReplication(ctx, \"default\", \u0026rds.InstanceAutomatedBackupsReplicationArgs{\n\t\t\tSourceDbInstanceArn: _default.Arn,\n\t\t\tKmsKeyId: defaultKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplication;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .identifier(\"mydb\")\n .engine(\"postgres\")\n .engineVersion(\"13.4\")\n .instanceClass(\"db.t3.micro\")\n .dbName(\"mydb\")\n .username(\"masterusername\")\n .password(\"mustbeeightcharacters\")\n .backupRetentionPeriod(7)\n .storageEncrypted(true)\n .skipFinalSnapshot(true)\n .build());\n\n var defaultKey = new Key(\"defaultKey\", KeyArgs.builder() \n .description(\"Encryption key for automated backups\")\n .build());\n\n var defaultInstanceAutomatedBackupsReplication = new InstanceAutomatedBackupsReplication(\"defaultInstanceAutomatedBackupsReplication\", InstanceAutomatedBackupsReplicationArgs.builder() \n .sourceDbInstanceArn(default_.arn())\n .kmsKeyId(defaultKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n identifier: mydb\n engine: postgres\n engineVersion: '13.4'\n instanceClass: db.t3.micro\n dbName: mydb\n username: masterusername\n password: mustbeeightcharacters\n backupRetentionPeriod: 7\n storageEncrypted: true\n skipFinalSnapshot: true\n defaultKey:\n type: aws:kms:Key\n name: default\n properties:\n description: Encryption key for automated backups\n defaultInstanceAutomatedBackupsReplication:\n type: aws:rds:InstanceAutomatedBackupsReplication\n name: default\n properties:\n sourceDbInstanceArn: ${default.arn}\n kmsKeyId: ${defaultKey.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS instance automated backups replication using the `arn`. For example:\n\n```sh\n$ pulumi import aws:rds/instanceAutomatedBackupsReplication:InstanceAutomatedBackupsReplication default arn:aws:rds:us-east-1:123456789012:auto-backup:ab-faaa2mgdj1vmp4xflr7yhsrmtbtob7ltrzzz2my\n```\n", + "description": "Manage cross-region replication of automated backups to a different AWS Region. Documentation for cross-region automated backup replication can be found at:\n\n* [Replicating automated backups to another AWS Region](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html)\n\n\u003e **Note:** This resource has to be created in the destination region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.InstanceAutomatedBackupsReplication(\"default\", {\n sourceDbInstanceArn: \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n retentionPeriod: 14,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.InstanceAutomatedBackupsReplication(\"default\",\n source_db_instance_arn=\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n retention_period=14)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.InstanceAutomatedBackupsReplication(\"default\", new()\n {\n SourceDbInstanceArn = \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n RetentionPeriod = 14,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstanceAutomatedBackupsReplication(ctx, \"default\", \u0026rds.InstanceAutomatedBackupsReplicationArgs{\n\t\t\tSourceDbInstanceArn: pulumi.String(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\"),\n\t\t\tRetentionPeriod: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplication;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new InstanceAutomatedBackupsReplication(\"default\", InstanceAutomatedBackupsReplicationArgs.builder() \n .sourceDbInstanceArn(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\")\n .retentionPeriod(14)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:InstanceAutomatedBackupsReplication\n properties:\n sourceDbInstanceArn: arn:aws:rds:us-west-2:123456789012:db:mydatabase\n retentionPeriod: 14\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Encrypting the automated backup with KMS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.InstanceAutomatedBackupsReplication(\"default\", {\n sourceDbInstanceArn: \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n kmsKeyId: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.InstanceAutomatedBackupsReplication(\"default\",\n source_db_instance_arn=\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n kms_key_id=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.InstanceAutomatedBackupsReplication(\"default\", new()\n {\n SourceDbInstanceArn = \"arn:aws:rds:us-west-2:123456789012:db:mydatabase\",\n KmsKeyId = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstanceAutomatedBackupsReplication(ctx, \"default\", \u0026rds.InstanceAutomatedBackupsReplicationArgs{\n\t\t\tSourceDbInstanceArn: pulumi.String(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\"),\n\t\t\tKmsKeyId: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplication;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new InstanceAutomatedBackupsReplication(\"default\", InstanceAutomatedBackupsReplicationArgs.builder() \n .sourceDbInstanceArn(\"arn:aws:rds:us-west-2:123456789012:db:mydatabase\")\n .kmsKeyId(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:InstanceAutomatedBackupsReplication\n properties:\n sourceDbInstanceArn: arn:aws:rds:us-west-2:123456789012:db:mydatabase\n kmsKeyId: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Example including a RDS DB instance\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n identifier: \"mydb\",\n engine: \"postgres\",\n engineVersion: \"13.4\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n dbName: \"mydb\",\n username: \"masterusername\",\n password: \"mustbeeightcharacters\",\n backupRetentionPeriod: 7,\n storageEncrypted: true,\n skipFinalSnapshot: true,\n});\nconst defaultKey = new aws.kms.Key(\"default\", {description: \"Encryption key for automated backups\"});\nconst defaultInstanceAutomatedBackupsReplication = new aws.rds.InstanceAutomatedBackupsReplication(\"default\", {\n sourceDbInstanceArn: _default.arn,\n kmsKeyId: defaultKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n identifier=\"mydb\",\n engine=\"postgres\",\n engine_version=\"13.4\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n db_name=\"mydb\",\n username=\"masterusername\",\n password=\"mustbeeightcharacters\",\n backup_retention_period=7,\n storage_encrypted=True,\n skip_final_snapshot=True)\ndefault_key = aws.kms.Key(\"default\", description=\"Encryption key for automated backups\")\ndefault_instance_automated_backups_replication = aws.rds.InstanceAutomatedBackupsReplication(\"default\",\n source_db_instance_arn=default.arn,\n kms_key_id=default_key.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n Identifier = \"mydb\",\n Engine = \"postgres\",\n EngineVersion = \"13.4\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n DbName = \"mydb\",\n Username = \"masterusername\",\n Password = \"mustbeeightcharacters\",\n BackupRetentionPeriod = 7,\n StorageEncrypted = true,\n SkipFinalSnapshot = true,\n });\n\n var defaultKey = new Aws.Kms.Key(\"default\", new()\n {\n Description = \"Encryption key for automated backups\",\n });\n\n var defaultInstanceAutomatedBackupsReplication = new Aws.Rds.InstanceAutomatedBackupsReplication(\"default\", new()\n {\n SourceDbInstanceArn = @default.Arn,\n KmsKeyId = defaultKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tIdentifier: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"postgres\"),\n\t\t\tEngineVersion: pulumi.String(\"13.4\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"masterusername\"),\n\t\t\tPassword: pulumi.String(\"mustbeeightcharacters\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultKey, err := kms.NewKey(ctx, \"default\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Encryption key for automated backups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstanceAutomatedBackupsReplication(ctx, \"default\", \u0026rds.InstanceAutomatedBackupsReplicationArgs{\n\t\t\tSourceDbInstanceArn: _default.Arn,\n\t\t\tKmsKeyId: defaultKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplication;\nimport com.pulumi.aws.rds.InstanceAutomatedBackupsReplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .identifier(\"mydb\")\n .engine(\"postgres\")\n .engineVersion(\"13.4\")\n .instanceClass(\"db.t3.micro\")\n .dbName(\"mydb\")\n .username(\"masterusername\")\n .password(\"mustbeeightcharacters\")\n .backupRetentionPeriod(7)\n .storageEncrypted(true)\n .skipFinalSnapshot(true)\n .build());\n\n var defaultKey = new Key(\"defaultKey\", KeyArgs.builder() \n .description(\"Encryption key for automated backups\")\n .build());\n\n var defaultInstanceAutomatedBackupsReplication = new InstanceAutomatedBackupsReplication(\"defaultInstanceAutomatedBackupsReplication\", InstanceAutomatedBackupsReplicationArgs.builder() \n .sourceDbInstanceArn(default_.arn())\n .kmsKeyId(defaultKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n identifier: mydb\n engine: postgres\n engineVersion: '13.4'\n instanceClass: db.t3.micro\n dbName: mydb\n username: masterusername\n password: mustbeeightcharacters\n backupRetentionPeriod: 7\n storageEncrypted: true\n skipFinalSnapshot: true\n defaultKey:\n type: aws:kms:Key\n name: default\n properties:\n description: Encryption key for automated backups\n defaultInstanceAutomatedBackupsReplication:\n type: aws:rds:InstanceAutomatedBackupsReplication\n name: default\n properties:\n sourceDbInstanceArn: ${default.arn}\n kmsKeyId: ${defaultKey.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS instance automated backups replication using the `arn`. For example:\n\n```sh\n$ pulumi import aws:rds/instanceAutomatedBackupsReplication:InstanceAutomatedBackupsReplication default arn:aws:rds:us-east-1:123456789012:auto-backup:ab-faaa2mgdj1vmp4xflr7yhsrmtbtob7ltrzzz2my\n```\n", "properties": { "kmsKeyId": { "type": "string", @@ -302977,7 +302977,7 @@ } }, "aws:rds/reservedInstance:ReservedInstance": { - "description": "Manages an RDS DB Reserved Instance.\n\n\u003e **NOTE:** Once created, a reservation is valid for the `duration` of the provided `offering_id` and cannot be deleted. Performing a `destroy` will only remove the resource from state. For more information see [RDS Reserved Instances Documentation](https://aws.amazon.com/rds/reserved-instances/) and [PurchaseReservedDBInstancesOffering](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PurchaseReservedDBInstancesOffering.html).\n\n\u003e **NOTE:** Due to the expense of testing this resource, we provide it as best effort. If you find it useful, and have the ability to help test or notice issues, consider reaching out to us on GitHub.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.rds.getReservedInstanceOffering({\n dbInstanceClass: \"db.t2.micro\",\n duration: 31536000,\n multiAz: false,\n offeringType: \"All Upfront\",\n productDescription: \"mysql\",\n});\nconst example = new aws.rds.ReservedInstance(\"example\", {\n offeringId: test.then(test =\u003e test.offeringId),\n reservationId: \"optionalCustomReservationID\",\n instanceCount: 3,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.get_reserved_instance_offering(db_instance_class=\"db.t2.micro\",\n duration=31536000,\n multi_az=False,\n offering_type=\"All Upfront\",\n product_description=\"mysql\")\nexample = aws.rds.ReservedInstance(\"example\",\n offering_id=test.offering_id,\n reservation_id=\"optionalCustomReservationID\",\n instance_count=3)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Rds.GetReservedInstanceOffering.Invoke(new()\n {\n DbInstanceClass = \"db.t2.micro\",\n Duration = 31536000,\n MultiAz = false,\n OfferingType = \"All Upfront\",\n ProductDescription = \"mysql\",\n });\n\n var example = new Aws.Rds.ReservedInstance(\"example\", new()\n {\n OfferingId = test.Apply(getReservedInstanceOfferingResult =\u003e getReservedInstanceOfferingResult.OfferingId),\n ReservationId = \"optionalCustomReservationID\",\n InstanceCount = 3,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := rds.GetReservedInstanceOffering(ctx, \u0026rds.GetReservedInstanceOfferingArgs{\n\t\t\tDbInstanceClass: \"db.t2.micro\",\n\t\t\tDuration: 31536000,\n\t\t\tMultiAz: false,\n\t\t\tOfferingType: \"All Upfront\",\n\t\t\tProductDescription: \"mysql\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewReservedInstance(ctx, \"example\", \u0026rds.ReservedInstanceArgs{\n\t\t\tOfferingId: *pulumi.String(test.OfferingId),\n\t\t\tReservationId: pulumi.String(\"optionalCustomReservationID\"),\n\t\t\tInstanceCount: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetReservedInstanceOfferingArgs;\nimport com.pulumi.aws.rds.ReservedInstance;\nimport com.pulumi.aws.rds.ReservedInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = RdsFunctions.getReservedInstanceOffering(GetReservedInstanceOfferingArgs.builder()\n .dbInstanceClass(\"db.t2.micro\")\n .duration(31536000)\n .multiAz(false)\n .offeringType(\"All Upfront\")\n .productDescription(\"mysql\")\n .build());\n\n var example = new ReservedInstance(\"example\", ReservedInstanceArgs.builder() \n .offeringId(test.applyValue(getReservedInstanceOfferingResult -\u003e getReservedInstanceOfferingResult.offeringId()))\n .reservationId(\"optionalCustomReservationID\")\n .instanceCount(3)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:ReservedInstance\n properties:\n offeringId: ${test.offeringId}\n reservationId: optionalCustomReservationID\n instanceCount: 3\nvariables:\n test:\n fn::invoke:\n Function: aws:rds:getReservedInstanceOffering\n Arguments:\n dbInstanceClass: db.t2.micro\n duration: 3.1536e+07\n multiAz: false\n offeringType: All Upfront\n productDescription: mysql\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS DB Instance Reservations using the `instance_id`. For example:\n\n```sh\n$ pulumi import aws:rds/reservedInstance:ReservedInstance reservation_instance CustomReservationID\n```\n", + "description": "Manages an RDS DB Reserved Instance.\n\n\u003e **NOTE:** Once created, a reservation is valid for the `duration` of the provided `offering_id` and cannot be deleted. Performing a `destroy` will only remove the resource from state. For more information see [RDS Reserved Instances Documentation](https://aws.amazon.com/rds/reserved-instances/) and [PurchaseReservedDBInstancesOffering](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_PurchaseReservedDBInstancesOffering.html).\n\n\u003e **NOTE:** Due to the expense of testing this resource, we provide it as best effort. If you find it useful, and have the ability to help test or notice issues, consider reaching out to us on GitHub.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.rds.getReservedInstanceOffering({\n dbInstanceClass: \"db.t2.micro\",\n duration: 31536000,\n multiAz: false,\n offeringType: \"All Upfront\",\n productDescription: \"mysql\",\n});\nconst example = new aws.rds.ReservedInstance(\"example\", {\n offeringId: test.then(test =\u003e test.offeringId),\n reservationId: \"optionalCustomReservationID\",\n instanceCount: 3,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.get_reserved_instance_offering(db_instance_class=\"db.t2.micro\",\n duration=31536000,\n multi_az=False,\n offering_type=\"All Upfront\",\n product_description=\"mysql\")\nexample = aws.rds.ReservedInstance(\"example\",\n offering_id=test.offering_id,\n reservation_id=\"optionalCustomReservationID\",\n instance_count=3)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Rds.GetReservedInstanceOffering.Invoke(new()\n {\n DbInstanceClass = \"db.t2.micro\",\n Duration = 31536000,\n MultiAz = false,\n OfferingType = \"All Upfront\",\n ProductDescription = \"mysql\",\n });\n\n var example = new Aws.Rds.ReservedInstance(\"example\", new()\n {\n OfferingId = test.Apply(getReservedInstanceOfferingResult =\u003e getReservedInstanceOfferingResult.OfferingId),\n ReservationId = \"optionalCustomReservationID\",\n InstanceCount = 3,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := rds.GetReservedInstanceOffering(ctx, \u0026rds.GetReservedInstanceOfferingArgs{\n\t\t\tDbInstanceClass: \"db.t2.micro\",\n\t\t\tDuration: 31536000,\n\t\t\tMultiAz: false,\n\t\t\tOfferingType: \"All Upfront\",\n\t\t\tProductDescription: \"mysql\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewReservedInstance(ctx, \"example\", \u0026rds.ReservedInstanceArgs{\n\t\t\tOfferingId: pulumi.String(test.OfferingId),\n\t\t\tReservationId: pulumi.String(\"optionalCustomReservationID\"),\n\t\t\tInstanceCount: pulumi.Int(3),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetReservedInstanceOfferingArgs;\nimport com.pulumi.aws.rds.ReservedInstance;\nimport com.pulumi.aws.rds.ReservedInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = RdsFunctions.getReservedInstanceOffering(GetReservedInstanceOfferingArgs.builder()\n .dbInstanceClass(\"db.t2.micro\")\n .duration(31536000)\n .multiAz(false)\n .offeringType(\"All Upfront\")\n .productDescription(\"mysql\")\n .build());\n\n var example = new ReservedInstance(\"example\", ReservedInstanceArgs.builder() \n .offeringId(test.applyValue(getReservedInstanceOfferingResult -\u003e getReservedInstanceOfferingResult.offeringId()))\n .reservationId(\"optionalCustomReservationID\")\n .instanceCount(3)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:ReservedInstance\n properties:\n offeringId: ${test.offeringId}\n reservationId: optionalCustomReservationID\n instanceCount: 3\nvariables:\n test:\n fn::invoke:\n Function: aws:rds:getReservedInstanceOffering\n Arguments:\n dbInstanceClass: db.t2.micro\n duration: 3.1536e+07\n multiAz: false\n offeringType: All Upfront\n productDescription: mysql\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS DB Instance Reservations using the `instance_id`. For example:\n\n```sh\n$ pulumi import aws:rds/reservedInstance:ReservedInstance reservation_instance CustomReservationID\n```\n", "properties": { "arn": { "type": "string", @@ -303264,7 +303264,7 @@ } }, "aws:rds/snapshot:Snapshot": { - "description": "Manages an RDS database instance snapshot. For managing RDS database cluster snapshots, see the `aws.rds.ClusterSnapshot` resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.rds.Instance(\"bar\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.21\",\n instanceClass: \"db.t2.micro\",\n dbName: \"baz\",\n password: \"barbarbarbar\",\n username: \"foo\",\n maintenanceWindow: \"Fri:09:00-Fri:09:30\",\n backupRetentionPeriod: 0,\n parameterGroupName: \"default.mysql5.6\",\n});\nconst test = new aws.rds.Snapshot(\"test\", {\n dbInstanceIdentifier: bar.identifier,\n dbSnapshotIdentifier: \"testsnapshot1234\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.rds.Instance(\"bar\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.21\",\n instance_class=\"db.t2.micro\",\n db_name=\"baz\",\n password=\"barbarbarbar\",\n username=\"foo\",\n maintenance_window=\"Fri:09:00-Fri:09:30\",\n backup_retention_period=0,\n parameter_group_name=\"default.mysql5.6\")\ntest = aws.rds.Snapshot(\"test\",\n db_instance_identifier=bar.identifier,\n db_snapshot_identifier=\"testsnapshot1234\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Aws.Rds.Instance(\"bar\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.21\",\n InstanceClass = \"db.t2.micro\",\n DbName = \"baz\",\n Password = \"barbarbarbar\",\n Username = \"foo\",\n MaintenanceWindow = \"Fri:09:00-Fri:09:30\",\n BackupRetentionPeriod = 0,\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var test = new Aws.Rds.Snapshot(\"test\", new()\n {\n DbInstanceIdentifier = bar.Identifier,\n DbSnapshotIdentifier = \"testsnapshot1234\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := rds.NewInstance(ctx, \"bar\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.21\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"baz\"),\n\t\t\tPassword: pulumi.String(\"barbarbarbar\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tMaintenanceWindow: pulumi.String(\"Fri:09:00-Fri:09:30\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(0),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewSnapshot(ctx, \"test\", \u0026rds.SnapshotArgs{\n\t\t\tDbInstanceIdentifier: bar.Identifier,\n\t\t\tDbSnapshotIdentifier: pulumi.String(\"testsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.Snapshot;\nimport com.pulumi.aws.rds.SnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Instance(\"bar\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.21\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"baz\")\n .password(\"barbarbarbar\")\n .username(\"foo\")\n .maintenanceWindow(\"Fri:09:00-Fri:09:30\")\n .backupRetentionPeriod(0)\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n var test = new Snapshot(\"test\", SnapshotArgs.builder() \n .dbInstanceIdentifier(bar.identifier())\n .dbSnapshotIdentifier(\"testsnapshot1234\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bar:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.21\n instanceClass: db.t2.micro\n dbName: baz\n password: barbarbarbar\n username: foo\n maintenanceWindow: Fri:09:00-Fri:09:30\n backupRetentionPeriod: 0\n parameterGroupName: default.mysql5.6\n test:\n type: aws:rds:Snapshot\n properties:\n dbInstanceIdentifier: ${bar.identifier}\n dbSnapshotIdentifier: testsnapshot1234\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_db_snapshot` using the snapshot identifier. For example:\n\n```sh\n$ pulumi import aws:rds/snapshot:Snapshot example my-snapshot\n```\n", + "description": "Manages an RDS database instance snapshot. For managing RDS database cluster snapshots, see the `aws.rds.ClusterSnapshot` resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.rds.Instance(\"bar\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.21\",\n instanceClass: aws.rds.InstanceType.T2_Micro,\n dbName: \"baz\",\n password: \"barbarbarbar\",\n username: \"foo\",\n maintenanceWindow: \"Fri:09:00-Fri:09:30\",\n backupRetentionPeriod: 0,\n parameterGroupName: \"default.mysql5.6\",\n});\nconst test = new aws.rds.Snapshot(\"test\", {\n dbInstanceIdentifier: bar.identifier,\n dbSnapshotIdentifier: \"testsnapshot1234\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.rds.Instance(\"bar\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.21\",\n instance_class=aws.rds.InstanceType.T2_MICRO,\n db_name=\"baz\",\n password=\"barbarbarbar\",\n username=\"foo\",\n maintenance_window=\"Fri:09:00-Fri:09:30\",\n backup_retention_period=0,\n parameter_group_name=\"default.mysql5.6\")\ntest = aws.rds.Snapshot(\"test\",\n db_instance_identifier=bar.identifier,\n db_snapshot_identifier=\"testsnapshot1234\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Aws.Rds.Instance(\"bar\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.21\",\n InstanceClass = Aws.Rds.InstanceType.T2_Micro,\n DbName = \"baz\",\n Password = \"barbarbarbar\",\n Username = \"foo\",\n MaintenanceWindow = \"Fri:09:00-Fri:09:30\",\n BackupRetentionPeriod = 0,\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var test = new Aws.Rds.Snapshot(\"test\", new()\n {\n DbInstanceIdentifier = bar.Identifier,\n DbSnapshotIdentifier = \"testsnapshot1234\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := rds.NewInstance(ctx, \"bar\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.21\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Micro),\n\t\t\tDbName: pulumi.String(\"baz\"),\n\t\t\tPassword: pulumi.String(\"barbarbarbar\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tMaintenanceWindow: pulumi.String(\"Fri:09:00-Fri:09:30\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(0),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewSnapshot(ctx, \"test\", \u0026rds.SnapshotArgs{\n\t\t\tDbInstanceIdentifier: bar.Identifier,\n\t\t\tDbSnapshotIdentifier: pulumi.String(\"testsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.Snapshot;\nimport com.pulumi.aws.rds.SnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Instance(\"bar\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.21\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"baz\")\n .password(\"barbarbarbar\")\n .username(\"foo\")\n .maintenanceWindow(\"Fri:09:00-Fri:09:30\")\n .backupRetentionPeriod(0)\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n var test = new Snapshot(\"test\", SnapshotArgs.builder() \n .dbInstanceIdentifier(bar.identifier())\n .dbSnapshotIdentifier(\"testsnapshot1234\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bar:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.21\n instanceClass: db.t2.micro\n dbName: baz\n password: barbarbarbar\n username: foo\n maintenanceWindow: Fri:09:00-Fri:09:30\n backupRetentionPeriod: 0\n parameterGroupName: default.mysql5.6\n test:\n type: aws:rds:Snapshot\n properties:\n dbInstanceIdentifier: ${bar.identifier}\n dbSnapshotIdentifier: testsnapshot1234\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_db_snapshot` using the snapshot identifier. For example:\n\n```sh\n$ pulumi import aws:rds/snapshot:Snapshot example my-snapshot\n```\n", "properties": { "allocatedStorage": { "type": "integer", @@ -303521,7 +303521,7 @@ } }, "aws:rds/snapshotCopy:SnapshotCopy": { - "description": "Manages an RDS database instance snapshot copy. For managing RDS database cluster snapshots, see the `aws.rds.ClusterSnapshot` resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.21\",\n instanceClass: \"db.t2.micro\",\n dbName: \"baz\",\n password: \"barbarbarbar\",\n username: \"foo\",\n maintenanceWindow: \"Fri:09:00-Fri:09:30\",\n backupRetentionPeriod: 0,\n parameterGroupName: \"default.mysql5.6\",\n});\nconst exampleSnapshot = new aws.rds.Snapshot(\"example\", {\n dbInstanceIdentifier: example.identifier,\n dbSnapshotIdentifier: \"testsnapshot1234\",\n});\nconst exampleSnapshotCopy = new aws.rds.SnapshotCopy(\"example\", {\n sourceDbSnapshotIdentifier: exampleSnapshot.dbSnapshotArn,\n targetDbSnapshotIdentifier: \"testsnapshot1234-copy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.21\",\n instance_class=\"db.t2.micro\",\n db_name=\"baz\",\n password=\"barbarbarbar\",\n username=\"foo\",\n maintenance_window=\"Fri:09:00-Fri:09:30\",\n backup_retention_period=0,\n parameter_group_name=\"default.mysql5.6\")\nexample_snapshot = aws.rds.Snapshot(\"example\",\n db_instance_identifier=example.identifier,\n db_snapshot_identifier=\"testsnapshot1234\")\nexample_snapshot_copy = aws.rds.SnapshotCopy(\"example\",\n source_db_snapshot_identifier=example_snapshot.db_snapshot_arn,\n target_db_snapshot_identifier=\"testsnapshot1234-copy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.21\",\n InstanceClass = \"db.t2.micro\",\n DbName = \"baz\",\n Password = \"barbarbarbar\",\n Username = \"foo\",\n MaintenanceWindow = \"Fri:09:00-Fri:09:30\",\n BackupRetentionPeriod = 0,\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var exampleSnapshot = new Aws.Rds.Snapshot(\"example\", new()\n {\n DbInstanceIdentifier = example.Identifier,\n DbSnapshotIdentifier = \"testsnapshot1234\",\n });\n\n var exampleSnapshotCopy = new Aws.Rds.SnapshotCopy(\"example\", new()\n {\n SourceDbSnapshotIdentifier = exampleSnapshot.DbSnapshotArn,\n TargetDbSnapshotIdentifier = \"testsnapshot1234-copy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.21\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"baz\"),\n\t\t\tPassword: pulumi.String(\"barbarbarbar\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tMaintenanceWindow: pulumi.String(\"Fri:09:00-Fri:09:30\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(0),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSnapshot, err := rds.NewSnapshot(ctx, \"example\", \u0026rds.SnapshotArgs{\n\t\t\tDbInstanceIdentifier: example.Identifier,\n\t\t\tDbSnapshotIdentifier: pulumi.String(\"testsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewSnapshotCopy(ctx, \"example\", \u0026rds.SnapshotCopyArgs{\n\t\t\tSourceDbSnapshotIdentifier: exampleSnapshot.DbSnapshotArn,\n\t\t\tTargetDbSnapshotIdentifier: pulumi.String(\"testsnapshot1234-copy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.Snapshot;\nimport com.pulumi.aws.rds.SnapshotArgs;\nimport com.pulumi.aws.rds.SnapshotCopy;\nimport com.pulumi.aws.rds.SnapshotCopyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.21\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"baz\")\n .password(\"barbarbarbar\")\n .username(\"foo\")\n .maintenanceWindow(\"Fri:09:00-Fri:09:30\")\n .backupRetentionPeriod(0)\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n var exampleSnapshot = new Snapshot(\"exampleSnapshot\", SnapshotArgs.builder() \n .dbInstanceIdentifier(example.identifier())\n .dbSnapshotIdentifier(\"testsnapshot1234\")\n .build());\n\n var exampleSnapshotCopy = new SnapshotCopy(\"exampleSnapshotCopy\", SnapshotCopyArgs.builder() \n .sourceDbSnapshotIdentifier(exampleSnapshot.dbSnapshotArn())\n .targetDbSnapshotIdentifier(\"testsnapshot1234-copy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.21\n instanceClass: db.t2.micro\n dbName: baz\n password: barbarbarbar\n username: foo\n maintenanceWindow: Fri:09:00-Fri:09:30\n backupRetentionPeriod: 0\n parameterGroupName: default.mysql5.6\n exampleSnapshot:\n type: aws:rds:Snapshot\n name: example\n properties:\n dbInstanceIdentifier: ${example.identifier}\n dbSnapshotIdentifier: testsnapshot1234\n exampleSnapshotCopy:\n type: aws:rds:SnapshotCopy\n name: example\n properties:\n sourceDbSnapshotIdentifier: ${exampleSnapshot.dbSnapshotArn}\n targetDbSnapshotIdentifier: testsnapshot1234-copy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_db_snapshot_copy` using the snapshot identifier. For example:\n\n```sh\n$ pulumi import aws:rds/snapshotCopy:SnapshotCopy example my-snapshot\n```\n", + "description": "Manages an RDS database instance snapshot copy. For managing RDS database cluster snapshots, see the `aws.rds.ClusterSnapshot` resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.21\",\n instanceClass: aws.rds.InstanceType.T2_Micro,\n dbName: \"baz\",\n password: \"barbarbarbar\",\n username: \"foo\",\n maintenanceWindow: \"Fri:09:00-Fri:09:30\",\n backupRetentionPeriod: 0,\n parameterGroupName: \"default.mysql5.6\",\n});\nconst exampleSnapshot = new aws.rds.Snapshot(\"example\", {\n dbInstanceIdentifier: example.identifier,\n dbSnapshotIdentifier: \"testsnapshot1234\",\n});\nconst exampleSnapshotCopy = new aws.rds.SnapshotCopy(\"example\", {\n sourceDbSnapshotIdentifier: exampleSnapshot.dbSnapshotArn,\n targetDbSnapshotIdentifier: \"testsnapshot1234-copy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.21\",\n instance_class=aws.rds.InstanceType.T2_MICRO,\n db_name=\"baz\",\n password=\"barbarbarbar\",\n username=\"foo\",\n maintenance_window=\"Fri:09:00-Fri:09:30\",\n backup_retention_period=0,\n parameter_group_name=\"default.mysql5.6\")\nexample_snapshot = aws.rds.Snapshot(\"example\",\n db_instance_identifier=example.identifier,\n db_snapshot_identifier=\"testsnapshot1234\")\nexample_snapshot_copy = aws.rds.SnapshotCopy(\"example\",\n source_db_snapshot_identifier=example_snapshot.db_snapshot_arn,\n target_db_snapshot_identifier=\"testsnapshot1234-copy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.21\",\n InstanceClass = Aws.Rds.InstanceType.T2_Micro,\n DbName = \"baz\",\n Password = \"barbarbarbar\",\n Username = \"foo\",\n MaintenanceWindow = \"Fri:09:00-Fri:09:30\",\n BackupRetentionPeriod = 0,\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var exampleSnapshot = new Aws.Rds.Snapshot(\"example\", new()\n {\n DbInstanceIdentifier = example.Identifier,\n DbSnapshotIdentifier = \"testsnapshot1234\",\n });\n\n var exampleSnapshotCopy = new Aws.Rds.SnapshotCopy(\"example\", new()\n {\n SourceDbSnapshotIdentifier = exampleSnapshot.DbSnapshotArn,\n TargetDbSnapshotIdentifier = \"testsnapshot1234-copy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.21\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Micro),\n\t\t\tDbName: pulumi.String(\"baz\"),\n\t\t\tPassword: pulumi.String(\"barbarbarbar\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tMaintenanceWindow: pulumi.String(\"Fri:09:00-Fri:09:30\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(0),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSnapshot, err := rds.NewSnapshot(ctx, \"example\", \u0026rds.SnapshotArgs{\n\t\t\tDbInstanceIdentifier: example.Identifier,\n\t\t\tDbSnapshotIdentifier: pulumi.String(\"testsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewSnapshotCopy(ctx, \"example\", \u0026rds.SnapshotCopyArgs{\n\t\t\tSourceDbSnapshotIdentifier: exampleSnapshot.DbSnapshotArn,\n\t\t\tTargetDbSnapshotIdentifier: pulumi.String(\"testsnapshot1234-copy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.Snapshot;\nimport com.pulumi.aws.rds.SnapshotArgs;\nimport com.pulumi.aws.rds.SnapshotCopy;\nimport com.pulumi.aws.rds.SnapshotCopyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.21\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"baz\")\n .password(\"barbarbarbar\")\n .username(\"foo\")\n .maintenanceWindow(\"Fri:09:00-Fri:09:30\")\n .backupRetentionPeriod(0)\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n var exampleSnapshot = new Snapshot(\"exampleSnapshot\", SnapshotArgs.builder() \n .dbInstanceIdentifier(example.identifier())\n .dbSnapshotIdentifier(\"testsnapshot1234\")\n .build());\n\n var exampleSnapshotCopy = new SnapshotCopy(\"exampleSnapshotCopy\", SnapshotCopyArgs.builder() \n .sourceDbSnapshotIdentifier(exampleSnapshot.dbSnapshotArn())\n .targetDbSnapshotIdentifier(\"testsnapshot1234-copy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.21\n instanceClass: db.t2.micro\n dbName: baz\n password: barbarbarbar\n username: foo\n maintenanceWindow: Fri:09:00-Fri:09:30\n backupRetentionPeriod: 0\n parameterGroupName: default.mysql5.6\n exampleSnapshot:\n type: aws:rds:Snapshot\n name: example\n properties:\n dbInstanceIdentifier: ${example.identifier}\n dbSnapshotIdentifier: testsnapshot1234\n exampleSnapshotCopy:\n type: aws:rds:SnapshotCopy\n name: example\n properties:\n sourceDbSnapshotIdentifier: ${exampleSnapshot.dbSnapshotArn}\n targetDbSnapshotIdentifier: testsnapshot1234-copy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_db_snapshot_copy` using the snapshot identifier. For example:\n\n```sh\n$ pulumi import aws:rds/snapshotCopy:SnapshotCopy example my-snapshot\n```\n", "properties": { "allocatedStorage": { "type": "integer", @@ -306014,7 +306014,7 @@ } }, "aws:redshift/scheduledAction:ScheduledAction": { - "description": "## Example Usage\n\n### Pause Cluster Action\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"scheduler.redshift.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"redshift_scheduled_action\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\",\n ],\n resources: [\"*\"],\n }],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"redshift_scheduled_action\",\n policy: example.then(example =\u003e example.json),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n policyArn: examplePolicy.arn,\n role: exampleRole.name,\n});\nconst exampleScheduledAction = new aws.redshift.ScheduledAction(\"example\", {\n name: \"tf-redshift-scheduled-action\",\n schedule: \"cron(00 23 * * ? *)\",\n iamRole: exampleRole.arn,\n targetAction: {\n pauseCluster: {\n clusterIdentifier: \"tf-redshift001\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"scheduler.redshift.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"redshift_scheduled_action\",\n assume_role_policy=assume_role.json)\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\",\n ],\n resources=[\"*\"],\n)])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"redshift_scheduled_action\",\n policy=example.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n policy_arn=example_policy.arn,\n role=example_role.name)\nexample_scheduled_action = aws.redshift.ScheduledAction(\"example\",\n name=\"tf-redshift-scheduled-action\",\n schedule=\"cron(00 23 * * ? *)\",\n iam_role=example_role.arn,\n target_action=aws.redshift.ScheduledActionTargetActionArgs(\n pause_cluster=aws.redshift.ScheduledActionTargetActionPauseClusterArgs(\n cluster_identifier=\"tf-redshift001\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"scheduler.redshift.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"redshift_scheduled_action\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"redshift_scheduled_action\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n PolicyArn = examplePolicy.Arn,\n Role = exampleRole.Name,\n });\n\n var exampleScheduledAction = new Aws.RedShift.ScheduledAction(\"example\", new()\n {\n Name = \"tf-redshift-scheduled-action\",\n Schedule = \"cron(00 23 * * ? *)\",\n IamRole = exampleRole.Arn,\n TargetAction = new Aws.RedShift.Inputs.ScheduledActionTargetActionArgs\n {\n PauseCluster = new Aws.RedShift.Inputs.ScheduledActionTargetActionPauseClusterArgs\n {\n ClusterIdentifier = \"tf-redshift001\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"scheduler.redshift.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"redshift_scheduled_action\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"redshift:PauseCluster\",\n\t\t\t\t\t\t\"redshift:ResumeCluster\",\n\t\t\t\t\t\t\"redshift:ResizeCluster\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicy, err := iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"redshift_scheduled_action\"),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: examplePolicy.Arn,\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redshift.NewScheduledAction(ctx, \"example\", \u0026redshift.ScheduledActionArgs{\n\t\t\tName: pulumi.String(\"tf-redshift-scheduled-action\"),\n\t\t\tSchedule: pulumi.String(\"cron(00 23 * * ? *)\"),\n\t\t\tIamRole: exampleRole.Arn,\n\t\t\tTargetAction: \u0026redshift.ScheduledActionTargetActionArgs{\n\t\t\t\tPauseCluster: \u0026redshift.ScheduledActionTargetActionPauseClusterArgs{\n\t\t\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift001\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.redshift.ScheduledAction;\nimport com.pulumi.aws.redshift.ScheduledActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionPauseClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"scheduler.redshift.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"redshift_scheduled_action\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\")\n .resources(\"*\")\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"redshift_scheduled_action\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(examplePolicy.arn())\n .role(exampleRole.name())\n .build());\n\n var exampleScheduledAction = new ScheduledAction(\"exampleScheduledAction\", ScheduledActionArgs.builder() \n .name(\"tf-redshift-scheduled-action\")\n .schedule(\"cron(00 23 * * ? *)\")\n .iamRole(exampleRole.arn())\n .targetAction(ScheduledActionTargetActionArgs.builder()\n .pauseCluster(ScheduledActionTargetActionPauseClusterArgs.builder()\n .clusterIdentifier(\"tf-redshift001\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: redshift_scheduled_action\n assumeRolePolicy: ${assumeRole.json}\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: redshift_scheduled_action\n policy: ${example.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n policyArn: ${examplePolicy.arn}\n role: ${exampleRole.name}\n exampleScheduledAction:\n type: aws:redshift:ScheduledAction\n name: example\n properties:\n name: tf-redshift-scheduled-action\n schedule: cron(00 23 * * ? *)\n iamRole: ${exampleRole.arn}\n targetAction:\n pauseCluster:\n clusterIdentifier: tf-redshift001\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - scheduler.redshift.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - redshift:PauseCluster\n - redshift:ResumeCluster\n - redshift:ResizeCluster\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Resize Cluster Action\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.redshift.ScheduledAction(\"example\", {\n name: \"tf-redshift-scheduled-action\",\n schedule: \"cron(00 23 * * ? *)\",\n iamRole: exampleAwsIamRole.arn,\n targetAction: {\n resizeCluster: {\n clusterIdentifier: \"tf-redshift001\",\n clusterType: \"multi-node\",\n nodeType: \"dc1.large\",\n numberOfNodes: 2,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.redshift.ScheduledAction(\"example\",\n name=\"tf-redshift-scheduled-action\",\n schedule=\"cron(00 23 * * ? *)\",\n iam_role=example_aws_iam_role[\"arn\"],\n target_action=aws.redshift.ScheduledActionTargetActionArgs(\n resize_cluster=aws.redshift.ScheduledActionTargetActionResizeClusterArgs(\n cluster_identifier=\"tf-redshift001\",\n cluster_type=\"multi-node\",\n node_type=\"dc1.large\",\n number_of_nodes=2,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.RedShift.ScheduledAction(\"example\", new()\n {\n Name = \"tf-redshift-scheduled-action\",\n Schedule = \"cron(00 23 * * ? *)\",\n IamRole = exampleAwsIamRole.Arn,\n TargetAction = new Aws.RedShift.Inputs.ScheduledActionTargetActionArgs\n {\n ResizeCluster = new Aws.RedShift.Inputs.ScheduledActionTargetActionResizeClusterArgs\n {\n ClusterIdentifier = \"tf-redshift001\",\n ClusterType = \"multi-node\",\n NodeType = \"dc1.large\",\n NumberOfNodes = 2,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redshift.NewScheduledAction(ctx, \"example\", \u0026redshift.ScheduledActionArgs{\n\t\t\tName: pulumi.String(\"tf-redshift-scheduled-action\"),\n\t\t\tSchedule: pulumi.String(\"cron(00 23 * * ? *)\"),\n\t\t\tIamRole: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tTargetAction: \u0026redshift.ScheduledActionTargetActionArgs{\n\t\t\t\tResizeCluster: \u0026redshift.ScheduledActionTargetActionResizeClusterArgs{\n\t\t\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift001\"),\n\t\t\t\t\tClusterType: pulumi.String(\"multi-node\"),\n\t\t\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\t\t\tNumberOfNodes: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.redshift.ScheduledAction;\nimport com.pulumi.aws.redshift.ScheduledActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionResizeClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ScheduledAction(\"example\", ScheduledActionArgs.builder() \n .name(\"tf-redshift-scheduled-action\")\n .schedule(\"cron(00 23 * * ? *)\")\n .iamRole(exampleAwsIamRole.arn())\n .targetAction(ScheduledActionTargetActionArgs.builder()\n .resizeCluster(ScheduledActionTargetActionResizeClusterArgs.builder()\n .clusterIdentifier(\"tf-redshift001\")\n .clusterType(\"multi-node\")\n .nodeType(\"dc1.large\")\n .numberOfNodes(2)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:redshift:ScheduledAction\n properties:\n name: tf-redshift-scheduled-action\n schedule: cron(00 23 * * ? *)\n iamRole: ${exampleAwsIamRole.arn}\n targetAction:\n resizeCluster:\n clusterIdentifier: tf-redshift001\n clusterType: multi-node\n nodeType: dc1.large\n numberOfNodes: 2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Redshift Scheduled Action using the `name`. For example:\n\n```sh\n$ pulumi import aws:redshift/scheduledAction:ScheduledAction example tf-redshift-scheduled-action\n```\n", + "description": "## Example Usage\n\n### Pause Cluster Action\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"scheduler.redshift.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"redshift_scheduled_action\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\",\n ],\n resources: [\"*\"],\n }],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"redshift_scheduled_action\",\n policy: example.then(example =\u003e example.json),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"example\", {\n policyArn: examplePolicy.arn,\n role: exampleRole.name,\n});\nconst exampleScheduledAction = new aws.redshift.ScheduledAction(\"example\", {\n name: \"tf-redshift-scheduled-action\",\n schedule: \"cron(00 23 * * ? *)\",\n iamRole: exampleRole.arn,\n targetAction: {\n pauseCluster: {\n clusterIdentifier: \"tf-redshift001\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"scheduler.redshift.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"redshift_scheduled_action\",\n assume_role_policy=assume_role.json)\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\",\n ],\n resources=[\"*\"],\n)])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"redshift_scheduled_action\",\n policy=example.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"example\",\n policy_arn=example_policy.arn,\n role=example_role.name)\nexample_scheduled_action = aws.redshift.ScheduledAction(\"example\",\n name=\"tf-redshift-scheduled-action\",\n schedule=\"cron(00 23 * * ? *)\",\n iam_role=example_role.arn,\n target_action=aws.redshift.ScheduledActionTargetActionArgs(\n pause_cluster=aws.redshift.ScheduledActionTargetActionPauseClusterArgs(\n cluster_identifier=\"tf-redshift001\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"scheduler.redshift.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"redshift_scheduled_action\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"redshift_scheduled_action\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"example\", new()\n {\n PolicyArn = examplePolicy.Arn,\n Role = exampleRole.Name,\n });\n\n var exampleScheduledAction = new Aws.RedShift.ScheduledAction(\"example\", new()\n {\n Name = \"tf-redshift-scheduled-action\",\n Schedule = \"cron(00 23 * * ? *)\",\n IamRole = exampleRole.Arn,\n TargetAction = new Aws.RedShift.Inputs.ScheduledActionTargetActionArgs\n {\n PauseCluster = new Aws.RedShift.Inputs.ScheduledActionTargetActionPauseClusterArgs\n {\n ClusterIdentifier = \"tf-redshift001\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"scheduler.redshift.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"redshift_scheduled_action\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"redshift:PauseCluster\",\n\t\t\t\t\t\t\"redshift:ResumeCluster\",\n\t\t\t\t\t\t\"redshift:ResizeCluster\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicy, err := iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"redshift_scheduled_action\"),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: examplePolicy.Arn,\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redshift.NewScheduledAction(ctx, \"example\", \u0026redshift.ScheduledActionArgs{\n\t\t\tName: pulumi.String(\"tf-redshift-scheduled-action\"),\n\t\t\tSchedule: pulumi.String(\"cron(00 23 * * ? *)\"),\n\t\t\tIamRole: exampleRole.Arn,\n\t\t\tTargetAction: \u0026redshift.ScheduledActionTargetActionArgs{\n\t\t\t\tPauseCluster: \u0026redshift.ScheduledActionTargetActionPauseClusterArgs{\n\t\t\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift001\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.redshift.ScheduledAction;\nimport com.pulumi.aws.redshift.ScheduledActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionPauseClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"scheduler.redshift.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"redshift_scheduled_action\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"redshift:PauseCluster\",\n \"redshift:ResumeCluster\",\n \"redshift:ResizeCluster\")\n .resources(\"*\")\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"redshift_scheduled_action\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(examplePolicy.arn())\n .role(exampleRole.name())\n .build());\n\n var exampleScheduledAction = new ScheduledAction(\"exampleScheduledAction\", ScheduledActionArgs.builder() \n .name(\"tf-redshift-scheduled-action\")\n .schedule(\"cron(00 23 * * ? *)\")\n .iamRole(exampleRole.arn())\n .targetAction(ScheduledActionTargetActionArgs.builder()\n .pauseCluster(ScheduledActionTargetActionPauseClusterArgs.builder()\n .clusterIdentifier(\"tf-redshift001\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: redshift_scheduled_action\n assumeRolePolicy: ${assumeRole.json}\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: redshift_scheduled_action\n policy: ${example.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: example\n properties:\n policyArn: ${examplePolicy.arn}\n role: ${exampleRole.name}\n exampleScheduledAction:\n type: aws:redshift:ScheduledAction\n name: example\n properties:\n name: tf-redshift-scheduled-action\n schedule: cron(00 23 * * ? *)\n iamRole: ${exampleRole.arn}\n targetAction:\n pauseCluster:\n clusterIdentifier: tf-redshift001\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - scheduler.redshift.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - redshift:PauseCluster\n - redshift:ResumeCluster\n - redshift:ResizeCluster\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Resize Cluster Action\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.redshift.ScheduledAction(\"example\", {\n name: \"tf-redshift-scheduled-action\",\n schedule: \"cron(00 23 * * ? *)\",\n iamRole: exampleAwsIamRole.arn,\n targetAction: {\n resizeCluster: {\n clusterIdentifier: \"tf-redshift001\",\n clusterType: \"multi-node\",\n nodeType: \"dc1.large\",\n numberOfNodes: 2,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.redshift.ScheduledAction(\"example\",\n name=\"tf-redshift-scheduled-action\",\n schedule=\"cron(00 23 * * ? *)\",\n iam_role=example_aws_iam_role[\"arn\"],\n target_action=aws.redshift.ScheduledActionTargetActionArgs(\n resize_cluster=aws.redshift.ScheduledActionTargetActionResizeClusterArgs(\n cluster_identifier=\"tf-redshift001\",\n cluster_type=\"multi-node\",\n node_type=\"dc1.large\",\n number_of_nodes=2,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.RedShift.ScheduledAction(\"example\", new()\n {\n Name = \"tf-redshift-scheduled-action\",\n Schedule = \"cron(00 23 * * ? *)\",\n IamRole = exampleAwsIamRole.Arn,\n TargetAction = new Aws.RedShift.Inputs.ScheduledActionTargetActionArgs\n {\n ResizeCluster = new Aws.RedShift.Inputs.ScheduledActionTargetActionResizeClusterArgs\n {\n ClusterIdentifier = \"tf-redshift001\",\n ClusterType = \"multi-node\",\n NodeType = \"dc1.large\",\n NumberOfNodes = 2,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redshift.NewScheduledAction(ctx, \"example\", \u0026redshift.ScheduledActionArgs{\n\t\t\tName: pulumi.String(\"tf-redshift-scheduled-action\"),\n\t\t\tSchedule: pulumi.String(\"cron(00 23 * * ? *)\"),\n\t\t\tIamRole: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\tTargetAction: \u0026redshift.ScheduledActionTargetActionArgs{\n\t\t\t\tResizeCluster: \u0026redshift.ScheduledActionTargetActionResizeClusterArgs{\n\t\t\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift001\"),\n\t\t\t\t\tClusterType: pulumi.String(\"multi-node\"),\n\t\t\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\t\t\tNumberOfNodes: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.redshift.ScheduledAction;\nimport com.pulumi.aws.redshift.ScheduledActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionArgs;\nimport com.pulumi.aws.redshift.inputs.ScheduledActionTargetActionResizeClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ScheduledAction(\"example\", ScheduledActionArgs.builder() \n .name(\"tf-redshift-scheduled-action\")\n .schedule(\"cron(00 23 * * ? *)\")\n .iamRole(exampleAwsIamRole.arn())\n .targetAction(ScheduledActionTargetActionArgs.builder()\n .resizeCluster(ScheduledActionTargetActionResizeClusterArgs.builder()\n .clusterIdentifier(\"tf-redshift001\")\n .clusterType(\"multi-node\")\n .nodeType(\"dc1.large\")\n .numberOfNodes(2)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:redshift:ScheduledAction\n properties:\n name: tf-redshift-scheduled-action\n schedule: cron(00 23 * * ? *)\n iamRole: ${exampleAwsIamRole.arn}\n targetAction:\n resizeCluster:\n clusterIdentifier: tf-redshift001\n clusterType: multi-node\n nodeType: dc1.large\n numberOfNodes: 2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Redshift Scheduled Action using the `name`. For example:\n\n```sh\n$ pulumi import aws:redshift/scheduledAction:ScheduledAction example tf-redshift-scheduled-action\n```\n", "properties": { "description": { "type": "string", @@ -309300,7 +309300,7 @@ } }, "aws:route53/queryLog:QueryLog": { - "description": "Provides a Route53 query logging configuration resource.\n\n\u003e **NOTE:** There are restrictions on the configuration of query logging. Notably,\nthe CloudWatch log group must be in the `us-east-1` region,\na permissive CloudWatch log resource policy must be in place, and\nthe Route53 hosted zone must be public.\nSee [Configuring Logging for DNS Queries](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html?console_help=true#query-logs-configuring) for additional details.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example Route53 zone with query logging\nconst exampleCom = new aws.route53.Zone(\"example_com\", {name: \"example.com\"});\nconst awsRoute53ExampleCom = new aws.cloudwatch.LogGroup(\"aws_route53_example_com\", {\n name: pulumi.interpolate`/aws/route53/${exampleCom.name}`,\n retentionInDays: 30,\n});\n// Example CloudWatch log resource policy to allow Route53 to write logs\n// to any log group under /aws/route53/*\nconst route53-query-logging-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\nconst exampleComQueryLog = new aws.route53.QueryLog(\"example_com\", {\n cloudwatchLogGroupArn: awsRoute53ExampleCom.arn,\n zoneId: exampleCom.zoneId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example Route53 zone with query logging\nexample_com = aws.route53.Zone(\"example_com\", name=\"example.com\")\naws_route53_example_com = aws.cloudwatch.LogGroup(\"aws_route53_example_com\",\n name=example_com.name.apply(lambda name: f\"/aws/route53/{name}\"),\n retention_in_days=30)\n# Example CloudWatch log resource policy to allow Route53 to write logs\n# to any log group under /aws/route53/*\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\nexample_com_query_log = aws.route53.QueryLog(\"example_com\",\n cloudwatch_log_group_arn=aws_route53_example_com.arn,\n zone_id=example_com.zone_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example Route53 zone with query logging\n var exampleCom = new Aws.Route53.Zone(\"example_com\", new()\n {\n Name = \"example.com\",\n });\n\n var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup(\"aws_route53_example_com\", new()\n {\n Name = exampleCom.Name.Apply(name =\u003e $\"/aws/route53/{name}\"),\n RetentionInDays = 30,\n });\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n var exampleComQueryLog = new Aws.Route53.QueryLog(\"example_com\", new()\n {\n CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,\n ZoneId = exampleCom.ZoneId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example Route53 zone with query logging\n\t\texampleCom, err := route53.NewZone(ctx, \"example_com\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsRoute53ExampleCom, err := cloudwatch.NewLogGroup(ctx, \"aws_route53_example_com\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: exampleCom.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"/aws/route53/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRetentionInDays: pulumi.Int(30),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example CloudWatch log resource policy to allow Route53 to write logs\n\t\t// to any log group under /aws/route53/*\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: *pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewQueryLog(ctx, \"example_com\", \u0026route53.QueryLogArgs{\n\t\t\tCloudwatchLogGroupArn: awsRoute53ExampleCom.Arn,\n\t\t\tZoneId: exampleCom.ZoneId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.route53.QueryLog;\nimport com.pulumi.aws.route53.QueryLogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCom = new Zone(\"exampleCom\", ZoneArgs.builder() \n .name(\"example.com\")\n .build());\n\n var awsRoute53ExampleCom = new LogGroup(\"awsRoute53ExampleCom\", LogGroupArgs.builder() \n .name(exampleCom.name().applyValue(name -\u003e String.format(\"/aws/route53/%s\", name)))\n .retentionInDays(30)\n .build());\n\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n var exampleComQueryLog = new QueryLog(\"exampleComQueryLog\", QueryLogArgs.builder() \n .cloudwatchLogGroupArn(awsRoute53ExampleCom.arn())\n .zoneId(exampleCom.zoneId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n awsRoute53ExampleCom:\n type: aws:cloudwatch:LogGroup\n name: aws_route53_example_com\n properties:\n name: /aws/route53/${exampleCom.name}\n retentionInDays: 30\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\n # Example Route53 zone with query logging\n exampleCom:\n type: aws:route53:Zone\n name: example_com\n properties:\n name: example.com\n exampleComQueryLog:\n type: aws:route53:QueryLog\n name: example_com\n properties:\n cloudwatchLogGroupArn: ${awsRoute53ExampleCom.arn}\n zoneId: ${exampleCom.zoneId}\nvariables:\n # Example CloudWatch log resource policy to allow Route53 to write logs\n # to any log group under /aws/route53/*\n route53-query-logging-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Route53 query logging configurations using their ID. For example:\n\n```sh\n$ pulumi import aws:route53/queryLog:QueryLog example_com xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n", + "description": "Provides a Route53 query logging configuration resource.\n\n\u003e **NOTE:** There are restrictions on the configuration of query logging. Notably,\nthe CloudWatch log group must be in the `us-east-1` region,\na permissive CloudWatch log resource policy must be in place, and\nthe Route53 hosted zone must be public.\nSee [Configuring Logging for DNS Queries](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html?console_help=true#query-logs-configuring) for additional details.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example Route53 zone with query logging\nconst exampleCom = new aws.route53.Zone(\"example_com\", {name: \"example.com\"});\nconst awsRoute53ExampleCom = new aws.cloudwatch.LogGroup(\"aws_route53_example_com\", {\n name: pulumi.interpolate`/aws/route53/${exampleCom.name}`,\n retentionInDays: 30,\n});\n// Example CloudWatch log resource policy to allow Route53 to write logs\n// to any log group under /aws/route53/*\nconst route53-query-logging-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\nconst exampleComQueryLog = new aws.route53.QueryLog(\"example_com\", {\n cloudwatchLogGroupArn: awsRoute53ExampleCom.arn,\n zoneId: exampleCom.zoneId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example Route53 zone with query logging\nexample_com = aws.route53.Zone(\"example_com\", name=\"example.com\")\naws_route53_example_com = aws.cloudwatch.LogGroup(\"aws_route53_example_com\",\n name=example_com.name.apply(lambda name: f\"/aws/route53/{name}\"),\n retention_in_days=30)\n# Example CloudWatch log resource policy to allow Route53 to write logs\n# to any log group under /aws/route53/*\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\nexample_com_query_log = aws.route53.QueryLog(\"example_com\",\n cloudwatch_log_group_arn=aws_route53_example_com.arn,\n zone_id=example_com.zone_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example Route53 zone with query logging\n var exampleCom = new Aws.Route53.Zone(\"example_com\", new()\n {\n Name = \"example.com\",\n });\n\n var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup(\"aws_route53_example_com\", new()\n {\n Name = exampleCom.Name.Apply(name =\u003e $\"/aws/route53/{name}\"),\n RetentionInDays = 30,\n });\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n var exampleComQueryLog = new Aws.Route53.QueryLog(\"example_com\", new()\n {\n CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,\n ZoneId = exampleCom.ZoneId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example Route53 zone with query logging\n\t\texampleCom, err := route53.NewZone(ctx, \"example_com\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsRoute53ExampleCom, err := cloudwatch.NewLogGroup(ctx, \"aws_route53_example_com\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: exampleCom.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"/aws/route53/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRetentionInDays: pulumi.Int(30),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example CloudWatch log resource policy to allow Route53 to write logs\n\t\t// to any log group under /aws/route53/*\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewQueryLog(ctx, \"example_com\", \u0026route53.QueryLogArgs{\n\t\t\tCloudwatchLogGroupArn: awsRoute53ExampleCom.Arn,\n\t\t\tZoneId: exampleCom.ZoneId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.route53.QueryLog;\nimport com.pulumi.aws.route53.QueryLogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCom = new Zone(\"exampleCom\", ZoneArgs.builder() \n .name(\"example.com\")\n .build());\n\n var awsRoute53ExampleCom = new LogGroup(\"awsRoute53ExampleCom\", LogGroupArgs.builder() \n .name(exampleCom.name().applyValue(name -\u003e String.format(\"/aws/route53/%s\", name)))\n .retentionInDays(30)\n .build());\n\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n var exampleComQueryLog = new QueryLog(\"exampleComQueryLog\", QueryLogArgs.builder() \n .cloudwatchLogGroupArn(awsRoute53ExampleCom.arn())\n .zoneId(exampleCom.zoneId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n awsRoute53ExampleCom:\n type: aws:cloudwatch:LogGroup\n name: aws_route53_example_com\n properties:\n name: /aws/route53/${exampleCom.name}\n retentionInDays: 30\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\n # Example Route53 zone with query logging\n exampleCom:\n type: aws:route53:Zone\n name: example_com\n properties:\n name: example.com\n exampleComQueryLog:\n type: aws:route53:QueryLog\n name: example_com\n properties:\n cloudwatchLogGroupArn: ${awsRoute53ExampleCom.arn}\n zoneId: ${exampleCom.zoneId}\nvariables:\n # Example CloudWatch log resource policy to allow Route53 to write logs\n # to any log group under /aws/route53/*\n route53-query-logging-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Route53 query logging configurations using their ID. For example:\n\n```sh\n$ pulumi import aws:route53/queryLog:QueryLog example_com xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n", "properties": { "arn": { "type": "string", @@ -309358,7 +309358,7 @@ } }, "aws:route53/record:Record": { - "description": "Provides a Route53 record resource.\n\n## Example Usage\n\n### Simple routing policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"www.example.com\",\n type: \"A\",\n ttl: 300,\n records: [lb.publicIp],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"www.example.com\",\n type=\"A\",\n ttl=300,\n records=[lb[\"publicIp\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www.example.com\",\n Type = \"A\",\n Ttl = 300,\n Records = new[]\n {\n lb.PublicIp,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www.example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tlb.PublicIp,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www.example.com\")\n .type(\"A\")\n .ttl(300)\n .records(lb.publicIp())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www.example.com\n type: A\n ttl: 300\n records:\n - ${lb.publicIp}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Weighted routing policy\n\nOther routing policies are configured similarly. See [Amazon Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) for details.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www_dev = new aws.route53.Record(\"www-dev\", {\n zoneId: primary.zoneId,\n name: \"www\",\n type: \"CNAME\",\n ttl: 5,\n weightedRoutingPolicies: [{\n weight: 10,\n }],\n setIdentifier: \"dev\",\n records: [\"dev.example.com\"],\n});\nconst www_live = new aws.route53.Record(\"www-live\", {\n zoneId: primary.zoneId,\n name: \"www\",\n type: \"CNAME\",\n ttl: 5,\n weightedRoutingPolicies: [{\n weight: 90,\n }],\n setIdentifier: \"live\",\n records: [\"live.example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww_dev = aws.route53.Record(\"www-dev\",\n zone_id=primary[\"zoneId\"],\n name=\"www\",\n type=\"CNAME\",\n ttl=5,\n weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs(\n weight=10,\n )],\n set_identifier=\"dev\",\n records=[\"dev.example.com\"])\nwww_live = aws.route53.Record(\"www-live\",\n zone_id=primary[\"zoneId\"],\n name=\"www\",\n type=\"CNAME\",\n ttl=5,\n weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs(\n weight=90,\n )],\n set_identifier=\"live\",\n records=[\"live.example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var www_dev = new Aws.Route53.Record(\"www-dev\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www\",\n Type = \"CNAME\",\n Ttl = 5,\n WeightedRoutingPolicies = new[]\n {\n new Aws.Route53.Inputs.RecordWeightedRoutingPolicyArgs\n {\n Weight = 10,\n },\n },\n SetIdentifier = \"dev\",\n Records = new[]\n {\n \"dev.example.com\",\n },\n });\n\n var www_live = new Aws.Route53.Record(\"www-live\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www\",\n Type = \"CNAME\",\n Ttl = 5,\n WeightedRoutingPolicies = new[]\n {\n new Aws.Route53.Inputs.RecordWeightedRoutingPolicyArgs\n {\n Weight = 90,\n },\n },\n SetIdentifier = \"live\",\n Records = new[]\n {\n \"live.example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www-dev\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www\"),\n\t\t\tType: pulumi.String(\"CNAME\"),\n\t\t\tTtl: pulumi.Int(5),\n\t\t\tWeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{\n\t\t\t\t\u0026route53.RecordWeightedRoutingPolicyArgs{\n\t\t\t\t\tWeight: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"dev\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"dev.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www-live\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www\"),\n\t\t\tType: pulumi.String(\"CNAME\"),\n\t\t\tTtl: pulumi.Int(5),\n\t\t\tWeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{\n\t\t\t\t\u0026route53.RecordWeightedRoutingPolicyArgs{\n\t\t\t\t\tWeight: pulumi.Int(90),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"live\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"live.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordWeightedRoutingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var www_dev = new Record(\"www-dev\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www\")\n .type(\"CNAME\")\n .ttl(5)\n .weightedRoutingPolicies(RecordWeightedRoutingPolicyArgs.builder()\n .weight(10)\n .build())\n .setIdentifier(\"dev\")\n .records(\"dev.example.com\")\n .build());\n\n var www_live = new Record(\"www-live\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www\")\n .type(\"CNAME\")\n .ttl(5)\n .weightedRoutingPolicies(RecordWeightedRoutingPolicyArgs.builder()\n .weight(90)\n .build())\n .setIdentifier(\"live\")\n .records(\"live.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www-dev:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www\n type: CNAME\n ttl: 5\n weightedRoutingPolicies:\n - weight: 10\n setIdentifier: dev\n records:\n - dev.example.com\n www-live:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www\n type: CNAME\n ttl: 5\n weightedRoutingPolicies:\n - weight: 90\n setIdentifier: live\n records:\n - live.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Geoproximity routing policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"www.example.com\",\n type: \"CNAME\",\n ttl: 300,\n geoproximityRoutingPolicy: {\n coordinates: [{\n latitude: \"49.22\",\n longitude: \"-74.01\",\n }],\n },\n setIdentifier: \"dev\",\n records: [\"dev.example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"www.example.com\",\n type=\"CNAME\",\n ttl=300,\n geoproximity_routing_policy=aws.route53.RecordGeoproximityRoutingPolicyArgs(\n coordinates=[aws.route53.RecordGeoproximityRoutingPolicyCoordinateArgs(\n latitude=\"49.22\",\n longitude=\"-74.01\",\n )],\n ),\n set_identifier=\"dev\",\n records=[\"dev.example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www.example.com\",\n Type = \"CNAME\",\n Ttl = 300,\n GeoproximityRoutingPolicy = new Aws.Route53.Inputs.RecordGeoproximityRoutingPolicyArgs\n {\n Coordinates = new[]\n {\n new Aws.Route53.Inputs.RecordGeoproximityRoutingPolicyCoordinateArgs\n {\n Latitude = \"49.22\",\n Longitude = \"-74.01\",\n },\n },\n },\n SetIdentifier = \"dev\",\n Records = new[]\n {\n \"dev.example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www.example.com\"),\n\t\t\tType: pulumi.String(\"CNAME\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tGeoproximityRoutingPolicy: \u0026route53.RecordGeoproximityRoutingPolicyArgs{\n\t\t\t\tCoordinates: route53.RecordGeoproximityRoutingPolicyCoordinateArray{\n\t\t\t\t\t\u0026route53.RecordGeoproximityRoutingPolicyCoordinateArgs{\n\t\t\t\t\t\tLatitude: pulumi.String(\"49.22\"),\n\t\t\t\t\t\tLongitude: pulumi.String(\"-74.01\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"dev\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"dev.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordGeoproximityRoutingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www.example.com\")\n .type(\"CNAME\")\n .ttl(300)\n .geoproximityRoutingPolicy(RecordGeoproximityRoutingPolicyArgs.builder()\n .coordinates(RecordGeoproximityRoutingPolicyCoordinateArgs.builder()\n .latitude(\"49.22\")\n .longitude(\"-74.01\")\n .build())\n .build())\n .setIdentifier(\"dev\")\n .records(\"dev.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www.example.com\n type: CNAME\n ttl: 300\n geoproximityRoutingPolicy:\n coordinates:\n - latitude: '49.22'\n longitude: '-74.01'\n setIdentifier: dev\n records:\n - dev.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Alias record\n\nSee [related part of Amazon Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html)\nto understand differences between alias and non-alias records.\n\nTTL for all alias records is [60 seconds](https://aws.amazon.com/route53/faqs/#dns_failover_do_i_need_to_adjust),\nyou cannot change this, therefore `ttl` has to be omitted in alias records.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.elb.LoadBalancer(\"main\", {\n name: \"foobar-elb\",\n availabilityZones: [\"us-east-1c\"],\n listeners: [{\n instancePort: 80,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"example.com\",\n type: \"A\",\n aliases: [{\n name: main.dnsName,\n zoneId: main.zoneId,\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.LoadBalancer(\"main\",\n name=\"foobar-elb\",\n availability_zones=[\"us-east-1c\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=80,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"example.com\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=main.dns_name,\n zone_id=main.zone_id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Elb.LoadBalancer(\"main\", new()\n {\n Name = \"foobar-elb\",\n AvailabilityZones = new[]\n {\n \"us-east-1c\",\n },\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 80,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"example.com\",\n Type = \"A\",\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = main.DnsName,\n ZoneId = main.ZoneId,\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.NewLoadBalancer(ctx, \"main\", \u0026elb.LoadBalancerArgs{\n\t\t\tName: pulumi.String(\"foobar-elb\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1c\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(80),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: main.DnsName,\n\t\t\t\t\tZoneId: main.ZoneId,\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new LoadBalancer(\"main\", LoadBalancerArgs.builder() \n .name(\"foobar-elb\")\n .availabilityZones(\"us-east-1c\")\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(80)\n .instanceProtocol(\"http\")\n .lbPort(80)\n .lbProtocol(\"http\")\n .build())\n .build());\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"example.com\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(main.dnsName())\n .zoneId(main.zoneId())\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:elb:LoadBalancer\n properties:\n name: foobar-elb\n availabilityZones:\n - us-east-1c\n listeners:\n - instancePort: 80\n instanceProtocol: http\n lbPort: 80\n lbProtocol: http\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: example.com\n type: A\n aliases:\n - name: ${main.dnsName}\n zoneId: ${main.zoneId}\n evaluateTargetHealth: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### NS and SOA Record Management\n\nWhen creating Route 53 zones, the `NS` and `SOA` records for the zone are automatically created. Enabling the `allow_overwrite` argument will allow managing these records in a single deployment without the requirement for `import`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.Zone(\"example\", {name: \"test.example.com\"});\nconst exampleRecord = new aws.route53.Record(\"example\", {\n allowOverwrite: true,\n name: \"test.example.com\",\n ttl: 172800,\n type: \"NS\",\n zoneId: example.zoneId,\n records: [\n example.nameServers[0],\n example.nameServers[1],\n example.nameServers[2],\n example.nameServers[3],\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.Zone(\"example\", name=\"test.example.com\")\nexample_record = aws.route53.Record(\"example\",\n allow_overwrite=True,\n name=\"test.example.com\",\n ttl=172800,\n type=\"NS\",\n zone_id=example.zone_id,\n records=[\n example.name_servers[0],\n example.name_servers[1],\n example.name_servers[2],\n example.name_servers[3],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Route53.Zone(\"example\", new()\n {\n Name = \"test.example.com\",\n });\n\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n AllowOverwrite = true,\n Name = \"test.example.com\",\n Ttl = 172800,\n Type = \"NS\",\n ZoneId = example.ZoneId,\n Records = new[]\n {\n example.NameServers.Apply(nameServers =\u003e nameServers[0]),\n example.NameServers.Apply(nameServers =\u003e nameServers[1]),\n example.NameServers.Apply(nameServers =\u003e nameServers[2]),\n example.NameServers.Apply(nameServers =\u003e nameServers[3]),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := route53.NewZone(ctx, \"example\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"test.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tAllowOverwrite: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"test.example.com\"),\n\t\t\tTtl: pulumi.Int(172800),\n\t\t\tType: pulumi.String(\"NS\"),\n\t\t\tZoneId: example.ZoneId,\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[0], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[1], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[2], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[3], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Zone(\"example\", ZoneArgs.builder() \n .name(\"test.example.com\")\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .allowOverwrite(true)\n .name(\"test.example.com\")\n .ttl(172800)\n .type(\"NS\")\n .zoneId(example.zoneId())\n .records( \n example.nameServers().applyValue(nameServers -\u003e nameServers[0]),\n example.nameServers().applyValue(nameServers -\u003e nameServers[1]),\n example.nameServers().applyValue(nameServers -\u003e nameServers[2]),\n example.nameServers().applyValue(nameServers -\u003e nameServers[3]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:route53:Zone\n properties:\n name: test.example.com\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n allowOverwrite: true\n name: test.example.com\n ttl: 172800\n type: NS\n zoneId: ${example.zoneId}\n records:\n - ${example.nameServers[0]}\n - ${example.nameServers[1]}\n - ${example.nameServers[2]}\n - ${example.nameServers[3]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIf the record also contains a set identifier, append it:\n\nIf the record name is the empty string, it can be omitted:\n\n__Using `pulumi import` to import__ Route53 Records using the ID of the record, record name, record type, and set identifier. For example:\n\nUsing the ID of the record, which is the zone identifier, record name, and record type, separated by underscores (`_`):\n\n```sh\n$ pulumi import aws:route53/record:Record myrecord Z4KAPRWWNC7JR_dev.example.com_NS\n```\nIf the record also contains a set identifier, append it:\n\n```sh\n$ pulumi import aws:route53/record:Record myrecord Z4KAPRWWNC7JR_dev.example.com_NS_dev\n```\n", + "description": "Provides a Route53 record resource.\n\n## Example Usage\n\n### Simple routing policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"www.example.com\",\n type: aws.route53.RecordType.A,\n ttl: 300,\n records: [lb.publicIp],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"www.example.com\",\n type=aws.route53.RecordType.A,\n ttl=300,\n records=[lb[\"publicIp\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www.example.com\",\n Type = Aws.Route53.RecordType.A,\n Ttl = 300,\n Records = new[]\n {\n lb.PublicIp,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www.example.com\"),\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tlb.PublicIp,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www.example.com\")\n .type(\"A\")\n .ttl(300)\n .records(lb.publicIp())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www.example.com\n type: A\n ttl: 300\n records:\n - ${lb.publicIp}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Weighted routing policy\n\nOther routing policies are configured similarly. See [Amazon Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) for details.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www_dev = new aws.route53.Record(\"www-dev\", {\n zoneId: primary.zoneId,\n name: \"www\",\n type: aws.route53.RecordType.CNAME,\n ttl: 5,\n weightedRoutingPolicies: [{\n weight: 10,\n }],\n setIdentifier: \"dev\",\n records: [\"dev.example.com\"],\n});\nconst www_live = new aws.route53.Record(\"www-live\", {\n zoneId: primary.zoneId,\n name: \"www\",\n type: aws.route53.RecordType.CNAME,\n ttl: 5,\n weightedRoutingPolicies: [{\n weight: 90,\n }],\n setIdentifier: \"live\",\n records: [\"live.example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww_dev = aws.route53.Record(\"www-dev\",\n zone_id=primary[\"zoneId\"],\n name=\"www\",\n type=aws.route53.RecordType.CNAME,\n ttl=5,\n weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs(\n weight=10,\n )],\n set_identifier=\"dev\",\n records=[\"dev.example.com\"])\nwww_live = aws.route53.Record(\"www-live\",\n zone_id=primary[\"zoneId\"],\n name=\"www\",\n type=aws.route53.RecordType.CNAME,\n ttl=5,\n weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs(\n weight=90,\n )],\n set_identifier=\"live\",\n records=[\"live.example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var www_dev = new Aws.Route53.Record(\"www-dev\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www\",\n Type = Aws.Route53.RecordType.CNAME,\n Ttl = 5,\n WeightedRoutingPolicies = new[]\n {\n new Aws.Route53.Inputs.RecordWeightedRoutingPolicyArgs\n {\n Weight = 10,\n },\n },\n SetIdentifier = \"dev\",\n Records = new[]\n {\n \"dev.example.com\",\n },\n });\n\n var www_live = new Aws.Route53.Record(\"www-live\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www\",\n Type = Aws.Route53.RecordType.CNAME,\n Ttl = 5,\n WeightedRoutingPolicies = new[]\n {\n new Aws.Route53.Inputs.RecordWeightedRoutingPolicyArgs\n {\n Weight = 90,\n },\n },\n SetIdentifier = \"live\",\n Records = new[]\n {\n \"live.example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www-dev\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www\"),\n\t\t\tType: pulumi.String(route53.RecordTypeCNAME),\n\t\t\tTtl: pulumi.Int(5),\n\t\t\tWeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{\n\t\t\t\t\u0026route53.RecordWeightedRoutingPolicyArgs{\n\t\t\t\t\tWeight: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"dev\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"dev.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www-live\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www\"),\n\t\t\tType: pulumi.String(route53.RecordTypeCNAME),\n\t\t\tTtl: pulumi.Int(5),\n\t\t\tWeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{\n\t\t\t\t\u0026route53.RecordWeightedRoutingPolicyArgs{\n\t\t\t\t\tWeight: pulumi.Int(90),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"live\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"live.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordWeightedRoutingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var www_dev = new Record(\"www-dev\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www\")\n .type(\"CNAME\")\n .ttl(5)\n .weightedRoutingPolicies(RecordWeightedRoutingPolicyArgs.builder()\n .weight(10)\n .build())\n .setIdentifier(\"dev\")\n .records(\"dev.example.com\")\n .build());\n\n var www_live = new Record(\"www-live\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www\")\n .type(\"CNAME\")\n .ttl(5)\n .weightedRoutingPolicies(RecordWeightedRoutingPolicyArgs.builder()\n .weight(90)\n .build())\n .setIdentifier(\"live\")\n .records(\"live.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www-dev:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www\n type: CNAME\n ttl: 5\n weightedRoutingPolicies:\n - weight: 10\n setIdentifier: dev\n records:\n - dev.example.com\n www-live:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www\n type: CNAME\n ttl: 5\n weightedRoutingPolicies:\n - weight: 90\n setIdentifier: live\n records:\n - live.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Geoproximity routing policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"www.example.com\",\n type: aws.route53.RecordType.CNAME,\n ttl: 300,\n geoproximityRoutingPolicy: {\n coordinates: [{\n latitude: \"49.22\",\n longitude: \"-74.01\",\n }],\n },\n setIdentifier: \"dev\",\n records: [\"dev.example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"www.example.com\",\n type=aws.route53.RecordType.CNAME,\n ttl=300,\n geoproximity_routing_policy=aws.route53.RecordGeoproximityRoutingPolicyArgs(\n coordinates=[aws.route53.RecordGeoproximityRoutingPolicyCoordinateArgs(\n latitude=\"49.22\",\n longitude=\"-74.01\",\n )],\n ),\n set_identifier=\"dev\",\n records=[\"dev.example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"www.example.com\",\n Type = Aws.Route53.RecordType.CNAME,\n Ttl = 300,\n GeoproximityRoutingPolicy = new Aws.Route53.Inputs.RecordGeoproximityRoutingPolicyArgs\n {\n Coordinates = new[]\n {\n new Aws.Route53.Inputs.RecordGeoproximityRoutingPolicyCoordinateArgs\n {\n Latitude = \"49.22\",\n Longitude = \"-74.01\",\n },\n },\n },\n SetIdentifier = \"dev\",\n Records = new[]\n {\n \"dev.example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"www.example.com\"),\n\t\t\tType: pulumi.String(route53.RecordTypeCNAME),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tGeoproximityRoutingPolicy: \u0026route53.RecordGeoproximityRoutingPolicyArgs{\n\t\t\t\tCoordinates: route53.RecordGeoproximityRoutingPolicyCoordinateArray{\n\t\t\t\t\t\u0026route53.RecordGeoproximityRoutingPolicyCoordinateArgs{\n\t\t\t\t\t\tLatitude: pulumi.String(\"49.22\"),\n\t\t\t\t\t\tLongitude: pulumi.String(\"-74.01\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"dev\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"dev.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordGeoproximityRoutingPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"www.example.com\")\n .type(\"CNAME\")\n .ttl(300)\n .geoproximityRoutingPolicy(RecordGeoproximityRoutingPolicyArgs.builder()\n .coordinates(RecordGeoproximityRoutingPolicyCoordinateArgs.builder()\n .latitude(\"49.22\")\n .longitude(\"-74.01\")\n .build())\n .build())\n .setIdentifier(\"dev\")\n .records(\"dev.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: www.example.com\n type: CNAME\n ttl: 300\n geoproximityRoutingPolicy:\n coordinates:\n - latitude: '49.22'\n longitude: '-74.01'\n setIdentifier: dev\n records:\n - dev.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Alias record\n\nSee [related part of Amazon Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html)\nto understand differences between alias and non-alias records.\n\nTTL for all alias records is [60 seconds](https://aws.amazon.com/route53/faqs/#dns_failover_do_i_need_to_adjust),\nyou cannot change this, therefore `ttl` has to be omitted in alias records.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.elb.LoadBalancer(\"main\", {\n name: \"foobar-elb\",\n availabilityZones: [\"us-east-1c\"],\n listeners: [{\n instancePort: 80,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"example.com\",\n type: aws.route53.RecordType.A,\n aliases: [{\n name: main.dnsName,\n zoneId: main.zoneId,\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.LoadBalancer(\"main\",\n name=\"foobar-elb\",\n availability_zones=[\"us-east-1c\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=80,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"example.com\",\n type=aws.route53.RecordType.A,\n aliases=[aws.route53.RecordAliasArgs(\n name=main.dns_name,\n zone_id=main.zone_id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Elb.LoadBalancer(\"main\", new()\n {\n Name = \"foobar-elb\",\n AvailabilityZones = new[]\n {\n \"us-east-1c\",\n },\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 80,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"example.com\",\n Type = Aws.Route53.RecordType.A,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = main.DnsName,\n ZoneId = main.ZoneId,\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.NewLoadBalancer(ctx, \"main\", \u0026elb.LoadBalancerArgs{\n\t\t\tName: pulumi.String(\"foobar-elb\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1c\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(80),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: main.DnsName,\n\t\t\t\t\tZoneId: main.ZoneId,\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new LoadBalancer(\"main\", LoadBalancerArgs.builder() \n .name(\"foobar-elb\")\n .availabilityZones(\"us-east-1c\")\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(80)\n .instanceProtocol(\"http\")\n .lbPort(80)\n .lbProtocol(\"http\")\n .build())\n .build());\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"example.com\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(main.dnsName())\n .zoneId(main.zoneId())\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:elb:LoadBalancer\n properties:\n name: foobar-elb\n availabilityZones:\n - us-east-1c\n listeners:\n - instancePort: 80\n instanceProtocol: http\n lbPort: 80\n lbProtocol: http\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: example.com\n type: A\n aliases:\n - name: ${main.dnsName}\n zoneId: ${main.zoneId}\n evaluateTargetHealth: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### NS and SOA Record Management\n\nWhen creating Route 53 zones, the `NS` and `SOA` records for the zone are automatically created. Enabling the `allow_overwrite` argument will allow managing these records in a single deployment without the requirement for `import`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.Zone(\"example\", {name: \"test.example.com\"});\nconst exampleRecord = new aws.route53.Record(\"example\", {\n allowOverwrite: true,\n name: \"test.example.com\",\n ttl: 172800,\n type: aws.route53.RecordType.NS,\n zoneId: example.zoneId,\n records: [\n example.nameServers[0],\n example.nameServers[1],\n example.nameServers[2],\n example.nameServers[3],\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.Zone(\"example\", name=\"test.example.com\")\nexample_record = aws.route53.Record(\"example\",\n allow_overwrite=True,\n name=\"test.example.com\",\n ttl=172800,\n type=aws.route53.RecordType.NS,\n zone_id=example.zone_id,\n records=[\n example.name_servers[0],\n example.name_servers[1],\n example.name_servers[2],\n example.name_servers[3],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Route53.Zone(\"example\", new()\n {\n Name = \"test.example.com\",\n });\n\n var exampleRecord = new Aws.Route53.Record(\"example\", new()\n {\n AllowOverwrite = true,\n Name = \"test.example.com\",\n Ttl = 172800,\n Type = Aws.Route53.RecordType.NS,\n ZoneId = example.ZoneId,\n Records = new[]\n {\n example.NameServers.Apply(nameServers =\u003e nameServers[0]),\n example.NameServers.Apply(nameServers =\u003e nameServers[1]),\n example.NameServers.Apply(nameServers =\u003e nameServers[2]),\n example.NameServers.Apply(nameServers =\u003e nameServers[3]),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := route53.NewZone(ctx, \"example\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"test.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tAllowOverwrite: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"test.example.com\"),\n\t\t\tTtl: pulumi.Int(172800),\n\t\t\tType: pulumi.String(route53.RecordTypeNS),\n\t\t\tZoneId: example.ZoneId,\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[0], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[1], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[2], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texample.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[3], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Zone(\"example\", ZoneArgs.builder() \n .name(\"test.example.com\")\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .allowOverwrite(true)\n .name(\"test.example.com\")\n .ttl(172800)\n .type(\"NS\")\n .zoneId(example.zoneId())\n .records( \n example.nameServers().applyValue(nameServers -\u003e nameServers[0]),\n example.nameServers().applyValue(nameServers -\u003e nameServers[1]),\n example.nameServers().applyValue(nameServers -\u003e nameServers[2]),\n example.nameServers().applyValue(nameServers -\u003e nameServers[3]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:route53:Zone\n properties:\n name: test.example.com\n exampleRecord:\n type: aws:route53:Record\n name: example\n properties:\n allowOverwrite: true\n name: test.example.com\n ttl: 172800\n type: NS\n zoneId: ${example.zoneId}\n records:\n - ${example.nameServers[0]}\n - ${example.nameServers[1]}\n - ${example.nameServers[2]}\n - ${example.nameServers[3]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIf the record also contains a set identifier, append it:\n\nIf the record name is the empty string, it can be omitted:\n\n__Using `pulumi import` to import__ Route53 Records using the ID of the record, record name, record type, and set identifier. For example:\n\nUsing the ID of the record, which is the zone identifier, record name, and record type, separated by underscores (`_`):\n\n```sh\n$ pulumi import aws:route53/record:Record myrecord Z4KAPRWWNC7JR_dev.example.com_NS\n```\nIf the record also contains a set identifier, append it:\n\n```sh\n$ pulumi import aws:route53/record:Record myrecord Z4KAPRWWNC7JR_dev.example.com_NS_dev\n```\n", "properties": { "aliases": { "type": "array", @@ -311100,7 +311100,7 @@ } }, "aws:route53/zone:Zone": { - "description": "Manages a Route53 Hosted Zone. For managing Domain Name System Security Extensions (DNSSEC), see the `aws.route53.KeySigningKey` and `aws.route53.HostedZoneDnsSec` resources.\n\n## Example Usage\n\n### Public Zone\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.route53.Zone(\"primary\", {name: \"example.com\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.route53.Zone(\"primary\", name=\"example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Route53.Zone(\"primary\", new()\n {\n Name = \"example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewZone(ctx, \"primary\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Zone(\"primary\", ZoneArgs.builder() \n .name(\"example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: aws:route53:Zone\n properties:\n name: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Public Subdomain Zone\n\nFor use in subdomains, note that you need to create a\n`aws.route53.Record` of type `NS` as well as the subdomain\nzone.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.route53.Zone(\"main\", {name: \"example.com\"});\nconst dev = new aws.route53.Zone(\"dev\", {\n name: \"dev.example.com\",\n tags: {\n Environment: \"dev\",\n },\n});\nconst dev_ns = new aws.route53.Record(\"dev-ns\", {\n zoneId: main.zoneId,\n name: \"dev.example.com\",\n type: \"NS\",\n ttl: 30,\n records: dev.nameServers,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.route53.Zone(\"main\", name=\"example.com\")\ndev = aws.route53.Zone(\"dev\",\n name=\"dev.example.com\",\n tags={\n \"Environment\": \"dev\",\n })\ndev_ns = aws.route53.Record(\"dev-ns\",\n zone_id=main.zone_id,\n name=\"dev.example.com\",\n type=\"NS\",\n ttl=30,\n records=dev.name_servers)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Route53.Zone(\"main\", new()\n {\n Name = \"example.com\",\n });\n\n var dev = new Aws.Route53.Zone(\"dev\", new()\n {\n Name = \"dev.example.com\",\n Tags = \n {\n { \"Environment\", \"dev\" },\n },\n });\n\n var dev_ns = new Aws.Route53.Record(\"dev-ns\", new()\n {\n ZoneId = main.ZoneId,\n Name = \"dev.example.com\",\n Type = \"NS\",\n Ttl = 30,\n Records = dev.NameServers,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := route53.NewZone(ctx, \"main\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdev, err := route53.NewZone(ctx, \"dev\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"dev.example.com\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"dev-ns\", \u0026route53.RecordArgs{\n\t\t\tZoneId: main.ZoneId,\n\t\t\tName: pulumi.String(\"dev.example.com\"),\n\t\t\tType: pulumi.String(\"NS\"),\n\t\t\tTtl: pulumi.Int(30),\n\t\t\tRecords: dev.NameServers,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Zone(\"main\", ZoneArgs.builder() \n .name(\"example.com\")\n .build());\n\n var dev = new Zone(\"dev\", ZoneArgs.builder() \n .name(\"dev.example.com\")\n .tags(Map.of(\"Environment\", \"dev\"))\n .build());\n\n var dev_ns = new Record(\"dev-ns\", RecordArgs.builder() \n .zoneId(main.zoneId())\n .name(\"dev.example.com\")\n .type(\"NS\")\n .ttl(\"30\")\n .records(dev.nameServers())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:route53:Zone\n properties:\n name: example.com\n dev:\n type: aws:route53:Zone\n properties:\n name: dev.example.com\n tags:\n Environment: dev\n dev-ns:\n type: aws:route53:Record\n properties:\n zoneId: ${main.zoneId}\n name: dev.example.com\n type: NS\n ttl: '30'\n records: ${dev.nameServers}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private Zone\n\n\u003e **NOTE:** This provider provides both exclusive VPC associations defined in-line in this resource via `vpc` configuration blocks and a separate `Zone VPC Association resource. At this time, you cannot use in-line VPC associations in conjunction with any `aws.route53.ZoneAssociation` resources with the same zone ID otherwise it will cause a perpetual difference in plan output. You can optionally use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to manage additional associations via the `aws.route53.ZoneAssociation` resource.\n\n\u003e **NOTE:** Private zones require at least one VPC association at all times.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _private = new aws.route53.Zone(\"private\", {\n name: \"example.com\",\n vpcs: [{\n vpcId: example.id,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprivate = aws.route53.Zone(\"private\",\n name=\"example.com\",\n vpcs=[aws.route53.ZoneVpcArgs(\n vpc_id=example[\"id\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @private = new Aws.Route53.Zone(\"private\", new()\n {\n Name = \"example.com\",\n Vpcs = new[]\n {\n new Aws.Route53.Inputs.ZoneVpcArgs\n {\n VpcId = example.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewZone(ctx, \"private\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tVpcs: route53.ZoneVpcArray{\n\t\t\t\t\u0026route53.ZoneVpcArgs{\n\t\t\t\t\tVpcId: pulumi.Any(example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.route53.inputs.ZoneVpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var private_ = new Zone(\"private\", ZoneArgs.builder() \n .name(\"example.com\")\n .vpcs(ZoneVpcArgs.builder()\n .vpcId(example.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n private:\n type: aws:route53:Zone\n properties:\n name: example.com\n vpcs:\n - vpcId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Route53 Zones using the zone `id`. For example:\n\n```sh\n$ pulumi import aws:route53/zone:Zone myzone Z1D633PJN98FT9\n```\n", + "description": "Manages a Route53 Hosted Zone. For managing Domain Name System Security Extensions (DNSSEC), see the `aws.route53.KeySigningKey` and `aws.route53.HostedZoneDnsSec` resources.\n\n## Example Usage\n\n### Public Zone\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.route53.Zone(\"primary\", {name: \"example.com\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.route53.Zone(\"primary\", name=\"example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Route53.Zone(\"primary\", new()\n {\n Name = \"example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewZone(ctx, \"primary\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Zone(\"primary\", ZoneArgs.builder() \n .name(\"example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: aws:route53:Zone\n properties:\n name: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Public Subdomain Zone\n\nFor use in subdomains, note that you need to create a\n`aws.route53.Record` of type `NS` as well as the subdomain\nzone.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.route53.Zone(\"main\", {name: \"example.com\"});\nconst dev = new aws.route53.Zone(\"dev\", {\n name: \"dev.example.com\",\n tags: {\n Environment: \"dev\",\n },\n});\nconst dev_ns = new aws.route53.Record(\"dev-ns\", {\n zoneId: main.zoneId,\n name: \"dev.example.com\",\n type: aws.route53.RecordType.NS,\n ttl: 30,\n records: dev.nameServers,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.route53.Zone(\"main\", name=\"example.com\")\ndev = aws.route53.Zone(\"dev\",\n name=\"dev.example.com\",\n tags={\n \"Environment\": \"dev\",\n })\ndev_ns = aws.route53.Record(\"dev-ns\",\n zone_id=main.zone_id,\n name=\"dev.example.com\",\n type=aws.route53.RecordType.NS,\n ttl=30,\n records=dev.name_servers)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = new Aws.Route53.Zone(\"main\", new()\n {\n Name = \"example.com\",\n });\n\n var dev = new Aws.Route53.Zone(\"dev\", new()\n {\n Name = \"dev.example.com\",\n Tags = \n {\n { \"Environment\", \"dev\" },\n },\n });\n\n var dev_ns = new Aws.Route53.Record(\"dev-ns\", new()\n {\n ZoneId = main.ZoneId,\n Name = \"dev.example.com\",\n Type = Aws.Route53.RecordType.NS,\n Ttl = 30,\n Records = dev.NameServers,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := route53.NewZone(ctx, \"main\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdev, err := route53.NewZone(ctx, \"dev\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"dev.example.com\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"dev-ns\", \u0026route53.RecordArgs{\n\t\t\tZoneId: main.ZoneId,\n\t\t\tName: pulumi.String(\"dev.example.com\"),\n\t\t\tType: pulumi.String(route53.RecordTypeNS),\n\t\t\tTtl: pulumi.Int(30),\n\t\t\tRecords: dev.NameServers,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var main = new Zone(\"main\", ZoneArgs.builder() \n .name(\"example.com\")\n .build());\n\n var dev = new Zone(\"dev\", ZoneArgs.builder() \n .name(\"dev.example.com\")\n .tags(Map.of(\"Environment\", \"dev\"))\n .build());\n\n var dev_ns = new Record(\"dev-ns\", RecordArgs.builder() \n .zoneId(main.zoneId())\n .name(\"dev.example.com\")\n .type(\"NS\")\n .ttl(\"30\")\n .records(dev.nameServers())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:route53:Zone\n properties:\n name: example.com\n dev:\n type: aws:route53:Zone\n properties:\n name: dev.example.com\n tags:\n Environment: dev\n dev-ns:\n type: aws:route53:Record\n properties:\n zoneId: ${main.zoneId}\n name: dev.example.com\n type: NS\n ttl: '30'\n records: ${dev.nameServers}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private Zone\n\n\u003e **NOTE:** This provider provides both exclusive VPC associations defined in-line in this resource via `vpc` configuration blocks and a separate `Zone VPC Association resource. At this time, you cannot use in-line VPC associations in conjunction with any `aws.route53.ZoneAssociation` resources with the same zone ID otherwise it will cause a perpetual difference in plan output. You can optionally use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to manage additional associations via the `aws.route53.ZoneAssociation` resource.\n\n\u003e **NOTE:** Private zones require at least one VPC association at all times.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _private = new aws.route53.Zone(\"private\", {\n name: \"example.com\",\n vpcs: [{\n vpcId: example.id,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprivate = aws.route53.Zone(\"private\",\n name=\"example.com\",\n vpcs=[aws.route53.ZoneVpcArgs(\n vpc_id=example[\"id\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @private = new Aws.Route53.Zone(\"private\", new()\n {\n Name = \"example.com\",\n Vpcs = new[]\n {\n new Aws.Route53.Inputs.ZoneVpcArgs\n {\n VpcId = example.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewZone(ctx, \"private\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tVpcs: route53.ZoneVpcArray{\n\t\t\t\t\u0026route53.ZoneVpcArgs{\n\t\t\t\t\tVpcId: pulumi.Any(example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.route53.inputs.ZoneVpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var private_ = new Zone(\"private\", ZoneArgs.builder() \n .name(\"example.com\")\n .vpcs(ZoneVpcArgs.builder()\n .vpcId(example.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n private:\n type: aws:route53:Zone\n properties:\n name: example.com\n vpcs:\n - vpcId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Route53 Zones using the zone `id`. For example:\n\n```sh\n$ pulumi import aws:route53/zone:Zone myzone Z1D633PJN98FT9\n```\n", "properties": { "arn": { "type": "string", @@ -313055,7 +313055,7 @@ } }, "aws:s3/bucket:Bucket": { - "description": "Provides a S3 bucket resource.\n\n\u003e This functionality is for managing S3 in an AWS Partition. To manage [S3 on Outposts](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html), see the `aws.s3control.Bucket` resource.\n\n\u003e **NOTE:** This resource might not work well if using an alternative s3-compatible provider. Please use `aws.s3.BucketV2` instead.\n\n## Example Usage\n\n### Private Bucket w/ Tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"my-tf-test-bucket\",\n acl: \"private\",\n tags: {\n Name: \"My bucket\",\n Environment: \"Dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"my-tf-test-bucket\",\n acl=\"private\",\n tags={\n \"Name\": \"My bucket\",\n \"Environment\": \"Dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"my-tf-test-bucket\",\n Acl = \"private\",\n Tags = \n {\n { \"Name\", \"My bucket\" },\n { \"Environment\", \"Dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-test-bucket\"),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"My bucket\"),\n\t\t\t\t\"Environment\": pulumi.String(\"Dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"my-tf-test-bucket\")\n .acl(\"private\")\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"My bucket\"),\n Map.entry(\"Environment\", \"Dev\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: my-tf-test-bucket\n acl: private\n tags:\n Name: My bucket\n Environment: Dev\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Static Website Hosting\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"s3-website-test.mydomain.com\",\n acl: \"public-read\",\n policy: std.file({\n input: \"policy.json\",\n }).then(invoke =\u003e invoke.result),\n website: {\n indexDocument: \"index.html\",\n errorDocument: \"error.html\",\n routingRules: `[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"s3-website-test.mydomain.com\",\n acl=\"public-read\",\n policy=std.file(input=\"policy.json\").result,\n website=aws.s3.BucketWebsiteArgs(\n index_document=\"index.html\",\n error_document=\"error.html\",\n routing_rules=\"\"\"[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n\"\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"s3-website-test.mydomain.com\",\n Acl = \"public-read\",\n Policy = Std.File.Invoke(new()\n {\n Input = \"policy.json\",\n }).Apply(invoke =\u003e invoke.Result),\n Website = new Aws.S3.Inputs.BucketWebsiteArgs\n {\n IndexDocument = \"index.html\",\n ErrorDocument = \"error.html\",\n RoutingRules = @\"[{\n \"\"Condition\"\": {\n \"\"KeyPrefixEquals\"\": \"\"docs/\"\"\n },\n \"\"Redirect\"\": {\n \"\"ReplaceKeyPrefixWith\"\": \"\"documents/\"\"\n }\n}]\n\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"policy.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"s3-website-test.mydomain.com\"),\n\t\t\tAcl: pulumi.String(\"public-read\"),\n\t\t\tPolicy: invokeFile.Result,\n\t\t\tWebsite: \u0026s3.BucketWebsiteArgs{\n\t\t\t\tIndexDocument: pulumi.String(\"index.html\"),\n\t\t\t\tErrorDocument: pulumi.String(\"error.html\"),\n\t\t\t\tRoutingRules: pulumi.Any(`[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n`),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketWebsiteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"s3-website-test.mydomain.com\")\n .acl(\"public-read\")\n .policy(StdFunctions.file(FileArgs.builder()\n .input(\"policy.json\")\n .build()).result())\n .website(BucketWebsiteArgs.builder()\n .indexDocument(\"index.html\")\n .errorDocument(\"error.html\")\n .routingRules(\"\"\"\n[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n \"\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: s3-website-test.mydomain.com\n acl: public-read\n policy:\n fn::invoke:\n Function: std:file\n Arguments:\n input: policy.json\n Return: result\n website:\n indexDocument: index.html\n errorDocument: error.html\n routingRules: |\n [{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n }]\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using CORS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"s3-website-test.mydomain.com\",\n acl: \"public-read\",\n corsRules: [{\n allowedHeaders: [\"*\"],\n allowedMethods: [\n \"PUT\",\n \"POST\",\n ],\n allowedOrigins: [\"https://s3-website-test.mydomain.com\"],\n exposeHeaders: [\"ETag\"],\n maxAgeSeconds: 3000,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"s3-website-test.mydomain.com\",\n acl=\"public-read\",\n cors_rules=[aws.s3.BucketCorsRuleArgs(\n allowed_headers=[\"*\"],\n allowed_methods=[\n \"PUT\",\n \"POST\",\n ],\n allowed_origins=[\"https://s3-website-test.mydomain.com\"],\n expose_headers=[\"ETag\"],\n max_age_seconds=3000,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"s3-website-test.mydomain.com\",\n Acl = \"public-read\",\n CorsRules = new[]\n {\n new Aws.S3.Inputs.BucketCorsRuleArgs\n {\n AllowedHeaders = new[]\n {\n \"*\",\n },\n AllowedMethods = new[]\n {\n \"PUT\",\n \"POST\",\n },\n AllowedOrigins = new[]\n {\n \"https://s3-website-test.mydomain.com\",\n },\n ExposeHeaders = new[]\n {\n \"ETag\",\n },\n MaxAgeSeconds = 3000,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"s3-website-test.mydomain.com\"),\n\t\t\tAcl: pulumi.String(\"public-read\"),\n\t\t\tCorsRules: s3.BucketCorsRuleArray{\n\t\t\t\t\u0026s3.BucketCorsRuleArgs{\n\t\t\t\t\tAllowedHeaders: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedMethods: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"PUT\"),\n\t\t\t\t\t\tpulumi.String(\"POST\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedOrigins: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"https://s3-website-test.mydomain.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tExposeHeaders: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ETag\"),\n\t\t\t\t\t},\n\t\t\t\t\tMaxAgeSeconds: pulumi.Int(3000),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketCorsRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"s3-website-test.mydomain.com\")\n .acl(\"public-read\")\n .corsRules(BucketCorsRuleArgs.builder()\n .allowedHeaders(\"*\")\n .allowedMethods( \n \"PUT\",\n \"POST\")\n .allowedOrigins(\"https://s3-website-test.mydomain.com\")\n .exposeHeaders(\"ETag\")\n .maxAgeSeconds(3000)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: s3-website-test.mydomain.com\n acl: public-read\n corsRules:\n - allowedHeaders:\n - '*'\n allowedMethods:\n - PUT\n - POST\n allowedOrigins:\n - https://s3-website-test.mydomain.com\n exposeHeaders:\n - ETag\n maxAgeSeconds: 3000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using versioning\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"my-tf-test-bucket\",\n acl: \"private\",\n versioning: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"my-tf-test-bucket\",\n acl=\"private\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"my-tf-test-bucket\",\n Acl = \"private\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-test-bucket\"),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketVersioningArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"my-tf-test-bucket\")\n .acl(\"private\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: my-tf-test-bucket\n acl: private\n versioning:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enable Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst logBucket = new aws.s3.Bucket(\"log_bucket\", {\n bucket: \"my-tf-log-bucket\",\n acl: \"log-delivery-write\",\n});\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"my-tf-test-bucket\",\n acl: \"private\",\n loggings: [{\n targetBucket: logBucket.id,\n targetPrefix: \"log/\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlog_bucket = aws.s3.Bucket(\"log_bucket\",\n bucket=\"my-tf-log-bucket\",\n acl=\"log-delivery-write\")\nb = aws.s3.Bucket(\"b\",\n bucket=\"my-tf-test-bucket\",\n acl=\"private\",\n loggings=[aws.s3.BucketLoggingArgs(\n target_bucket=log_bucket.id,\n target_prefix=\"log/\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var logBucket = new Aws.S3.Bucket(\"log_bucket\", new()\n {\n BucketName = \"my-tf-log-bucket\",\n Acl = \"log-delivery-write\",\n });\n\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"my-tf-test-bucket\",\n Acl = \"private\",\n Loggings = new[]\n {\n new Aws.S3.Inputs.BucketLoggingArgs\n {\n TargetBucket = logBucket.Id,\n TargetPrefix = \"log/\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlogBucket, err := s3.NewBucket(ctx, \"log_bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-log-bucket\"),\n\t\t\tAcl: pulumi.String(\"log-delivery-write\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-test-bucket\"),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tLoggings: s3.BucketLoggingArray{\n\t\t\t\t\u0026s3.BucketLoggingArgs{\n\t\t\t\t\tTargetBucket: logBucket.ID(),\n\t\t\t\t\tTargetPrefix: pulumi.String(\"log/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketLoggingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var logBucket = new Bucket(\"logBucket\", BucketArgs.builder() \n .bucket(\"my-tf-log-bucket\")\n .acl(\"log-delivery-write\")\n .build());\n\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"my-tf-test-bucket\")\n .acl(\"private\")\n .loggings(BucketLoggingArgs.builder()\n .targetBucket(logBucket.id())\n .targetPrefix(\"log/\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n logBucket:\n type: aws:s3:Bucket\n name: log_bucket\n properties:\n bucket: my-tf-log-bucket\n acl: log-delivery-write\n b:\n type: aws:s3:Bucket\n properties:\n bucket: my-tf-test-bucket\n acl: private\n loggings:\n - targetBucket: ${logBucket.id}\n targetPrefix: log/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using object lifecycle\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n bucket: \"my-bucket\",\n acl: \"private\",\n lifecycleRules: [\n {\n id: \"log\",\n enabled: true,\n prefix: \"log/\",\n tags: {\n rule: \"log\",\n autoclean: \"true\",\n },\n transitions: [\n {\n days: 30,\n storageClass: \"STANDARD_IA\",\n },\n {\n days: 60,\n storageClass: \"GLACIER\",\n },\n ],\n expiration: {\n days: 90,\n },\n },\n {\n id: \"tmp\",\n prefix: \"tmp/\",\n enabled: true,\n expiration: {\n date: \"2016-01-12\",\n },\n },\n ],\n});\nconst versioningBucket = new aws.s3.Bucket(\"versioning_bucket\", {\n bucket: \"my-versioning-bucket\",\n acl: \"private\",\n versioning: {\n enabled: true,\n },\n lifecycleRules: [{\n prefix: \"config/\",\n enabled: true,\n noncurrentVersionTransitions: [\n {\n days: 30,\n storageClass: \"STANDARD_IA\",\n },\n {\n days: 60,\n storageClass: \"GLACIER\",\n },\n ],\n noncurrentVersionExpiration: {\n days: 90,\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n bucket=\"my-bucket\",\n acl=\"private\",\n lifecycle_rules=[\n aws.s3.BucketLifecycleRuleArgs(\n id=\"log\",\n enabled=True,\n prefix=\"log/\",\n tags={\n \"rule\": \"log\",\n \"autoclean\": \"true\",\n },\n transitions=[\n aws.s3.BucketLifecycleRuleTransitionArgs(\n days=30,\n storage_class=\"STANDARD_IA\",\n ),\n aws.s3.BucketLifecycleRuleTransitionArgs(\n days=60,\n storage_class=\"GLACIER\",\n ),\n ],\n expiration=aws.s3.BucketLifecycleRuleExpirationArgs(\n days=90,\n ),\n ),\n aws.s3.BucketLifecycleRuleArgs(\n id=\"tmp\",\n prefix=\"tmp/\",\n enabled=True,\n expiration=aws.s3.BucketLifecycleRuleExpirationArgs(\n date=\"2016-01-12\",\n ),\n ),\n ])\nversioning_bucket = aws.s3.Bucket(\"versioning_bucket\",\n bucket=\"my-versioning-bucket\",\n acl=\"private\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ),\n lifecycle_rules=[aws.s3.BucketLifecycleRuleArgs(\n prefix=\"config/\",\n enabled=True,\n noncurrent_version_transitions=[\n aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(\n days=30,\n storage_class=\"STANDARD_IA\",\n ),\n aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(\n days=60,\n storage_class=\"GLACIER\",\n ),\n ],\n noncurrent_version_expiration=aws.s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs(\n days=90,\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.Bucket(\"bucket\", new()\n {\n BucketName = \"my-bucket\",\n Acl = \"private\",\n LifecycleRules = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Id = \"log\",\n Enabled = true,\n Prefix = \"log/\",\n Tags = \n {\n { \"rule\", \"log\" },\n { \"autoclean\", \"true\" },\n },\n Transitions = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs\n {\n Days = 30,\n StorageClass = \"STANDARD_IA\",\n },\n new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs\n {\n Days = 60,\n StorageClass = \"GLACIER\",\n },\n },\n Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs\n {\n Days = 90,\n },\n },\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Id = \"tmp\",\n Prefix = \"tmp/\",\n Enabled = true,\n Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs\n {\n Date = \"2016-01-12\",\n },\n },\n },\n });\n\n var versioningBucket = new Aws.S3.Bucket(\"versioning_bucket\", new()\n {\n BucketName = \"my-versioning-bucket\",\n Acl = \"private\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n LifecycleRules = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Prefix = \"config/\",\n Enabled = true,\n NoncurrentVersionTransitions = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs\n {\n Days = 30,\n StorageClass = \"STANDARD_IA\",\n },\n new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs\n {\n Days = 60,\n StorageClass = \"GLACIER\",\n },\n },\n NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs\n {\n Days = 90,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-bucket\"),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tLifecycleRules: s3.BucketLifecycleRuleArray{\n\t\t\t\t\u0026s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"log\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tPrefix: pulumi.String(\"log/\"),\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"rule\": pulumi.String(\"log\"),\n\t\t\t\t\t\t\"autoclean\": pulumi.String(\"true\"),\n\t\t\t\t\t},\n\t\t\t\t\tTransitions: s3.BucketLifecycleRuleTransitionArray{\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(30),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD_IA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(60),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"GLACIER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExpiration: \u0026s3.BucketLifecycleRuleExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(90),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"tmp\"),\n\t\t\t\t\tPrefix: pulumi.String(\"tmp/\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tExpiration: \u0026s3.BucketLifecycleRuleExpirationArgs{\n\t\t\t\t\t\tDate: pulumi.String(\"2016-01-12\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"versioning_bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-versioning-bucket\"),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tLifecycleRules: s3.BucketLifecycleRuleArray{\n\t\t\t\t\u0026s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tPrefix: pulumi.String(\"config/\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tNoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(30),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD_IA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(60),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"GLACIER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNoncurrentVersionExpiration: \u0026s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(90),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketLifecycleRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketLifecycleRuleExpirationArgs;\nimport com.pulumi.aws.s3.inputs.BucketVersioningArgs;\nimport com.pulumi.aws.s3.inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder() \n .bucket(\"my-bucket\")\n .acl(\"private\")\n .lifecycleRules( \n BucketLifecycleRuleArgs.builder()\n .id(\"log\")\n .enabled(true)\n .prefix(\"log/\")\n .tags(Map.ofEntries(\n Map.entry(\"rule\", \"log\"),\n Map.entry(\"autoclean\", \"true\")\n ))\n .transitions( \n BucketLifecycleRuleTransitionArgs.builder()\n .days(30)\n .storageClass(\"STANDARD_IA\")\n .build(),\n BucketLifecycleRuleTransitionArgs.builder()\n .days(60)\n .storageClass(\"GLACIER\")\n .build())\n .expiration(BucketLifecycleRuleExpirationArgs.builder()\n .days(90)\n .build())\n .build(),\n BucketLifecycleRuleArgs.builder()\n .id(\"tmp\")\n .prefix(\"tmp/\")\n .enabled(true)\n .expiration(BucketLifecycleRuleExpirationArgs.builder()\n .date(\"2016-01-12\")\n .build())\n .build())\n .build());\n\n var versioningBucket = new Bucket(\"versioningBucket\", BucketArgs.builder() \n .bucket(\"my-versioning-bucket\")\n .acl(\"private\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .lifecycleRules(BucketLifecycleRuleArgs.builder()\n .prefix(\"config/\")\n .enabled(true)\n .noncurrentVersionTransitions( \n BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()\n .days(30)\n .storageClass(\"STANDARD_IA\")\n .build(),\n BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()\n .days(60)\n .storageClass(\"GLACIER\")\n .build())\n .noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()\n .days(90)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:Bucket\n properties:\n bucket: my-bucket\n acl: private\n lifecycleRules:\n - id: log\n enabled: true\n prefix: log/\n tags:\n rule: log\n autoclean: 'true'\n transitions:\n - days: 30\n storageClass: STANDARD_IA\n - days: 60\n storageClass: GLACIER\n expiration:\n days: 90\n - id: tmp\n prefix: tmp/\n enabled: true\n expiration:\n date: 2016-01-12\n versioningBucket:\n type: aws:s3:Bucket\n name: versioning_bucket\n properties:\n bucket: my-versioning-bucket\n acl: private\n versioning:\n enabled: true\n lifecycleRules:\n - prefix: config/\n enabled: true\n noncurrentVersionTransitions:\n - days: 30\n storageClass: STANDARD_IA\n - days: 60\n storageClass: GLACIER\n noncurrentVersionExpiration:\n days: 90\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using replication configuration\n\n\u003e **NOTE:** See the `aws.s3.BucketReplicationConfig` resource to support bi-directional replication configuration and additional features.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst replication = new aws.iam.Role(\"replication\", {\n name: \"tf-iam-role-replication-12345\",\n assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`,\n});\nconst destination = new aws.s3.Bucket(\"destination\", {\n bucket: \"tf-test-bucket-destination-12345\",\n versioning: {\n enabled: true,\n },\n});\nconst source = new aws.s3.Bucket(\"source\", {\n bucket: \"tf-test-bucket-source-12345\",\n acl: \"private\",\n versioning: {\n enabled: true,\n },\n replicationConfiguration: {\n role: replication.arn,\n rules: [{\n id: \"foobar\",\n status: \"Enabled\",\n filter: {\n tags: {},\n },\n destination: {\n bucket: destination.arn,\n storageClass: \"STANDARD\",\n replicationTime: {\n status: \"Enabled\",\n minutes: 15,\n },\n metrics: {\n status: \"Enabled\",\n minutes: 15,\n },\n },\n }],\n },\n});\nconst replicationPolicy = new aws.iam.Policy(\"replication\", {\n name: \"tf-iam-role-policy-replication-12345\",\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"${destination.arn}/*\"\n }\n ]\n}\n`,\n});\nconst replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"replication\", {\n role: replication.name,\n policyArn: replicationPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nreplication = aws.iam.Role(\"replication\",\n name=\"tf-iam-role-replication-12345\",\n assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ndestination = aws.s3.Bucket(\"destination\",\n bucket=\"tf-test-bucket-destination-12345\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ))\nsource = aws.s3.Bucket(\"source\",\n bucket=\"tf-test-bucket-source-12345\",\n acl=\"private\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ),\n replication_configuration=aws.s3.BucketReplicationConfigurationArgs(\n role=replication.arn,\n rules=[aws.s3.BucketReplicationConfigurationRuleArgs(\n id=\"foobar\",\n status=\"Enabled\",\n filter=aws.s3.BucketReplicationConfigurationRuleFilterArgs(\n tags={},\n ),\n destination=aws.s3.BucketReplicationConfigurationRuleDestinationArgs(\n bucket=destination.arn,\n storage_class=\"STANDARD\",\n replication_time=aws.s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs(\n status=\"Enabled\",\n minutes=15,\n ),\n metrics=aws.s3.BucketReplicationConfigurationRuleDestinationMetricsArgs(\n status=\"Enabled\",\n minutes=15,\n ),\n ),\n )],\n ))\nreplication_policy = aws.iam.Policy(\"replication\",\n name=\"tf-iam-role-policy-replication-12345\",\n policy=pulumi.Output.all(source.arn, source.arn, destination.arn).apply(lambda sourceArn, sourceArn1, destinationArn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{source_arn}\"\n ]\n }},\n {{\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{source_arn1}/*\"\n ]\n }},\n {{\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"{destination_arn}/*\"\n }}\n ]\n}}\n\"\"\"))\nreplication_role_policy_attachment = aws.iam.RolePolicyAttachment(\"replication\",\n role=replication.name,\n policy_arn=replication_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var replication = new Aws.Iam.Role(\"replication\", new()\n {\n Name = \"tf-iam-role-replication-12345\",\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"s3.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n\n var destination = new Aws.S3.Bucket(\"destination\", new()\n {\n BucketName = \"tf-test-bucket-destination-12345\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n });\n\n var source = new Aws.S3.Bucket(\"source\", new()\n {\n BucketName = \"tf-test-bucket-source-12345\",\n Acl = \"private\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs\n {\n Role = replication.Arn,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs\n {\n Id = \"foobar\",\n Status = \"Enabled\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigurationRuleFilterArgs\n {\n Tags = null,\n },\n Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs\n {\n Bucket = destination.Arn,\n StorageClass = \"STANDARD\",\n ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs\n {\n Status = \"Enabled\",\n Minutes = 15,\n },\n Metrics = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationMetricsArgs\n {\n Status = \"Enabled\",\n Minutes = 15,\n },\n },\n },\n },\n },\n });\n\n var replicationPolicy = new Aws.Iam.Policy(\"replication\", new()\n {\n Name = \"tf-iam-role-policy-replication-12345\",\n PolicyDocument = Output.Tuple(source.Arn, source.Arn, destination.Arn).Apply(values =\u003e\n {\n var sourceArn = values.Item1;\n var sourceArn1 = values.Item2;\n var destinationArn = values.Item3;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:GetReplicationConfiguration\"\",\n \"\"s3:ListBucket\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{sourceArn}\"\"\n ]\n }},\n {{\n \"\"Action\"\": [\n \"\"s3:GetObjectVersionForReplication\"\",\n \"\"s3:GetObjectVersionAcl\"\",\n \"\"s3:GetObjectVersionTagging\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{sourceArn1}/*\"\"\n ]\n }},\n {{\n \"\"Action\"\": [\n \"\"s3:ReplicateObject\"\",\n \"\"s3:ReplicateDelete\"\",\n \"\"s3:ReplicateTags\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"{destinationArn}/*\"\"\n }}\n ]\n}}\n\";\n }),\n });\n\n var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"replication\", new()\n {\n Role = replication.Name,\n PolicyArn = replicationPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treplication, err := iam.NewRole(ctx, \"replication\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-replication-12345\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := s3.NewBucket(ctx, \"destination\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-destination-12345\"),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := s3.NewBucket(ctx, \"source\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-source-12345\"),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tReplicationConfiguration: \u0026s3.BucketReplicationConfigurationArgs{\n\t\t\t\tRole: replication.Arn,\n\t\t\t\tRules: s3.BucketReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026s3.BucketReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigurationRuleFilterArgs{\n\t\t\t\t\t\t\tTags: nil,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\tBucket: destination.Arn,\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t\t\tReplicationTime: \u0026s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs{\n\t\t\t\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\t\t\tMinutes: pulumi.Int(15),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tMetrics: \u0026s3.BucketReplicationConfigurationRuleDestinationMetricsArgs{\n\t\t\t\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\t\t\tMinutes: pulumi.Int(15),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationPolicy, err := iam.NewPolicy(ctx, \"replication\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-policy-replication-12345\"),\n\t\t\tPolicy: pulumi.All(source.Arn, source.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tsourceArn := _args[0].(string)\n\t\t\t\tsourceArn1 := _args[1].(string)\n\t\t\t\tdestinationArn := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%v\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%v/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"%v/*\"\n }\n ]\n}\n`, sourceArn, sourceArn1, destinationArn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"replication\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: replication.Name,\n\t\t\tPolicyArn: replicationPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketVersioningArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigurationArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var replication = new Role(\"replication\", RoleArgs.builder() \n .name(\"tf-iam-role-replication-12345\")\n .assumeRolePolicy(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n \"\"\")\n .build());\n\n var destination = new Bucket(\"destination\", BucketArgs.builder() \n .bucket(\"tf-test-bucket-destination-12345\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n var source = new Bucket(\"source\", BucketArgs.builder() \n .bucket(\"tf-test-bucket-source-12345\")\n .acl(\"private\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .replicationConfiguration(BucketReplicationConfigurationArgs.builder()\n .role(replication.arn())\n .rules(BucketReplicationConfigurationRuleArgs.builder()\n .id(\"foobar\")\n .status(\"Enabled\")\n .filter(BucketReplicationConfigurationRuleFilterArgs.builder()\n .tags()\n .build())\n .destination(BucketReplicationConfigurationRuleDestinationArgs.builder()\n .bucket(destination.arn())\n .storageClass(\"STANDARD\")\n .replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()\n .status(\"Enabled\")\n .minutes(15)\n .build())\n .metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()\n .status(\"Enabled\")\n .minutes(15)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var replicationPolicy = new Policy(\"replicationPolicy\", PolicyArgs.builder() \n .name(\"tf-iam-role-policy-replication-12345\")\n .policy(Output.tuple(source.arn(), source.arn(), destination.arn()).applyValue(values -\u003e {\n var sourceArn = values.t1;\n var sourceArn1 = values.t2;\n var destinationArn = values.t3;\n return \"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%s\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%s/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"%s/*\"\n }\n ]\n}\n\", sourceArn,sourceArn1,destinationArn);\n }))\n .build());\n\n var replicationRolePolicyAttachment = new RolePolicyAttachment(\"replicationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(replication.name())\n .policyArn(replicationPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n replication:\n type: aws:iam:Role\n properties:\n name: tf-iam-role-replication-12345\n assumeRolePolicy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n }\n replicationPolicy:\n type: aws:iam:Policy\n name: replication\n properties:\n name: tf-iam-role-policy-replication-12345\n policy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"${destination.arn}/*\"\n }\n ]\n }\n replicationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: replication\n properties:\n role: ${replication.name}\n policyArn: ${replicationPolicy.arn}\n destination:\n type: aws:s3:Bucket\n properties:\n bucket: tf-test-bucket-destination-12345\n versioning:\n enabled: true\n source:\n type: aws:s3:Bucket\n properties:\n bucket: tf-test-bucket-source-12345\n acl: private\n versioning:\n enabled: true\n replicationConfiguration:\n role: ${replication.arn}\n rules:\n - id: foobar\n status: Enabled\n filter:\n tags: {}\n destination:\n bucket: ${destination.arn}\n storageClass: STANDARD\n replicationTime:\n status: Enabled\n minutes: 15\n metrics:\n status: Enabled\n minutes: 15\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enable Default Server Side Encryption\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mykey = new aws.kms.Key(\"mykey\", {\n description: \"This key is used to encrypt bucket objects\",\n deletionWindowInDays: 10,\n});\nconst mybucket = new aws.s3.Bucket(\"mybucket\", {\n bucket: \"mybucket\",\n serverSideEncryptionConfiguration: {\n rule: {\n applyServerSideEncryptionByDefault: {\n kmsMasterKeyId: mykey.arn,\n sseAlgorithm: \"aws:kms\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmykey = aws.kms.Key(\"mykey\",\n description=\"This key is used to encrypt bucket objects\",\n deletion_window_in_days=10)\nmybucket = aws.s3.Bucket(\"mybucket\",\n bucket=\"mybucket\",\n server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(\n rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(\n apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs(\n kms_master_key_id=mykey.arn,\n sse_algorithm=\"aws:kms\",\n ),\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mykey = new Aws.Kms.Key(\"mykey\", new()\n {\n Description = \"This key is used to encrypt bucket objects\",\n DeletionWindowInDays = 10,\n });\n\n var mybucket = new Aws.S3.Bucket(\"mybucket\", new()\n {\n BucketName = \"mybucket\",\n ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs\n {\n Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs\n {\n ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs\n {\n KmsMasterKeyId = mykey.Arn,\n SseAlgorithm = \"aws:kms\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmykey, err := kms.NewKey(ctx, \"mykey\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"This key is used to encrypt bucket objects\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"mybucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\tServerSideEncryptionConfiguration: \u0026s3.BucketServerSideEncryptionConfigurationArgs{\n\t\t\t\tRule: \u0026s3.BucketServerSideEncryptionConfigurationRuleArgs{\n\t\t\t\t\tApplyServerSideEncryptionByDefault: \u0026s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{\n\t\t\t\t\t\tKmsMasterKeyId: mykey.Arn,\n\t\t\t\t\t\tSseAlgorithm: pulumi.String(\"aws:kms\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationArgs;\nimport com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mykey = new Key(\"mykey\", KeyArgs.builder() \n .description(\"This key is used to encrypt bucket objects\")\n .deletionWindowInDays(10)\n .build());\n\n var mybucket = new Bucket(\"mybucket\", BucketArgs.builder() \n .bucket(\"mybucket\")\n .serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()\n .rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()\n .applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()\n .kmsMasterKeyId(mykey.arn())\n .sseAlgorithm(\"aws:kms\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mykey:\n type: aws:kms:Key\n properties:\n description: This key is used to encrypt bucket objects\n deletionWindowInDays: 10\n mybucket:\n type: aws:s3:Bucket\n properties:\n bucket: mybucket\n serverSideEncryptionConfiguration:\n rule:\n applyServerSideEncryptionByDefault:\n kmsMasterKeyId: ${mykey.arn}\n sseAlgorithm: aws:kms\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using ACL policy grants\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentUser = aws.s3.getCanonicalUserId({});\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n bucket: \"mybucket\",\n grants: [\n {\n id: currentUser.then(currentUser =\u003e currentUser.id),\n type: \"CanonicalUser\",\n permissions: [\"FULL_CONTROL\"],\n },\n {\n type: \"Group\",\n permissions: [\n \"READ_ACP\",\n \"WRITE\",\n ],\n uri: \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent_user = aws.s3.get_canonical_user_id()\nbucket = aws.s3.Bucket(\"bucket\",\n bucket=\"mybucket\",\n grants=[\n aws.s3.BucketGrantArgs(\n id=current_user.id,\n type=\"CanonicalUser\",\n permissions=[\"FULL_CONTROL\"],\n ),\n aws.s3.BucketGrantArgs(\n type=\"Group\",\n permissions=[\n \"READ_ACP\",\n \"WRITE\",\n ],\n uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var currentUser = Aws.S3.GetCanonicalUserId.Invoke();\n\n var bucket = new Aws.S3.Bucket(\"bucket\", new()\n {\n BucketName = \"mybucket\",\n Grants = new[]\n {\n new Aws.S3.Inputs.BucketGrantArgs\n {\n Id = currentUser.Apply(getCanonicalUserIdResult =\u003e getCanonicalUserIdResult.Id),\n Type = \"CanonicalUser\",\n Permissions = new[]\n {\n \"FULL_CONTROL\",\n },\n },\n new Aws.S3.Inputs.BucketGrantArgs\n {\n Type = \"Group\",\n Permissions = new[]\n {\n \"READ_ACP\",\n \"WRITE\",\n },\n Uri = \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentUser, err := s3.GetCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\tGrants: s3.BucketGrantArray{\n\t\t\t\t\u0026s3.BucketGrantArgs{\n\t\t\t\t\tId: *pulumi.String(currentUser.Id),\n\t\t\t\t\tType: pulumi.String(\"CanonicalUser\"),\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FULL_CONTROL\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketGrantArgs{\n\t\t\t\t\tType: pulumi.String(\"Group\"),\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"READ_ACP\"),\n\t\t\t\t\t\tpulumi.String(\"WRITE\"),\n\t\t\t\t\t},\n\t\t\t\t\tUri: pulumi.String(\"http://acs.amazonaws.com/groups/s3/LogDelivery\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketGrantArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var currentUser = S3Functions.getCanonicalUserId();\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder() \n .bucket(\"mybucket\")\n .grants( \n BucketGrantArgs.builder()\n .id(currentUser.applyValue(getCanonicalUserIdResult -\u003e getCanonicalUserIdResult.id()))\n .type(\"CanonicalUser\")\n .permissions(\"FULL_CONTROL\")\n .build(),\n BucketGrantArgs.builder()\n .type(\"Group\")\n .permissions( \n \"READ_ACP\",\n \"WRITE\")\n .uri(\"http://acs.amazonaws.com/groups/s3/LogDelivery\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:Bucket\n properties:\n bucket: mybucket\n grants:\n - id: ${currentUser.id}\n type: CanonicalUser\n permissions:\n - FULL_CONTROL\n - type: Group\n permissions:\n - READ_ACP\n - WRITE\n uri: http://acs.amazonaws.com/groups/s3/LogDelivery\nvariables:\n currentUser:\n fn::invoke:\n Function: aws:s3:getCanonicalUserId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nS3 bucket can be imported using the `bucket`, e.g.,\n\n```sh\n$ pulumi import aws:s3/bucket:Bucket bucket bucket-name\n```\nThe `policy` argument is not imported and will be deprecated in a future version of the provider. Use the `aws_s3_bucket_policy` resource to manage the S3 Bucket Policy instead.\n\n", + "description": "Provides a S3 bucket resource.\n\n\u003e This functionality is for managing S3 in an AWS Partition. To manage [S3 on Outposts](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html), see the `aws.s3control.Bucket` resource.\n\n\u003e **NOTE:** This resource might not work well if using an alternative s3-compatible provider. Please use `aws.s3.BucketV2` instead.\n\n## Example Usage\n\n### Private Bucket w/ Tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"my-tf-test-bucket\",\n acl: aws.s3.CannedAcl.Private,\n tags: {\n Name: \"My bucket\",\n Environment: \"Dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"my-tf-test-bucket\",\n acl=aws.s3.CannedAcl.PRIVATE,\n tags={\n \"Name\": \"My bucket\",\n \"Environment\": \"Dev\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"my-tf-test-bucket\",\n Acl = Aws.S3.CannedAcl.Private,\n Tags = \n {\n { \"Name\", \"My bucket\" },\n { \"Environment\", \"Dev\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-test-bucket\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPrivate),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"My bucket\"),\n\t\t\t\t\"Environment\": pulumi.String(\"Dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"my-tf-test-bucket\")\n .acl(\"private\")\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"My bucket\"),\n Map.entry(\"Environment\", \"Dev\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: my-tf-test-bucket\n acl: private\n tags:\n Name: My bucket\n Environment: Dev\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Static Website Hosting\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"s3-website-test.mydomain.com\",\n acl: aws.s3.CannedAcl.PublicRead,\n policy: std.file({\n input: \"policy.json\",\n }).then(invoke =\u003e invoke.result),\n website: {\n indexDocument: \"index.html\",\n errorDocument: \"error.html\",\n routingRules: `[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"s3-website-test.mydomain.com\",\n acl=aws.s3.CannedAcl.PUBLIC_READ,\n policy=std.file(input=\"policy.json\").result,\n website=aws.s3.BucketWebsiteArgs(\n index_document=\"index.html\",\n error_document=\"error.html\",\n routing_rules=\"\"\"[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n\"\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"s3-website-test.mydomain.com\",\n Acl = Aws.S3.CannedAcl.PublicRead,\n Policy = Std.File.Invoke(new()\n {\n Input = \"policy.json\",\n }).Apply(invoke =\u003e invoke.Result),\n Website = new Aws.S3.Inputs.BucketWebsiteArgs\n {\n IndexDocument = \"index.html\",\n ErrorDocument = \"error.html\",\n RoutingRules = @\"[{\n \"\"Condition\"\": {\n \"\"KeyPrefixEquals\"\": \"\"docs/\"\"\n },\n \"\"Redirect\"\": {\n \"\"ReplaceKeyPrefixWith\"\": \"\"documents/\"\"\n }\n}]\n\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"policy.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"s3-website-test.mydomain.com\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPublicRead),\n\t\t\tPolicy: invokeFile.Result,\n\t\t\tWebsite: \u0026s3.BucketWebsiteArgs{\n\t\t\t\tIndexDocument: pulumi.String(\"index.html\"),\n\t\t\t\tErrorDocument: pulumi.String(\"error.html\"),\n\t\t\t\tRoutingRules: pulumi.Any(`[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n`),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketWebsiteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"s3-website-test.mydomain.com\")\n .acl(\"public-read\")\n .policy(StdFunctions.file(FileArgs.builder()\n .input(\"policy.json\")\n .build()).result())\n .website(BucketWebsiteArgs.builder()\n .indexDocument(\"index.html\")\n .errorDocument(\"error.html\")\n .routingRules(\"\"\"\n[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n \"\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: s3-website-test.mydomain.com\n acl: public-read\n policy:\n fn::invoke:\n Function: std:file\n Arguments:\n input: policy.json\n Return: result\n website:\n indexDocument: index.html\n errorDocument: error.html\n routingRules: |\n [{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n }]\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using CORS\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"s3-website-test.mydomain.com\",\n acl: aws.s3.CannedAcl.PublicRead,\n corsRules: [{\n allowedHeaders: [\"*\"],\n allowedMethods: [\n \"PUT\",\n \"POST\",\n ],\n allowedOrigins: [\"https://s3-website-test.mydomain.com\"],\n exposeHeaders: [\"ETag\"],\n maxAgeSeconds: 3000,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"s3-website-test.mydomain.com\",\n acl=aws.s3.CannedAcl.PUBLIC_READ,\n cors_rules=[aws.s3.BucketCorsRuleArgs(\n allowed_headers=[\"*\"],\n allowed_methods=[\n \"PUT\",\n \"POST\",\n ],\n allowed_origins=[\"https://s3-website-test.mydomain.com\"],\n expose_headers=[\"ETag\"],\n max_age_seconds=3000,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"s3-website-test.mydomain.com\",\n Acl = Aws.S3.CannedAcl.PublicRead,\n CorsRules = new[]\n {\n new Aws.S3.Inputs.BucketCorsRuleArgs\n {\n AllowedHeaders = new[]\n {\n \"*\",\n },\n AllowedMethods = new[]\n {\n \"PUT\",\n \"POST\",\n },\n AllowedOrigins = new[]\n {\n \"https://s3-website-test.mydomain.com\",\n },\n ExposeHeaders = new[]\n {\n \"ETag\",\n },\n MaxAgeSeconds = 3000,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"s3-website-test.mydomain.com\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPublicRead),\n\t\t\tCorsRules: s3.BucketCorsRuleArray{\n\t\t\t\t\u0026s3.BucketCorsRuleArgs{\n\t\t\t\t\tAllowedHeaders: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedMethods: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"PUT\"),\n\t\t\t\t\t\tpulumi.String(\"POST\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedOrigins: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"https://s3-website-test.mydomain.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tExposeHeaders: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ETag\"),\n\t\t\t\t\t},\n\t\t\t\t\tMaxAgeSeconds: pulumi.Int(3000),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketCorsRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"s3-website-test.mydomain.com\")\n .acl(\"public-read\")\n .corsRules(BucketCorsRuleArgs.builder()\n .allowedHeaders(\"*\")\n .allowedMethods( \n \"PUT\",\n \"POST\")\n .allowedOrigins(\"https://s3-website-test.mydomain.com\")\n .exposeHeaders(\"ETag\")\n .maxAgeSeconds(3000)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: s3-website-test.mydomain.com\n acl: public-read\n corsRules:\n - allowedHeaders:\n - '*'\n allowedMethods:\n - PUT\n - POST\n allowedOrigins:\n - https://s3-website-test.mydomain.com\n exposeHeaders:\n - ETag\n maxAgeSeconds: 3000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using versioning\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"my-tf-test-bucket\",\n acl: aws.s3.CannedAcl.Private,\n versioning: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nb = aws.s3.Bucket(\"b\",\n bucket=\"my-tf-test-bucket\",\n acl=aws.s3.CannedAcl.PRIVATE,\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"my-tf-test-bucket\",\n Acl = Aws.S3.CannedAcl.Private,\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-test-bucket\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPrivate),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketVersioningArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"my-tf-test-bucket\")\n .acl(\"private\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n b:\n type: aws:s3:Bucket\n properties:\n bucket: my-tf-test-bucket\n acl: private\n versioning:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enable Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst logBucket = new aws.s3.Bucket(\"log_bucket\", {\n bucket: \"my-tf-log-bucket\",\n acl: aws.s3.CannedAcl.LogDeliveryWrite,\n});\nconst b = new aws.s3.Bucket(\"b\", {\n bucket: \"my-tf-test-bucket\",\n acl: aws.s3.CannedAcl.Private,\n loggings: [{\n targetBucket: logBucket.id,\n targetPrefix: \"log/\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlog_bucket = aws.s3.Bucket(\"log_bucket\",\n bucket=\"my-tf-log-bucket\",\n acl=aws.s3.CannedAcl.LOG_DELIVERY_WRITE)\nb = aws.s3.Bucket(\"b\",\n bucket=\"my-tf-test-bucket\",\n acl=aws.s3.CannedAcl.PRIVATE,\n loggings=[aws.s3.BucketLoggingArgs(\n target_bucket=log_bucket.id,\n target_prefix=\"log/\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var logBucket = new Aws.S3.Bucket(\"log_bucket\", new()\n {\n BucketName = \"my-tf-log-bucket\",\n Acl = Aws.S3.CannedAcl.LogDeliveryWrite,\n });\n\n var b = new Aws.S3.Bucket(\"b\", new()\n {\n BucketName = \"my-tf-test-bucket\",\n Acl = Aws.S3.CannedAcl.Private,\n Loggings = new[]\n {\n new Aws.S3.Inputs.BucketLoggingArgs\n {\n TargetBucket = logBucket.Id,\n TargetPrefix = \"log/\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlogBucket, err := s3.NewBucket(ctx, \"log_bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-log-bucket\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclLogDeliveryWrite),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"b\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-tf-test-bucket\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPrivate),\n\t\t\tLoggings: s3.BucketLoggingArray{\n\t\t\t\t\u0026s3.BucketLoggingArgs{\n\t\t\t\t\tTargetBucket: logBucket.ID(),\n\t\t\t\t\tTargetPrefix: pulumi.String(\"log/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketLoggingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var logBucket = new Bucket(\"logBucket\", BucketArgs.builder() \n .bucket(\"my-tf-log-bucket\")\n .acl(\"log-delivery-write\")\n .build());\n\n var b = new Bucket(\"b\", BucketArgs.builder() \n .bucket(\"my-tf-test-bucket\")\n .acl(\"private\")\n .loggings(BucketLoggingArgs.builder()\n .targetBucket(logBucket.id())\n .targetPrefix(\"log/\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n logBucket:\n type: aws:s3:Bucket\n name: log_bucket\n properties:\n bucket: my-tf-log-bucket\n acl: log-delivery-write\n b:\n type: aws:s3:Bucket\n properties:\n bucket: my-tf-test-bucket\n acl: private\n loggings:\n - targetBucket: ${logBucket.id}\n targetPrefix: log/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using object lifecycle\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n bucket: \"my-bucket\",\n acl: aws.s3.CannedAcl.Private,\n lifecycleRules: [\n {\n id: \"log\",\n enabled: true,\n prefix: \"log/\",\n tags: {\n rule: \"log\",\n autoclean: \"true\",\n },\n transitions: [\n {\n days: 30,\n storageClass: \"STANDARD_IA\",\n },\n {\n days: 60,\n storageClass: \"GLACIER\",\n },\n ],\n expiration: {\n days: 90,\n },\n },\n {\n id: \"tmp\",\n prefix: \"tmp/\",\n enabled: true,\n expiration: {\n date: \"2016-01-12\",\n },\n },\n ],\n});\nconst versioningBucket = new aws.s3.Bucket(\"versioning_bucket\", {\n bucket: \"my-versioning-bucket\",\n acl: aws.s3.CannedAcl.Private,\n versioning: {\n enabled: true,\n },\n lifecycleRules: [{\n prefix: \"config/\",\n enabled: true,\n noncurrentVersionTransitions: [\n {\n days: 30,\n storageClass: \"STANDARD_IA\",\n },\n {\n days: 60,\n storageClass: \"GLACIER\",\n },\n ],\n noncurrentVersionExpiration: {\n days: 90,\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n bucket=\"my-bucket\",\n acl=aws.s3.CannedAcl.PRIVATE,\n lifecycle_rules=[\n aws.s3.BucketLifecycleRuleArgs(\n id=\"log\",\n enabled=True,\n prefix=\"log/\",\n tags={\n \"rule\": \"log\",\n \"autoclean\": \"true\",\n },\n transitions=[\n aws.s3.BucketLifecycleRuleTransitionArgs(\n days=30,\n storage_class=\"STANDARD_IA\",\n ),\n aws.s3.BucketLifecycleRuleTransitionArgs(\n days=60,\n storage_class=\"GLACIER\",\n ),\n ],\n expiration=aws.s3.BucketLifecycleRuleExpirationArgs(\n days=90,\n ),\n ),\n aws.s3.BucketLifecycleRuleArgs(\n id=\"tmp\",\n prefix=\"tmp/\",\n enabled=True,\n expiration=aws.s3.BucketLifecycleRuleExpirationArgs(\n date=\"2016-01-12\",\n ),\n ),\n ])\nversioning_bucket = aws.s3.Bucket(\"versioning_bucket\",\n bucket=\"my-versioning-bucket\",\n acl=aws.s3.CannedAcl.PRIVATE,\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ),\n lifecycle_rules=[aws.s3.BucketLifecycleRuleArgs(\n prefix=\"config/\",\n enabled=True,\n noncurrent_version_transitions=[\n aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(\n days=30,\n storage_class=\"STANDARD_IA\",\n ),\n aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(\n days=60,\n storage_class=\"GLACIER\",\n ),\n ],\n noncurrent_version_expiration=aws.s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs(\n days=90,\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.Bucket(\"bucket\", new()\n {\n BucketName = \"my-bucket\",\n Acl = Aws.S3.CannedAcl.Private,\n LifecycleRules = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Id = \"log\",\n Enabled = true,\n Prefix = \"log/\",\n Tags = \n {\n { \"rule\", \"log\" },\n { \"autoclean\", \"true\" },\n },\n Transitions = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs\n {\n Days = 30,\n StorageClass = \"STANDARD_IA\",\n },\n new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs\n {\n Days = 60,\n StorageClass = \"GLACIER\",\n },\n },\n Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs\n {\n Days = 90,\n },\n },\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Id = \"tmp\",\n Prefix = \"tmp/\",\n Enabled = true,\n Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs\n {\n Date = \"2016-01-12\",\n },\n },\n },\n });\n\n var versioningBucket = new Aws.S3.Bucket(\"versioning_bucket\", new()\n {\n BucketName = \"my-versioning-bucket\",\n Acl = Aws.S3.CannedAcl.Private,\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n LifecycleRules = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Prefix = \"config/\",\n Enabled = true,\n NoncurrentVersionTransitions = new[]\n {\n new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs\n {\n Days = 30,\n StorageClass = \"STANDARD_IA\",\n },\n new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs\n {\n Days = 60,\n StorageClass = \"GLACIER\",\n },\n },\n NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs\n {\n Days = 90,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-bucket\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPrivate),\n\t\t\tLifecycleRules: s3.BucketLifecycleRuleArray{\n\t\t\t\t\u0026s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"log\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tPrefix: pulumi.String(\"log/\"),\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"rule\": pulumi.String(\"log\"),\n\t\t\t\t\t\t\"autoclean\": pulumi.String(\"true\"),\n\t\t\t\t\t},\n\t\t\t\t\tTransitions: s3.BucketLifecycleRuleTransitionArray{\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(30),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD_IA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(60),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"GLACIER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tExpiration: \u0026s3.BucketLifecycleRuleExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(90),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"tmp\"),\n\t\t\t\t\tPrefix: pulumi.String(\"tmp/\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tExpiration: \u0026s3.BucketLifecycleRuleExpirationArgs{\n\t\t\t\t\t\tDate: pulumi.String(\"2016-01-12\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"versioning_bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"my-versioning-bucket\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPrivate),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tLifecycleRules: s3.BucketLifecycleRuleArray{\n\t\t\t\t\u0026s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tPrefix: pulumi.String(\"config/\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tNoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(30),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD_IA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(60),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"GLACIER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tNoncurrentVersionExpiration: \u0026s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(90),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketLifecycleRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketLifecycleRuleExpirationArgs;\nimport com.pulumi.aws.s3.inputs.BucketVersioningArgs;\nimport com.pulumi.aws.s3.inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder() \n .bucket(\"my-bucket\")\n .acl(\"private\")\n .lifecycleRules( \n BucketLifecycleRuleArgs.builder()\n .id(\"log\")\n .enabled(true)\n .prefix(\"log/\")\n .tags(Map.ofEntries(\n Map.entry(\"rule\", \"log\"),\n Map.entry(\"autoclean\", \"true\")\n ))\n .transitions( \n BucketLifecycleRuleTransitionArgs.builder()\n .days(30)\n .storageClass(\"STANDARD_IA\")\n .build(),\n BucketLifecycleRuleTransitionArgs.builder()\n .days(60)\n .storageClass(\"GLACIER\")\n .build())\n .expiration(BucketLifecycleRuleExpirationArgs.builder()\n .days(90)\n .build())\n .build(),\n BucketLifecycleRuleArgs.builder()\n .id(\"tmp\")\n .prefix(\"tmp/\")\n .enabled(true)\n .expiration(BucketLifecycleRuleExpirationArgs.builder()\n .date(\"2016-01-12\")\n .build())\n .build())\n .build());\n\n var versioningBucket = new Bucket(\"versioningBucket\", BucketArgs.builder() \n .bucket(\"my-versioning-bucket\")\n .acl(\"private\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .lifecycleRules(BucketLifecycleRuleArgs.builder()\n .prefix(\"config/\")\n .enabled(true)\n .noncurrentVersionTransitions( \n BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()\n .days(30)\n .storageClass(\"STANDARD_IA\")\n .build(),\n BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()\n .days(60)\n .storageClass(\"GLACIER\")\n .build())\n .noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()\n .days(90)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:Bucket\n properties:\n bucket: my-bucket\n acl: private\n lifecycleRules:\n - id: log\n enabled: true\n prefix: log/\n tags:\n rule: log\n autoclean: 'true'\n transitions:\n - days: 30\n storageClass: STANDARD_IA\n - days: 60\n storageClass: GLACIER\n expiration:\n days: 90\n - id: tmp\n prefix: tmp/\n enabled: true\n expiration:\n date: 2016-01-12\n versioningBucket:\n type: aws:s3:Bucket\n name: versioning_bucket\n properties:\n bucket: my-versioning-bucket\n acl: private\n versioning:\n enabled: true\n lifecycleRules:\n - prefix: config/\n enabled: true\n noncurrentVersionTransitions:\n - days: 30\n storageClass: STANDARD_IA\n - days: 60\n storageClass: GLACIER\n noncurrentVersionExpiration:\n days: 90\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using replication configuration\n\n\u003e **NOTE:** See the `aws.s3.BucketReplicationConfig` resource to support bi-directional replication configuration and additional features.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst replication = new aws.iam.Role(\"replication\", {\n name: \"tf-iam-role-replication-12345\",\n assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`,\n});\nconst destination = new aws.s3.Bucket(\"destination\", {\n bucket: \"tf-test-bucket-destination-12345\",\n versioning: {\n enabled: true,\n },\n});\nconst source = new aws.s3.Bucket(\"source\", {\n bucket: \"tf-test-bucket-source-12345\",\n acl: aws.s3.CannedAcl.Private,\n versioning: {\n enabled: true,\n },\n replicationConfiguration: {\n role: replication.arn,\n rules: [{\n id: \"foobar\",\n status: \"Enabled\",\n filter: {\n tags: {},\n },\n destination: {\n bucket: destination.arn,\n storageClass: \"STANDARD\",\n replicationTime: {\n status: \"Enabled\",\n minutes: 15,\n },\n metrics: {\n status: \"Enabled\",\n minutes: 15,\n },\n },\n }],\n },\n});\nconst replicationPolicy = new aws.iam.Policy(\"replication\", {\n name: \"tf-iam-role-policy-replication-12345\",\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"${destination.arn}/*\"\n }\n ]\n}\n`,\n});\nconst replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"replication\", {\n role: replication.name,\n policyArn: replicationPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nreplication = aws.iam.Role(\"replication\",\n name=\"tf-iam-role-replication-12345\",\n assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ndestination = aws.s3.Bucket(\"destination\",\n bucket=\"tf-test-bucket-destination-12345\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ))\nsource = aws.s3.Bucket(\"source\",\n bucket=\"tf-test-bucket-source-12345\",\n acl=aws.s3.CannedAcl.PRIVATE,\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ),\n replication_configuration=aws.s3.BucketReplicationConfigurationArgs(\n role=replication.arn,\n rules=[aws.s3.BucketReplicationConfigurationRuleArgs(\n id=\"foobar\",\n status=\"Enabled\",\n filter=aws.s3.BucketReplicationConfigurationRuleFilterArgs(\n tags={},\n ),\n destination=aws.s3.BucketReplicationConfigurationRuleDestinationArgs(\n bucket=destination.arn,\n storage_class=\"STANDARD\",\n replication_time=aws.s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs(\n status=\"Enabled\",\n minutes=15,\n ),\n metrics=aws.s3.BucketReplicationConfigurationRuleDestinationMetricsArgs(\n status=\"Enabled\",\n minutes=15,\n ),\n ),\n )],\n ))\nreplication_policy = aws.iam.Policy(\"replication\",\n name=\"tf-iam-role-policy-replication-12345\",\n policy=pulumi.Output.all(source.arn, source.arn, destination.arn).apply(lambda sourceArn, sourceArn1, destinationArn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{source_arn}\"\n ]\n }},\n {{\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{source_arn1}/*\"\n ]\n }},\n {{\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"{destination_arn}/*\"\n }}\n ]\n}}\n\"\"\"))\nreplication_role_policy_attachment = aws.iam.RolePolicyAttachment(\"replication\",\n role=replication.name,\n policy_arn=replication_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var replication = new Aws.Iam.Role(\"replication\", new()\n {\n Name = \"tf-iam-role-replication-12345\",\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"s3.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n\n var destination = new Aws.S3.Bucket(\"destination\", new()\n {\n BucketName = \"tf-test-bucket-destination-12345\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n });\n\n var source = new Aws.S3.Bucket(\"source\", new()\n {\n BucketName = \"tf-test-bucket-source-12345\",\n Acl = Aws.S3.CannedAcl.Private,\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs\n {\n Role = replication.Arn,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs\n {\n Id = \"foobar\",\n Status = \"Enabled\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigurationRuleFilterArgs\n {\n Tags = null,\n },\n Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs\n {\n Bucket = destination.Arn,\n StorageClass = \"STANDARD\",\n ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs\n {\n Status = \"Enabled\",\n Minutes = 15,\n },\n Metrics = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationMetricsArgs\n {\n Status = \"Enabled\",\n Minutes = 15,\n },\n },\n },\n },\n },\n });\n\n var replicationPolicy = new Aws.Iam.Policy(\"replication\", new()\n {\n Name = \"tf-iam-role-policy-replication-12345\",\n PolicyDocument = Output.Tuple(source.Arn, source.Arn, destination.Arn).Apply(values =\u003e\n {\n var sourceArn = values.Item1;\n var sourceArn1 = values.Item2;\n var destinationArn = values.Item3;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:GetReplicationConfiguration\"\",\n \"\"s3:ListBucket\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{sourceArn}\"\"\n ]\n }},\n {{\n \"\"Action\"\": [\n \"\"s3:GetObjectVersionForReplication\"\",\n \"\"s3:GetObjectVersionAcl\"\",\n \"\"s3:GetObjectVersionTagging\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{sourceArn1}/*\"\"\n ]\n }},\n {{\n \"\"Action\"\": [\n \"\"s3:ReplicateObject\"\",\n \"\"s3:ReplicateDelete\"\",\n \"\"s3:ReplicateTags\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"{destinationArn}/*\"\"\n }}\n ]\n}}\n\";\n }),\n });\n\n var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"replication\", new()\n {\n Role = replication.Name,\n PolicyArn = replicationPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treplication, err := iam.NewRole(ctx, \"replication\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-replication-12345\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := s3.NewBucket(ctx, \"destination\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-destination-12345\"),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := s3.NewBucket(ctx, \"source\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-source-12345\"),\n\t\t\tAcl: pulumi.String(s3.CannedAclPrivate),\n\t\t\tVersioning: \u0026s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tReplicationConfiguration: \u0026s3.BucketReplicationConfigurationArgs{\n\t\t\t\tRole: replication.Arn,\n\t\t\t\tRules: s3.BucketReplicationConfigurationRuleArray{\n\t\t\t\t\t\u0026s3.BucketReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigurationRuleFilterArgs{\n\t\t\t\t\t\t\tTags: nil,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\tBucket: destination.Arn,\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t\t\tReplicationTime: \u0026s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs{\n\t\t\t\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\t\t\tMinutes: pulumi.Int(15),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tMetrics: \u0026s3.BucketReplicationConfigurationRuleDestinationMetricsArgs{\n\t\t\t\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\t\t\tMinutes: pulumi.Int(15),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationPolicy, err := iam.NewPolicy(ctx, \"replication\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-policy-replication-12345\"),\n\t\t\tPolicy: pulumi.All(source.Arn, source.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tsourceArn := _args[0].(string)\n\t\t\t\tsourceArn1 := _args[1].(string)\n\t\t\t\tdestinationArn := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%v\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%v/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"%v/*\"\n }\n ]\n}\n`, sourceArn, sourceArn1, destinationArn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"replication\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: replication.Name,\n\t\t\tPolicyArn: replicationPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketVersioningArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigurationArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var replication = new Role(\"replication\", RoleArgs.builder() \n .name(\"tf-iam-role-replication-12345\")\n .assumeRolePolicy(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n \"\"\")\n .build());\n\n var destination = new Bucket(\"destination\", BucketArgs.builder() \n .bucket(\"tf-test-bucket-destination-12345\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n var source = new Bucket(\"source\", BucketArgs.builder() \n .bucket(\"tf-test-bucket-source-12345\")\n .acl(\"private\")\n .versioning(BucketVersioningArgs.builder()\n .enabled(true)\n .build())\n .replicationConfiguration(BucketReplicationConfigurationArgs.builder()\n .role(replication.arn())\n .rules(BucketReplicationConfigurationRuleArgs.builder()\n .id(\"foobar\")\n .status(\"Enabled\")\n .filter(BucketReplicationConfigurationRuleFilterArgs.builder()\n .tags()\n .build())\n .destination(BucketReplicationConfigurationRuleDestinationArgs.builder()\n .bucket(destination.arn())\n .storageClass(\"STANDARD\")\n .replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()\n .status(\"Enabled\")\n .minutes(15)\n .build())\n .metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()\n .status(\"Enabled\")\n .minutes(15)\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var replicationPolicy = new Policy(\"replicationPolicy\", PolicyArgs.builder() \n .name(\"tf-iam-role-policy-replication-12345\")\n .policy(Output.tuple(source.arn(), source.arn(), destination.arn()).applyValue(values -\u003e {\n var sourceArn = values.t1;\n var sourceArn1 = values.t2;\n var destinationArn = values.t3;\n return \"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%s\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"%s/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"%s/*\"\n }\n ]\n}\n\", sourceArn,sourceArn1,destinationArn);\n }))\n .build());\n\n var replicationRolePolicyAttachment = new RolePolicyAttachment(\"replicationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(replication.name())\n .policyArn(replicationPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n replication:\n type: aws:iam:Role\n properties:\n name: tf-iam-role-replication-12345\n assumeRolePolicy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n }\n replicationPolicy:\n type: aws:iam:Policy\n name: replication\n properties:\n name: tf-iam-role-policy-replication-12345\n policy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"${destination.arn}/*\"\n }\n ]\n }\n replicationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: replication\n properties:\n role: ${replication.name}\n policyArn: ${replicationPolicy.arn}\n destination:\n type: aws:s3:Bucket\n properties:\n bucket: tf-test-bucket-destination-12345\n versioning:\n enabled: true\n source:\n type: aws:s3:Bucket\n properties:\n bucket: tf-test-bucket-source-12345\n acl: private\n versioning:\n enabled: true\n replicationConfiguration:\n role: ${replication.arn}\n rules:\n - id: foobar\n status: Enabled\n filter:\n tags: {}\n destination:\n bucket: ${destination.arn}\n storageClass: STANDARD\n replicationTime:\n status: Enabled\n minutes: 15\n metrics:\n status: Enabled\n minutes: 15\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Enable Default Server Side Encryption\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mykey = new aws.kms.Key(\"mykey\", {\n description: \"This key is used to encrypt bucket objects\",\n deletionWindowInDays: 10,\n});\nconst mybucket = new aws.s3.Bucket(\"mybucket\", {\n bucket: \"mybucket\",\n serverSideEncryptionConfiguration: {\n rule: {\n applyServerSideEncryptionByDefault: {\n kmsMasterKeyId: mykey.arn,\n sseAlgorithm: \"aws:kms\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmykey = aws.kms.Key(\"mykey\",\n description=\"This key is used to encrypt bucket objects\",\n deletion_window_in_days=10)\nmybucket = aws.s3.Bucket(\"mybucket\",\n bucket=\"mybucket\",\n server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(\n rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(\n apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs(\n kms_master_key_id=mykey.arn,\n sse_algorithm=\"aws:kms\",\n ),\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mykey = new Aws.Kms.Key(\"mykey\", new()\n {\n Description = \"This key is used to encrypt bucket objects\",\n DeletionWindowInDays = 10,\n });\n\n var mybucket = new Aws.S3.Bucket(\"mybucket\", new()\n {\n BucketName = \"mybucket\",\n ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs\n {\n Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs\n {\n ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs\n {\n KmsMasterKeyId = mykey.Arn,\n SseAlgorithm = \"aws:kms\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmykey, err := kms.NewKey(ctx, \"mykey\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"This key is used to encrypt bucket objects\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"mybucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\tServerSideEncryptionConfiguration: \u0026s3.BucketServerSideEncryptionConfigurationArgs{\n\t\t\t\tRule: \u0026s3.BucketServerSideEncryptionConfigurationRuleArgs{\n\t\t\t\t\tApplyServerSideEncryptionByDefault: \u0026s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{\n\t\t\t\t\t\tKmsMasterKeyId: mykey.Arn,\n\t\t\t\t\t\tSseAlgorithm: pulumi.String(\"aws:kms\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationArgs;\nimport com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mykey = new Key(\"mykey\", KeyArgs.builder() \n .description(\"This key is used to encrypt bucket objects\")\n .deletionWindowInDays(10)\n .build());\n\n var mybucket = new Bucket(\"mybucket\", BucketArgs.builder() \n .bucket(\"mybucket\")\n .serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()\n .rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()\n .applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()\n .kmsMasterKeyId(mykey.arn())\n .sseAlgorithm(\"aws:kms\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mykey:\n type: aws:kms:Key\n properties:\n description: This key is used to encrypt bucket objects\n deletionWindowInDays: 10\n mybucket:\n type: aws:s3:Bucket\n properties:\n bucket: mybucket\n serverSideEncryptionConfiguration:\n rule:\n applyServerSideEncryptionByDefault:\n kmsMasterKeyId: ${mykey.arn}\n sseAlgorithm: aws:kms\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using ACL policy grants\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentUser = aws.s3.getCanonicalUserId({});\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n bucket: \"mybucket\",\n grants: [\n {\n id: currentUser.then(currentUser =\u003e currentUser.id),\n type: \"CanonicalUser\",\n permissions: [\"FULL_CONTROL\"],\n },\n {\n type: \"Group\",\n permissions: [\n \"READ_ACP\",\n \"WRITE\",\n ],\n uri: \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent_user = aws.s3.get_canonical_user_id()\nbucket = aws.s3.Bucket(\"bucket\",\n bucket=\"mybucket\",\n grants=[\n aws.s3.BucketGrantArgs(\n id=current_user.id,\n type=\"CanonicalUser\",\n permissions=[\"FULL_CONTROL\"],\n ),\n aws.s3.BucketGrantArgs(\n type=\"Group\",\n permissions=[\n \"READ_ACP\",\n \"WRITE\",\n ],\n uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var currentUser = Aws.S3.GetCanonicalUserId.Invoke();\n\n var bucket = new Aws.S3.Bucket(\"bucket\", new()\n {\n BucketName = \"mybucket\",\n Grants = new[]\n {\n new Aws.S3.Inputs.BucketGrantArgs\n {\n Id = currentUser.Apply(getCanonicalUserIdResult =\u003e getCanonicalUserIdResult.Id),\n Type = \"CanonicalUser\",\n Permissions = new[]\n {\n \"FULL_CONTROL\",\n },\n },\n new Aws.S3.Inputs.BucketGrantArgs\n {\n Type = \"Group\",\n Permissions = new[]\n {\n \"READ_ACP\",\n \"WRITE\",\n },\n Uri = \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentUser, err := s3.GetCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"bucket\", \u0026s3.BucketArgs{\n\t\t\tBucket: pulumi.String(\"mybucket\"),\n\t\t\tGrants: s3.BucketGrantArray{\n\t\t\t\t\u0026s3.BucketGrantArgs{\n\t\t\t\t\tId: pulumi.String(currentUser.Id),\n\t\t\t\t\tType: pulumi.String(\"CanonicalUser\"),\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FULL_CONTROL\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketGrantArgs{\n\t\t\t\t\tType: pulumi.String(\"Group\"),\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"READ_ACP\"),\n\t\t\t\t\t\tpulumi.String(\"WRITE\"),\n\t\t\t\t\t},\n\t\t\t\t\tUri: pulumi.String(\"http://acs.amazonaws.com/groups/s3/LogDelivery\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.Bucket;\nimport com.pulumi.aws.s3.BucketArgs;\nimport com.pulumi.aws.s3.inputs.BucketGrantArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var currentUser = S3Functions.getCanonicalUserId();\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder() \n .bucket(\"mybucket\")\n .grants( \n BucketGrantArgs.builder()\n .id(currentUser.applyValue(getCanonicalUserIdResult -\u003e getCanonicalUserIdResult.id()))\n .type(\"CanonicalUser\")\n .permissions(\"FULL_CONTROL\")\n .build(),\n BucketGrantArgs.builder()\n .type(\"Group\")\n .permissions( \n \"READ_ACP\",\n \"WRITE\")\n .uri(\"http://acs.amazonaws.com/groups/s3/LogDelivery\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:Bucket\n properties:\n bucket: mybucket\n grants:\n - id: ${currentUser.id}\n type: CanonicalUser\n permissions:\n - FULL_CONTROL\n - type: Group\n permissions:\n - READ_ACP\n - WRITE\n uri: http://acs.amazonaws.com/groups/s3/LogDelivery\nvariables:\n currentUser:\n fn::invoke:\n Function: aws:s3:getCanonicalUserId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nS3 bucket can be imported using the `bucket`, e.g.,\n\n```sh\n$ pulumi import aws:s3/bucket:Bucket bucket bucket-name\n```\nThe `policy` argument is not imported and will be deprecated in a future version of the provider. Use the `aws_s3_bucket_policy` resource to manage the S3 Bucket Policy instead.\n\n", "properties": { "accelerationStatus": { "type": "string", @@ -313536,7 +313536,7 @@ } }, "aws:s3/bucketAclV2:BucketAclV2": { - "description": "Provides an S3 bucket ACL resource.\n\n\u003e **Note:** destroy does not delete the S3 Bucket ACL but does remove the resource from state.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n## Example Usage\n\n### With `private` ACL\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.BucketV2(\"example\", {bucket: \"my-tf-example-bucket\"});\nconst exampleBucketOwnershipControls = new aws.s3.BucketOwnershipControls(\"example\", {\n bucket: example.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\",\n },\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: example.id,\n acl: \"private\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.BucketV2(\"example\", bucket=\"my-tf-example-bucket\")\nexample_bucket_ownership_controls = aws.s3.BucketOwnershipControls(\"example\",\n bucket=example.id,\n rule=aws.s3.BucketOwnershipControlsRuleArgs(\n object_ownership=\"BucketOwnerPreferred\",\n ))\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example.id,\n acl=\"private\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-tf-example-bucket\",\n });\n\n var exampleBucketOwnershipControls = new Aws.S3.BucketOwnershipControls(\"example\", new()\n {\n Bucket = example.Id,\n Rule = new Aws.S3.Inputs.BucketOwnershipControlsRuleArgs\n {\n ObjectOwnership = \"BucketOwnerPreferred\",\n },\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = example.Id,\n Acl = \"private\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-tf-example-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketOwnershipControls(ctx, \"example\", \u0026s3.BucketOwnershipControlsArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tRule: \u0026s3.BucketOwnershipControlsRuleArgs{\n\t\t\t\tObjectOwnership: pulumi.String(\"BucketOwnerPreferred\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: example.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketOwnershipControls;\nimport com.pulumi.aws.s3.BucketOwnershipControlsArgs;\nimport com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucket(\"my-tf-example-bucket\")\n .build());\n\n var exampleBucketOwnershipControls = new BucketOwnershipControls(\"exampleBucketOwnershipControls\", BucketOwnershipControlsArgs.builder() \n .bucket(example.id())\n .rule(BucketOwnershipControlsRuleArgs.builder()\n .objectOwnership(\"BucketOwnerPreferred\")\n .build())\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(example.id())\n .acl(\"private\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucket: my-tf-example-bucket\n exampleBucketOwnershipControls:\n type: aws:s3:BucketOwnershipControls\n name: example\n properties:\n bucket: ${example.id}\n rule:\n objectOwnership: BucketOwnerPreferred\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${example.id}\n acl: private\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With `public-read` ACL\n\n\u003e This example explicitly disables the default S3 bucket security settings. This\nshould be done with caution, as all bucket objects become publicly exposed.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.BucketV2(\"example\", {bucket: \"my-tf-example-bucket\"});\nconst exampleBucketOwnershipControls = new aws.s3.BucketOwnershipControls(\"example\", {\n bucket: example.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\",\n },\n});\nconst exampleBucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(\"example\", {\n bucket: example.id,\n blockPublicAcls: false,\n blockPublicPolicy: false,\n ignorePublicAcls: false,\n restrictPublicBuckets: false,\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: example.id,\n acl: \"public-read\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.BucketV2(\"example\", bucket=\"my-tf-example-bucket\")\nexample_bucket_ownership_controls = aws.s3.BucketOwnershipControls(\"example\",\n bucket=example.id,\n rule=aws.s3.BucketOwnershipControlsRuleArgs(\n object_ownership=\"BucketOwnerPreferred\",\n ))\nexample_bucket_public_access_block = aws.s3.BucketPublicAccessBlock(\"example\",\n bucket=example.id,\n block_public_acls=False,\n block_public_policy=False,\n ignore_public_acls=False,\n restrict_public_buckets=False)\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example.id,\n acl=\"public-read\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-tf-example-bucket\",\n });\n\n var exampleBucketOwnershipControls = new Aws.S3.BucketOwnershipControls(\"example\", new()\n {\n Bucket = example.Id,\n Rule = new Aws.S3.Inputs.BucketOwnershipControlsRuleArgs\n {\n ObjectOwnership = \"BucketOwnerPreferred\",\n },\n });\n\n var exampleBucketPublicAccessBlock = new Aws.S3.BucketPublicAccessBlock(\"example\", new()\n {\n Bucket = example.Id,\n BlockPublicAcls = false,\n BlockPublicPolicy = false,\n IgnorePublicAcls = false,\n RestrictPublicBuckets = false,\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = example.Id,\n Acl = \"public-read\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-tf-example-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketOwnershipControls(ctx, \"example\", \u0026s3.BucketOwnershipControlsArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tRule: \u0026s3.BucketOwnershipControlsRuleArgs{\n\t\t\t\tObjectOwnership: pulumi.String(\"BucketOwnerPreferred\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPublicAccessBlock(ctx, \"example\", \u0026s3.BucketPublicAccessBlockArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tBlockPublicAcls: pulumi.Bool(false),\n\t\t\tBlockPublicPolicy: pulumi.Bool(false),\n\t\t\tIgnorePublicAcls: pulumi.Bool(false),\n\t\t\tRestrictPublicBuckets: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: example.ID(),\n\t\t\tAcl: pulumi.String(\"public-read\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketOwnershipControls;\nimport com.pulumi.aws.s3.BucketOwnershipControlsArgs;\nimport com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;\nimport com.pulumi.aws.s3.BucketPublicAccessBlock;\nimport com.pulumi.aws.s3.BucketPublicAccessBlockArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucket(\"my-tf-example-bucket\")\n .build());\n\n var exampleBucketOwnershipControls = new BucketOwnershipControls(\"exampleBucketOwnershipControls\", BucketOwnershipControlsArgs.builder() \n .bucket(example.id())\n .rule(BucketOwnershipControlsRuleArgs.builder()\n .objectOwnership(\"BucketOwnerPreferred\")\n .build())\n .build());\n\n var exampleBucketPublicAccessBlock = new BucketPublicAccessBlock(\"exampleBucketPublicAccessBlock\", BucketPublicAccessBlockArgs.builder() \n .bucket(example.id())\n .blockPublicAcls(false)\n .blockPublicPolicy(false)\n .ignorePublicAcls(false)\n .restrictPublicBuckets(false)\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(example.id())\n .acl(\"public-read\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucket: my-tf-example-bucket\n exampleBucketOwnershipControls:\n type: aws:s3:BucketOwnershipControls\n name: example\n properties:\n bucket: ${example.id}\n rule:\n objectOwnership: BucketOwnerPreferred\n exampleBucketPublicAccessBlock:\n type: aws:s3:BucketPublicAccessBlock\n name: example\n properties:\n bucket: ${example.id}\n blockPublicAcls: false\n blockPublicPolicy: false\n ignorePublicAcls: false\n restrictPublicBuckets: false\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${example.id}\n acl: public-read\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Grants\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.s3.getCanonicalUserId({});\nconst example = new aws.s3.BucketV2(\"example\", {bucket: \"my-tf-example-bucket\"});\nconst exampleBucketOwnershipControls = new aws.s3.BucketOwnershipControls(\"example\", {\n bucket: example.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\",\n },\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: example.id,\n accessControlPolicy: {\n grants: [\n {\n grantee: {\n id: current.then(current =\u003e current.id),\n type: \"CanonicalUser\",\n },\n permission: \"READ\",\n },\n {\n grantee: {\n type: \"Group\",\n uri: \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n permission: \"READ_ACP\",\n },\n ],\n owner: {\n id: current.then(current =\u003e current.id),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.s3.get_canonical_user_id()\nexample = aws.s3.BucketV2(\"example\", bucket=\"my-tf-example-bucket\")\nexample_bucket_ownership_controls = aws.s3.BucketOwnershipControls(\"example\",\n bucket=example.id,\n rule=aws.s3.BucketOwnershipControlsRuleArgs(\n object_ownership=\"BucketOwnerPreferred\",\n ))\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example.id,\n access_control_policy=aws.s3.BucketAclV2AccessControlPolicyArgs(\n grants=[\n aws.s3.BucketAclV2AccessControlPolicyGrantArgs(\n grantee=aws.s3.BucketAclV2AccessControlPolicyGrantGranteeArgs(\n id=current.id,\n type=\"CanonicalUser\",\n ),\n permission=\"READ\",\n ),\n aws.s3.BucketAclV2AccessControlPolicyGrantArgs(\n grantee=aws.s3.BucketAclV2AccessControlPolicyGrantGranteeArgs(\n type=\"Group\",\n uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n ),\n permission=\"READ_ACP\",\n ),\n ],\n owner=aws.s3.BucketAclV2AccessControlPolicyOwnerArgs(\n id=current.id,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.S3.GetCanonicalUserId.Invoke();\n\n var example = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-tf-example-bucket\",\n });\n\n var exampleBucketOwnershipControls = new Aws.S3.BucketOwnershipControls(\"example\", new()\n {\n Bucket = example.Id,\n Rule = new Aws.S3.Inputs.BucketOwnershipControlsRuleArgs\n {\n ObjectOwnership = \"BucketOwnerPreferred\",\n },\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = example.Id,\n AccessControlPolicy = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyArgs\n {\n Grants = new[]\n {\n new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantArgs\n {\n Grantee = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantGranteeArgs\n {\n Id = current.Apply(getCanonicalUserIdResult =\u003e getCanonicalUserIdResult.Id),\n Type = \"CanonicalUser\",\n },\n Permission = \"READ\",\n },\n new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantArgs\n {\n Grantee = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantGranteeArgs\n {\n Type = \"Group\",\n Uri = \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n Permission = \"READ_ACP\",\n },\n },\n Owner = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyOwnerArgs\n {\n Id = current.Apply(getCanonicalUserIdResult =\u003e getCanonicalUserIdResult.Id),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := s3.GetCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-tf-example-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketOwnershipControls(ctx, \"example\", \u0026s3.BucketOwnershipControlsArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tRule: \u0026s3.BucketOwnershipControlsRuleArgs{\n\t\t\t\tObjectOwnership: pulumi.String(\"BucketOwnerPreferred\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: example.ID(),\n\t\t\tAccessControlPolicy: \u0026s3.BucketAclV2AccessControlPolicyArgs{\n\t\t\t\tGrants: s3.BucketAclV2AccessControlPolicyGrantArray{\n\t\t\t\t\t\u0026s3.BucketAclV2AccessControlPolicyGrantArgs{\n\t\t\t\t\t\tGrantee: \u0026s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{\n\t\t\t\t\t\t\tId: *pulumi.String(current.Id),\n\t\t\t\t\t\t\tType: pulumi.String(\"CanonicalUser\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermission: pulumi.String(\"READ\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026s3.BucketAclV2AccessControlPolicyGrantArgs{\n\t\t\t\t\t\tGrantee: \u0026s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Group\"),\n\t\t\t\t\t\t\tUri: pulumi.String(\"http://acs.amazonaws.com/groups/s3/LogDelivery\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermission: pulumi.String(\"READ_ACP\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOwner: \u0026s3.BucketAclV2AccessControlPolicyOwnerArgs{\n\t\t\t\t\tId: *pulumi.String(current.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketOwnershipControls;\nimport com.pulumi.aws.s3.BucketOwnershipControlsArgs;\nimport com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;\nimport com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyOwnerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = S3Functions.getCanonicalUserId();\n\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucket(\"my-tf-example-bucket\")\n .build());\n\n var exampleBucketOwnershipControls = new BucketOwnershipControls(\"exampleBucketOwnershipControls\", BucketOwnershipControlsArgs.builder() \n .bucket(example.id())\n .rule(BucketOwnershipControlsRuleArgs.builder()\n .objectOwnership(\"BucketOwnerPreferred\")\n .build())\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(example.id())\n .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()\n .grants( \n BucketAclV2AccessControlPolicyGrantArgs.builder()\n .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()\n .id(current.applyValue(getCanonicalUserIdResult -\u003e getCanonicalUserIdResult.id()))\n .type(\"CanonicalUser\")\n .build())\n .permission(\"READ\")\n .build(),\n BucketAclV2AccessControlPolicyGrantArgs.builder()\n .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()\n .type(\"Group\")\n .uri(\"http://acs.amazonaws.com/groups/s3/LogDelivery\")\n .build())\n .permission(\"READ_ACP\")\n .build())\n .owner(BucketAclV2AccessControlPolicyOwnerArgs.builder()\n .id(current.applyValue(getCanonicalUserIdResult -\u003e getCanonicalUserIdResult.id()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucket: my-tf-example-bucket\n exampleBucketOwnershipControls:\n type: aws:s3:BucketOwnershipControls\n name: example\n properties:\n bucket: ${example.id}\n rule:\n objectOwnership: BucketOwnerPreferred\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${example.id}\n accessControlPolicy:\n grants:\n - grantee:\n id: ${current.id}\n type: CanonicalUser\n permission: READ\n - grantee:\n type: Group\n uri: http://acs.amazonaws.com/groups/s3/LogDelivery\n permission: READ_ACP\n owner:\n id: ${current.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:s3:getCanonicalUserId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIf the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __configured__ with a\n[canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket` and `acl` separated by a comma (`,`):\n\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __not configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`):\n\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __configured__ with a\n[canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`):\n\n__Using `pulumi import` to import__ using `bucket`, `expected_bucket_owner`, and/or `acl`, depending on your situation. For example:\n\nIf the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __not configured__ with a\n[canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket`:\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name\n```\nIf the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket` and `acl` separated by a comma (`,`):\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,private\n```\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __not configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`):\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012\n```\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`):\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012,private\n```\n", + "description": "Provides an S3 bucket ACL resource.\n\n\u003e **Note:** destroy does not delete the S3 Bucket ACL but does remove the resource from state.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n## Example Usage\n\n### With `private` ACL\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.BucketV2(\"example\", {bucket: \"my-tf-example-bucket\"});\nconst exampleBucketOwnershipControls = new aws.s3.BucketOwnershipControls(\"example\", {\n bucket: example.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\",\n },\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: example.id,\n acl: \"private\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.BucketV2(\"example\", bucket=\"my-tf-example-bucket\")\nexample_bucket_ownership_controls = aws.s3.BucketOwnershipControls(\"example\",\n bucket=example.id,\n rule=aws.s3.BucketOwnershipControlsRuleArgs(\n object_ownership=\"BucketOwnerPreferred\",\n ))\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example.id,\n acl=\"private\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-tf-example-bucket\",\n });\n\n var exampleBucketOwnershipControls = new Aws.S3.BucketOwnershipControls(\"example\", new()\n {\n Bucket = example.Id,\n Rule = new Aws.S3.Inputs.BucketOwnershipControlsRuleArgs\n {\n ObjectOwnership = \"BucketOwnerPreferred\",\n },\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = example.Id,\n Acl = \"private\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-tf-example-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketOwnershipControls(ctx, \"example\", \u0026s3.BucketOwnershipControlsArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tRule: \u0026s3.BucketOwnershipControlsRuleArgs{\n\t\t\t\tObjectOwnership: pulumi.String(\"BucketOwnerPreferred\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: example.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketOwnershipControls;\nimport com.pulumi.aws.s3.BucketOwnershipControlsArgs;\nimport com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucket(\"my-tf-example-bucket\")\n .build());\n\n var exampleBucketOwnershipControls = new BucketOwnershipControls(\"exampleBucketOwnershipControls\", BucketOwnershipControlsArgs.builder() \n .bucket(example.id())\n .rule(BucketOwnershipControlsRuleArgs.builder()\n .objectOwnership(\"BucketOwnerPreferred\")\n .build())\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(example.id())\n .acl(\"private\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucket: my-tf-example-bucket\n exampleBucketOwnershipControls:\n type: aws:s3:BucketOwnershipControls\n name: example\n properties:\n bucket: ${example.id}\n rule:\n objectOwnership: BucketOwnerPreferred\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${example.id}\n acl: private\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With `public-read` ACL\n\n\u003e This example explicitly disables the default S3 bucket security settings. This\nshould be done with caution, as all bucket objects become publicly exposed.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.BucketV2(\"example\", {bucket: \"my-tf-example-bucket\"});\nconst exampleBucketOwnershipControls = new aws.s3.BucketOwnershipControls(\"example\", {\n bucket: example.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\",\n },\n});\nconst exampleBucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(\"example\", {\n bucket: example.id,\n blockPublicAcls: false,\n blockPublicPolicy: false,\n ignorePublicAcls: false,\n restrictPublicBuckets: false,\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: example.id,\n acl: \"public-read\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.BucketV2(\"example\", bucket=\"my-tf-example-bucket\")\nexample_bucket_ownership_controls = aws.s3.BucketOwnershipControls(\"example\",\n bucket=example.id,\n rule=aws.s3.BucketOwnershipControlsRuleArgs(\n object_ownership=\"BucketOwnerPreferred\",\n ))\nexample_bucket_public_access_block = aws.s3.BucketPublicAccessBlock(\"example\",\n bucket=example.id,\n block_public_acls=False,\n block_public_policy=False,\n ignore_public_acls=False,\n restrict_public_buckets=False)\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example.id,\n acl=\"public-read\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-tf-example-bucket\",\n });\n\n var exampleBucketOwnershipControls = new Aws.S3.BucketOwnershipControls(\"example\", new()\n {\n Bucket = example.Id,\n Rule = new Aws.S3.Inputs.BucketOwnershipControlsRuleArgs\n {\n ObjectOwnership = \"BucketOwnerPreferred\",\n },\n });\n\n var exampleBucketPublicAccessBlock = new Aws.S3.BucketPublicAccessBlock(\"example\", new()\n {\n Bucket = example.Id,\n BlockPublicAcls = false,\n BlockPublicPolicy = false,\n IgnorePublicAcls = false,\n RestrictPublicBuckets = false,\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = example.Id,\n Acl = \"public-read\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-tf-example-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketOwnershipControls(ctx, \"example\", \u0026s3.BucketOwnershipControlsArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tRule: \u0026s3.BucketOwnershipControlsRuleArgs{\n\t\t\t\tObjectOwnership: pulumi.String(\"BucketOwnerPreferred\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPublicAccessBlock(ctx, \"example\", \u0026s3.BucketPublicAccessBlockArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tBlockPublicAcls: pulumi.Bool(false),\n\t\t\tBlockPublicPolicy: pulumi.Bool(false),\n\t\t\tIgnorePublicAcls: pulumi.Bool(false),\n\t\t\tRestrictPublicBuckets: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: example.ID(),\n\t\t\tAcl: pulumi.String(\"public-read\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketOwnershipControls;\nimport com.pulumi.aws.s3.BucketOwnershipControlsArgs;\nimport com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;\nimport com.pulumi.aws.s3.BucketPublicAccessBlock;\nimport com.pulumi.aws.s3.BucketPublicAccessBlockArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucket(\"my-tf-example-bucket\")\n .build());\n\n var exampleBucketOwnershipControls = new BucketOwnershipControls(\"exampleBucketOwnershipControls\", BucketOwnershipControlsArgs.builder() \n .bucket(example.id())\n .rule(BucketOwnershipControlsRuleArgs.builder()\n .objectOwnership(\"BucketOwnerPreferred\")\n .build())\n .build());\n\n var exampleBucketPublicAccessBlock = new BucketPublicAccessBlock(\"exampleBucketPublicAccessBlock\", BucketPublicAccessBlockArgs.builder() \n .bucket(example.id())\n .blockPublicAcls(false)\n .blockPublicPolicy(false)\n .ignorePublicAcls(false)\n .restrictPublicBuckets(false)\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(example.id())\n .acl(\"public-read\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucket: my-tf-example-bucket\n exampleBucketOwnershipControls:\n type: aws:s3:BucketOwnershipControls\n name: example\n properties:\n bucket: ${example.id}\n rule:\n objectOwnership: BucketOwnerPreferred\n exampleBucketPublicAccessBlock:\n type: aws:s3:BucketPublicAccessBlock\n name: example\n properties:\n bucket: ${example.id}\n blockPublicAcls: false\n blockPublicPolicy: false\n ignorePublicAcls: false\n restrictPublicBuckets: false\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${example.id}\n acl: public-read\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Grants\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.s3.getCanonicalUserId({});\nconst example = new aws.s3.BucketV2(\"example\", {bucket: \"my-tf-example-bucket\"});\nconst exampleBucketOwnershipControls = new aws.s3.BucketOwnershipControls(\"example\", {\n bucket: example.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\",\n },\n});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: example.id,\n accessControlPolicy: {\n grants: [\n {\n grantee: {\n id: current.then(current =\u003e current.id),\n type: \"CanonicalUser\",\n },\n permission: \"READ\",\n },\n {\n grantee: {\n type: \"Group\",\n uri: \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n permission: \"READ_ACP\",\n },\n ],\n owner: {\n id: current.then(current =\u003e current.id),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.s3.get_canonical_user_id()\nexample = aws.s3.BucketV2(\"example\", bucket=\"my-tf-example-bucket\")\nexample_bucket_ownership_controls = aws.s3.BucketOwnershipControls(\"example\",\n bucket=example.id,\n rule=aws.s3.BucketOwnershipControlsRuleArgs(\n object_ownership=\"BucketOwnerPreferred\",\n ))\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example.id,\n access_control_policy=aws.s3.BucketAclV2AccessControlPolicyArgs(\n grants=[\n aws.s3.BucketAclV2AccessControlPolicyGrantArgs(\n grantee=aws.s3.BucketAclV2AccessControlPolicyGrantGranteeArgs(\n id=current.id,\n type=\"CanonicalUser\",\n ),\n permission=\"READ\",\n ),\n aws.s3.BucketAclV2AccessControlPolicyGrantArgs(\n grantee=aws.s3.BucketAclV2AccessControlPolicyGrantGranteeArgs(\n type=\"Group\",\n uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n ),\n permission=\"READ_ACP\",\n ),\n ],\n owner=aws.s3.BucketAclV2AccessControlPolicyOwnerArgs(\n id=current.id,\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.S3.GetCanonicalUserId.Invoke();\n\n var example = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-tf-example-bucket\",\n });\n\n var exampleBucketOwnershipControls = new Aws.S3.BucketOwnershipControls(\"example\", new()\n {\n Bucket = example.Id,\n Rule = new Aws.S3.Inputs.BucketOwnershipControlsRuleArgs\n {\n ObjectOwnership = \"BucketOwnerPreferred\",\n },\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = example.Id,\n AccessControlPolicy = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyArgs\n {\n Grants = new[]\n {\n new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantArgs\n {\n Grantee = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantGranteeArgs\n {\n Id = current.Apply(getCanonicalUserIdResult =\u003e getCanonicalUserIdResult.Id),\n Type = \"CanonicalUser\",\n },\n Permission = \"READ\",\n },\n new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantArgs\n {\n Grantee = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantGranteeArgs\n {\n Type = \"Group\",\n Uri = \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n Permission = \"READ_ACP\",\n },\n },\n Owner = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyOwnerArgs\n {\n Id = current.Apply(getCanonicalUserIdResult =\u003e getCanonicalUserIdResult.Id),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := s3.GetCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-tf-example-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketOwnershipControls(ctx, \"example\", \u0026s3.BucketOwnershipControlsArgs{\n\t\t\tBucket: example.ID(),\n\t\t\tRule: \u0026s3.BucketOwnershipControlsRuleArgs{\n\t\t\t\tObjectOwnership: pulumi.String(\"BucketOwnerPreferred\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: example.ID(),\n\t\t\tAccessControlPolicy: \u0026s3.BucketAclV2AccessControlPolicyArgs{\n\t\t\t\tGrants: s3.BucketAclV2AccessControlPolicyGrantArray{\n\t\t\t\t\t\u0026s3.BucketAclV2AccessControlPolicyGrantArgs{\n\t\t\t\t\t\tGrantee: \u0026s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{\n\t\t\t\t\t\t\tId: pulumi.String(current.Id),\n\t\t\t\t\t\t\tType: pulumi.String(\"CanonicalUser\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermission: pulumi.String(\"READ\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026s3.BucketAclV2AccessControlPolicyGrantArgs{\n\t\t\t\t\t\tGrantee: \u0026s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Group\"),\n\t\t\t\t\t\t\tUri: pulumi.String(\"http://acs.amazonaws.com/groups/s3/LogDelivery\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermission: pulumi.String(\"READ_ACP\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tOwner: \u0026s3.BucketAclV2AccessControlPolicyOwnerArgs{\n\t\t\t\t\tId: pulumi.String(current.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketOwnershipControls;\nimport com.pulumi.aws.s3.BucketOwnershipControlsArgs;\nimport com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;\nimport com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyOwnerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = S3Functions.getCanonicalUserId();\n\n var example = new BucketV2(\"example\", BucketV2Args.builder() \n .bucket(\"my-tf-example-bucket\")\n .build());\n\n var exampleBucketOwnershipControls = new BucketOwnershipControls(\"exampleBucketOwnershipControls\", BucketOwnershipControlsArgs.builder() \n .bucket(example.id())\n .rule(BucketOwnershipControlsRuleArgs.builder()\n .objectOwnership(\"BucketOwnerPreferred\")\n .build())\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(example.id())\n .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()\n .grants( \n BucketAclV2AccessControlPolicyGrantArgs.builder()\n .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()\n .id(current.applyValue(getCanonicalUserIdResult -\u003e getCanonicalUserIdResult.id()))\n .type(\"CanonicalUser\")\n .build())\n .permission(\"READ\")\n .build(),\n BucketAclV2AccessControlPolicyGrantArgs.builder()\n .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()\n .type(\"Group\")\n .uri(\"http://acs.amazonaws.com/groups/s3/LogDelivery\")\n .build())\n .permission(\"READ_ACP\")\n .build())\n .owner(BucketAclV2AccessControlPolicyOwnerArgs.builder()\n .id(current.applyValue(getCanonicalUserIdResult -\u003e getCanonicalUserIdResult.id()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketV2\n properties:\n bucket: my-tf-example-bucket\n exampleBucketOwnershipControls:\n type: aws:s3:BucketOwnershipControls\n name: example\n properties:\n bucket: ${example.id}\n rule:\n objectOwnership: BucketOwnerPreferred\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${example.id}\n accessControlPolicy:\n grants:\n - grantee:\n id: ${current.id}\n type: CanonicalUser\n permission: READ\n - grantee:\n type: Group\n uri: http://acs.amazonaws.com/groups/s3/LogDelivery\n permission: READ_ACP\n owner:\n id: ${current.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:s3:getCanonicalUserId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIf the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __configured__ with a\n[canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket` and `acl` separated by a comma (`,`):\n\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __not configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`):\n\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __configured__ with a\n[canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`):\n\n__Using `pulumi import` to import__ using `bucket`, `expected_bucket_owner`, and/or `acl`, depending on your situation. For example:\n\nIf the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __not configured__ with a\n[canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket`:\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name\n```\nIf the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket` and `acl` separated by a comma (`,`):\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,private\n```\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __not configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`):\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012\n```\nIf the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`):\n\n```sh\n$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012,private\n```\n", "properties": { "accessControlPolicy": { "$ref": "#/types/aws:s3/BucketAclV2AccessControlPolicy:BucketAclV2AccessControlPolicy", @@ -314011,7 +314011,7 @@ } }, "aws:s3/bucketNotification:BucketNotification": { - "description": "Manages a S3 Bucket Notification Configuration. For additional information, see the [Configuring S3 Event Notifications section in the Amazon S3 Developer Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).\n\n\u003e **NOTE:** S3 Buckets only support a single notification configuration. Declaring multiple `aws.s3.BucketNotification` resources to the same S3 Bucket will cause a perpetual difference in configuration. See the example \"Trigger multiple Lambda functions\" for an option.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n## Example Usage\n\n### Add notification configuration to SNS Topic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst topic = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"s3.amazonaws.com\"],\n }],\n actions: [\"SNS:Publish\"],\n resources: [\"arn:aws:sns:*:*:s3-event-notification-topic\"],\n conditions: [{\n test: \"ArnLike\",\n variable: \"aws:SourceArn\",\n values: [bucket.arn],\n }],\n }],\n});\nconst topicTopic = new aws.sns.Topic(\"topic\", {\n name: \"s3-event-notification-topic\",\n policy: topic.apply(topic =\u003e topic.json),\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n topics: [{\n topicArn: topicTopic.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\ntopic = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"s3.amazonaws.com\"],\n )],\n actions=[\"SNS:Publish\"],\n resources=[\"arn:aws:sns:*:*:s3-event-notification-topic\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnLike\",\n variable=\"aws:SourceArn\",\n values=[bucket.arn],\n )],\n)])\ntopic_topic = aws.sns.Topic(\"topic\",\n name=\"s3-event-notification-topic\",\n policy=topic.json)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n topics=[aws.s3.BucketNotificationTopicArgs(\n topic_arn=topic_topic.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var topic = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"s3.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Resources = new[]\n {\n \"arn:aws:sns:*:*:s3-event-notification-topic\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnLike\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n bucket.Arn,\n },\n },\n },\n },\n },\n });\n\n var topicTopic = new Aws.Sns.Topic(\"topic\", new()\n {\n Name = \"s3-event-notification-topic\",\n Policy = topic.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Topics = new[]\n {\n new Aws.S3.Inputs.BucketNotificationTopicArgs\n {\n TopicArn = topicTopic.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"s3.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"SNS:Publish\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:sns:*:*:s3-event-notification-topic\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnLike\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\ttopicTopic, err := sns.NewTopic(ctx, \"topic\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"s3-event-notification-topic\"),\n\t\t\tPolicy: topic.ApplyT(func(topic iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026topic.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tTopics: s3.BucketNotificationTopicArray{\n\t\t\t\t\u0026s3.BucketNotificationTopicArgs{\n\t\t\t\t\tTopicArn: topicTopic.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationTopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n final var topic = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"s3.amazonaws.com\")\n .build())\n .actions(\"SNS:Publish\")\n .resources(\"arn:aws:sns:*:*:s3-event-notification-topic\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnLike\")\n .variable(\"aws:SourceArn\")\n .values(bucket.arn())\n .build())\n .build())\n .build());\n\n var topicTopic = new Topic(\"topicTopic\", TopicArgs.builder() \n .name(\"s3-event-notification-topic\")\n .policy(topic.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(topic -\u003e topic.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .topics(BucketNotificationTopicArgs.builder()\n .topicArn(topicTopic.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topicTopic:\n type: aws:sns:Topic\n name: topic\n properties:\n name: s3-event-notification-topic\n policy: ${topic.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n topics:\n - topicArn: ${topicTopic.arn}\n events:\n - s3:ObjectCreated:*\n filterSuffix: .log\nvariables:\n topic:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - s3.amazonaws.com\n actions:\n - SNS:Publish\n resources:\n - arn:aws:sns:*:*:s3-event-notification-topic\n conditions:\n - test: ArnLike\n variable: aws:SourceArn\n values:\n - ${bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Add notification configuration to SQS Queue\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst queue = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"sqs:SendMessage\"],\n resources: [\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [bucket.arn],\n }],\n }],\n});\nconst queueQueue = new aws.sqs.Queue(\"queue\", {\n name: \"s3-event-notification-queue\",\n policy: queue.apply(queue =\u003e queue.json),\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n queues: [{\n queueArn: queueQueue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nqueue = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"sqs:SendMessage\"],\n resources=[\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[bucket.arn],\n )],\n)])\nqueue_queue = aws.sqs.Queue(\"queue\",\n name=\"s3-event-notification-queue\",\n policy=queue.json)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n queues=[aws.s3.BucketNotificationQueueArgs(\n queue_arn=queue_queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var queue = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"sqs:SendMessage\",\n },\n Resources = new[]\n {\n \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n bucket.Arn,\n },\n },\n },\n },\n },\n });\n\n var queueQueue = new Aws.Sqs.Queue(\"queue\", new()\n {\n Name = \"s3-event-notification-queue\",\n Policy = queue.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Queues = new[]\n {\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n QueueArn = queueQueue.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tqueue := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"*\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sqs:SendMessage\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:sqs:*:*:s3-event-notification-queue\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tqueueQueue, err := sqs.NewQueue(ctx, \"queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"s3-event-notification-queue\"),\n\t\t\tPolicy: queue.ApplyT(func(queue iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026queue.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tQueues: s3.BucketNotificationQueueArray{\n\t\t\t\t\u0026s3.BucketNotificationQueueArgs{\n\t\t\t\t\tQueueArn: queueQueue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationQueueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n final var queue = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"sqs:SendMessage\")\n .resources(\"arn:aws:sqs:*:*:s3-event-notification-queue\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(bucket.arn())\n .build())\n .build())\n .build());\n\n var queueQueue = new Queue(\"queueQueue\", QueueArgs.builder() \n .name(\"s3-event-notification-queue\")\n .policy(queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(queue -\u003e queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .queues(BucketNotificationQueueArgs.builder()\n .queueArn(queueQueue.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n queueQueue:\n type: aws:sqs:Queue\n name: queue\n properties:\n name: s3-event-notification-queue\n policy: ${queue.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n queues:\n - queueArn: ${queueQueue.arn}\n events:\n - s3:ObjectCreated:*\n filterSuffix: .log\nvariables:\n queue:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - sqs:SendMessage\n resources:\n - arn:aws:sqs:*:*:s3-event-notification-queue\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - ${bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Add notification configuration to Lambda Function\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst func = new aws.lambda.Function(\"func\", {\n code: new pulumi.asset.FileArchive(\"your-function.zip\"),\n name: \"example_lambda_name\",\n role: iamForLambda.arn,\n handler: \"exports.example\",\n runtime: \"go1.x\",\n});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst allowBucket = new aws.lambda.Permission(\"allow_bucket\", {\n statementId: \"AllowExecutionFromS3Bucket\",\n action: \"lambda:InvokeFunction\",\n \"function\": func.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n lambdaFunctions: [{\n lambdaFunctionArn: func.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"AWSLogs/\",\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nfunc = aws.lambda_.Function(\"func\",\n code=pulumi.FileArchive(\"your-function.zip\"),\n name=\"example_lambda_name\",\n role=iam_for_lambda.arn,\n handler=\"exports.example\",\n runtime=\"go1.x\")\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nallow_bucket = aws.lambda_.Permission(\"allow_bucket\",\n statement_id=\"AllowExecutionFromS3Bucket\",\n action=\"lambda:InvokeFunction\",\n function=func.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n lambda_functions=[aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"AWSLogs/\",\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var func = new Aws.Lambda.Function(\"func\", new()\n {\n Code = new FileArchive(\"your-function.zip\"),\n Name = \"example_lambda_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n Runtime = \"go1.x\",\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var allowBucket = new Aws.Lambda.Permission(\"allow_bucket\", new()\n {\n StatementId = \"AllowExecutionFromS3Bucket\",\n Action = \"lambda:InvokeFunction\",\n Function = func.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n LambdaFunctions = new[]\n {\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"AWSLogs/\",\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"func\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"your-function.zip\"),\n\t\t\tName: pulumi.String(\"example_lambda_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t\tRuntime: pulumi.String(\"go1.x\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_bucket\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromS3Bucket\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: _func.Arn,\n\t\t\tPrincipal: pulumi.String(\"s3.amazonaws.com\"),\n\t\t\tSourceArn: bucket.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tLambdaFunctions: s3.BucketNotificationLambdaFunctionArray{\n\t\t\t\t\u0026s3.BucketNotificationLambdaFunctionArgs{\n\t\t\t\t\tLambdaFunctionArn: _func.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"AWSLogs/\"),\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationLambdaFunctionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var func = new Function(\"func\", FunctionArgs.builder() \n .code(new FileArchive(\"your-function.zip\"))\n .name(\"example_lambda_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.example\")\n .runtime(\"go1.x\")\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n var allowBucket = new Permission(\"allowBucket\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromS3Bucket\")\n .action(\"lambda:InvokeFunction\")\n .function(func.arn())\n .principal(\"s3.amazonaws.com\")\n .sourceArn(bucket.arn())\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .lambdaFunctions(BucketNotificationLambdaFunctionArgs.builder()\n .lambdaFunctionArn(func.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"AWSLogs/\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n allowBucket:\n type: aws:lambda:Permission\n name: allow_bucket\n properties:\n statementId: AllowExecutionFromS3Bucket\n action: lambda:InvokeFunction\n function: ${func.arn}\n principal: s3.amazonaws.com\n sourceArn: ${bucket.arn}\n func:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: your-function.zip\n name: example_lambda_name\n role: ${iamForLambda.arn}\n handler: exports.example\n runtime: go1.x\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n lambdaFunctions:\n - lambdaFunctionArn: ${func.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: AWSLogs/\n filterSuffix: .log\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Trigger multiple Lambda functions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst func1 = new aws.lambda.Function(\"func1\", {\n code: new pulumi.asset.FileArchive(\"your-function1.zip\"),\n name: \"example_lambda_name1\",\n role: iamForLambda.arn,\n handler: \"exports.example\",\n runtime: \"go1.x\",\n});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst allowBucket1 = new aws.lambda.Permission(\"allow_bucket1\", {\n statementId: \"AllowExecutionFromS3Bucket1\",\n action: \"lambda:InvokeFunction\",\n \"function\": func1.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst func2 = new aws.lambda.Function(\"func2\", {\n code: new pulumi.asset.FileArchive(\"your-function2.zip\"),\n name: \"example_lambda_name2\",\n role: iamForLambda.arn,\n handler: \"exports.example\",\n});\nconst allowBucket2 = new aws.lambda.Permission(\"allow_bucket2\", {\n statementId: \"AllowExecutionFromS3Bucket2\",\n action: \"lambda:InvokeFunction\",\n \"function\": func2.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n lambdaFunctions: [\n {\n lambdaFunctionArn: func1.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"AWSLogs/\",\n filterSuffix: \".log\",\n },\n {\n lambdaFunctionArn: func2.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"OtherLogs/\",\n filterSuffix: \".log\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nfunc1 = aws.lambda_.Function(\"func1\",\n code=pulumi.FileArchive(\"your-function1.zip\"),\n name=\"example_lambda_name1\",\n role=iam_for_lambda.arn,\n handler=\"exports.example\",\n runtime=\"go1.x\")\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nallow_bucket1 = aws.lambda_.Permission(\"allow_bucket1\",\n statement_id=\"AllowExecutionFromS3Bucket1\",\n action=\"lambda:InvokeFunction\",\n function=func1.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nfunc2 = aws.lambda_.Function(\"func2\",\n code=pulumi.FileArchive(\"your-function2.zip\"),\n name=\"example_lambda_name2\",\n role=iam_for_lambda.arn,\n handler=\"exports.example\")\nallow_bucket2 = aws.lambda_.Permission(\"allow_bucket2\",\n statement_id=\"AllowExecutionFromS3Bucket2\",\n action=\"lambda:InvokeFunction\",\n function=func2.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n lambda_functions=[\n aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func1.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"AWSLogs/\",\n filter_suffix=\".log\",\n ),\n aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func2.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"OtherLogs/\",\n filter_suffix=\".log\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var func1 = new Aws.Lambda.Function(\"func1\", new()\n {\n Code = new FileArchive(\"your-function1.zip\"),\n Name = \"example_lambda_name1\",\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n Runtime = \"go1.x\",\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var allowBucket1 = new Aws.Lambda.Permission(\"allow_bucket1\", new()\n {\n StatementId = \"AllowExecutionFromS3Bucket1\",\n Action = \"lambda:InvokeFunction\",\n Function = func1.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n\n var func2 = new Aws.Lambda.Function(\"func2\", new()\n {\n Code = new FileArchive(\"your-function2.zip\"),\n Name = \"example_lambda_name2\",\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n });\n\n var allowBucket2 = new Aws.Lambda.Permission(\"allow_bucket2\", new()\n {\n StatementId = \"AllowExecutionFromS3Bucket2\",\n Action = \"lambda:InvokeFunction\",\n Function = func2.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n LambdaFunctions = new[]\n {\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func1.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"AWSLogs/\",\n FilterSuffix = \".log\",\n },\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func2.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"OtherLogs/\",\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunc1, err := lambda.NewFunction(ctx, \"func1\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"your-function1.zip\"),\n\t\t\tName: pulumi.String(\"example_lambda_name1\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t\tRuntime: pulumi.String(\"go1.x\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_bucket1\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromS3Bucket1\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: func1.Arn,\n\t\t\tPrincipal: pulumi.String(\"s3.amazonaws.com\"),\n\t\t\tSourceArn: bucket.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunc2, err := lambda.NewFunction(ctx, \"func2\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"your-function2.zip\"),\n\t\t\tName: pulumi.String(\"example_lambda_name2\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_bucket2\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromS3Bucket2\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: func2.Arn,\n\t\t\tPrincipal: pulumi.String(\"s3.amazonaws.com\"),\n\t\t\tSourceArn: bucket.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tLambdaFunctions: s3.BucketNotificationLambdaFunctionArray{\n\t\t\t\t\u0026s3.BucketNotificationLambdaFunctionArgs{\n\t\t\t\t\tLambdaFunctionArn: func1.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"AWSLogs/\"),\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketNotificationLambdaFunctionArgs{\n\t\t\t\t\tLambdaFunctionArn: func2.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"OtherLogs/\"),\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationLambdaFunctionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var func1 = new Function(\"func1\", FunctionArgs.builder() \n .code(new FileArchive(\"your-function1.zip\"))\n .name(\"example_lambda_name1\")\n .role(iamForLambda.arn())\n .handler(\"exports.example\")\n .runtime(\"go1.x\")\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n var allowBucket1 = new Permission(\"allowBucket1\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromS3Bucket1\")\n .action(\"lambda:InvokeFunction\")\n .function(func1.arn())\n .principal(\"s3.amazonaws.com\")\n .sourceArn(bucket.arn())\n .build());\n\n var func2 = new Function(\"func2\", FunctionArgs.builder() \n .code(new FileArchive(\"your-function2.zip\"))\n .name(\"example_lambda_name2\")\n .role(iamForLambda.arn())\n .handler(\"exports.example\")\n .build());\n\n var allowBucket2 = new Permission(\"allowBucket2\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromS3Bucket2\")\n .action(\"lambda:InvokeFunction\")\n .function(func2.arn())\n .principal(\"s3.amazonaws.com\")\n .sourceArn(bucket.arn())\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .lambdaFunctions( \n BucketNotificationLambdaFunctionArgs.builder()\n .lambdaFunctionArn(func1.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"AWSLogs/\")\n .filterSuffix(\".log\")\n .build(),\n BucketNotificationLambdaFunctionArgs.builder()\n .lambdaFunctionArn(func2.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"OtherLogs/\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n allowBucket1:\n type: aws:lambda:Permission\n name: allow_bucket1\n properties:\n statementId: AllowExecutionFromS3Bucket1\n action: lambda:InvokeFunction\n function: ${func1.arn}\n principal: s3.amazonaws.com\n sourceArn: ${bucket.arn}\n func1:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: your-function1.zip\n name: example_lambda_name1\n role: ${iamForLambda.arn}\n handler: exports.example\n runtime: go1.x\n allowBucket2:\n type: aws:lambda:Permission\n name: allow_bucket2\n properties:\n statementId: AllowExecutionFromS3Bucket2\n action: lambda:InvokeFunction\n function: ${func2.arn}\n principal: s3.amazonaws.com\n sourceArn: ${bucket.arn}\n func2:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: your-function2.zip\n name: example_lambda_name2\n role: ${iamForLambda.arn}\n handler: exports.example\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n lambdaFunctions:\n - lambdaFunctionArn: ${func1.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: AWSLogs/\n filterSuffix: .log\n - lambdaFunctionArn: ${func2.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: OtherLogs/\n filterSuffix: .log\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Add multiple notification configurations to SQS Queue\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst queue = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"sqs:SendMessage\"],\n resources: [\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [bucket.arn],\n }],\n }],\n});\nconst queueQueue = new aws.sqs.Queue(\"queue\", {\n name: \"s3-event-notification-queue\",\n policy: queue.apply(queue =\u003e queue.json),\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n queues: [\n {\n id: \"image-upload-event\",\n queueArn: queueQueue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"images/\",\n },\n {\n id: \"video-upload-event\",\n queueArn: queueQueue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"videos/\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nqueue = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"sqs:SendMessage\"],\n resources=[\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[bucket.arn],\n )],\n)])\nqueue_queue = aws.sqs.Queue(\"queue\",\n name=\"s3-event-notification-queue\",\n policy=queue.json)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n queues=[\n aws.s3.BucketNotificationQueueArgs(\n id=\"image-upload-event\",\n queue_arn=queue_queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"images/\",\n ),\n aws.s3.BucketNotificationQueueArgs(\n id=\"video-upload-event\",\n queue_arn=queue_queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"videos/\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var queue = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"sqs:SendMessage\",\n },\n Resources = new[]\n {\n \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n bucket.Arn,\n },\n },\n },\n },\n },\n });\n\n var queueQueue = new Aws.Sqs.Queue(\"queue\", new()\n {\n Name = \"s3-event-notification-queue\",\n Policy = queue.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Queues = new[]\n {\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n Id = \"image-upload-event\",\n QueueArn = queueQueue.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"images/\",\n },\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n Id = \"video-upload-event\",\n QueueArn = queueQueue.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"videos/\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tqueue := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"*\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sqs:SendMessage\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:sqs:*:*:s3-event-notification-queue\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tqueueQueue, err := sqs.NewQueue(ctx, \"queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"s3-event-notification-queue\"),\n\t\t\tPolicy: queue.ApplyT(func(queue iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026queue.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tQueues: s3.BucketNotificationQueueArray{\n\t\t\t\t\u0026s3.BucketNotificationQueueArgs{\n\t\t\t\t\tId: pulumi.String(\"image-upload-event\"),\n\t\t\t\t\tQueueArn: queueQueue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"images/\"),\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketNotificationQueueArgs{\n\t\t\t\t\tId: pulumi.String(\"video-upload-event\"),\n\t\t\t\t\tQueueArn: queueQueue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"videos/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationQueueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n final var queue = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"sqs:SendMessage\")\n .resources(\"arn:aws:sqs:*:*:s3-event-notification-queue\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(bucket.arn())\n .build())\n .build())\n .build());\n\n var queueQueue = new Queue(\"queueQueue\", QueueArgs.builder() \n .name(\"s3-event-notification-queue\")\n .policy(queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(queue -\u003e queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .queues( \n BucketNotificationQueueArgs.builder()\n .id(\"image-upload-event\")\n .queueArn(queueQueue.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"images/\")\n .build(),\n BucketNotificationQueueArgs.builder()\n .id(\"video-upload-event\")\n .queueArn(queueQueue.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"videos/\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n queueQueue:\n type: aws:sqs:Queue\n name: queue\n properties:\n name: s3-event-notification-queue\n policy: ${queue.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n queues:\n - id: image-upload-event\n queueArn: ${queueQueue.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: images/\n - id: video-upload-event\n queueArn: ${queueQueue.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: videos/\nvariables:\n queue:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - sqs:SendMessage\n resources:\n - arn:aws:sqs:*:*:s3-event-notification-queue\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - ${bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nFor JSON syntax, use an array instead of defining the `queue` key twice.\n\n```json\n{\n\t\"bucket\": \"${aws_s3_bucket.bucket.id}\",\n\t\"queue\": [\n\t\t{\n\t\t\t\"id\": \"image-upload-event\",\n\t\t\t\"queue_arn\": \"${aws_sqs_queue.queue.arn}\",\n\t\t\t\"events\": [\"s3:ObjectCreated:*\"],\n\t\t\t\"filter_prefix\": \"images/\"\n\t\t},\n\t\t{\n\t\t\t\"id\": \"video-upload-event\",\n\t\t\t\"queue_arn\": \"${aws_sqs_queue.queue.arn}\",\n\t\t\t\"events\": [\"s3:ObjectCreated:*\"],\n\t\t\t\"filter_prefix\": \"videos/\"\n\t\t}\n\t]\n}\n```\n\n### Emit events to EventBridge\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n eventbridge: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n eventbridge=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Eventbridge = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tEventbridge: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .eventbridge(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n eventbridge: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import S3 bucket notification using the `bucket`. For example:\n\n```sh\n$ pulumi import aws:s3/bucketNotification:BucketNotification bucket_notification bucket-name\n```\n", + "description": "Manages a S3 Bucket Notification Configuration. For additional information, see the [Configuring S3 Event Notifications section in the Amazon S3 Developer Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).\n\n\u003e **NOTE:** S3 Buckets only support a single notification configuration. Declaring multiple `aws.s3.BucketNotification` resources to the same S3 Bucket will cause a perpetual difference in configuration. See the example \"Trigger multiple Lambda functions\" for an option.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n## Example Usage\n\n### Add notification configuration to SNS Topic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst topic = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"s3.amazonaws.com\"],\n }],\n actions: [\"SNS:Publish\"],\n resources: [\"arn:aws:sns:*:*:s3-event-notification-topic\"],\n conditions: [{\n test: \"ArnLike\",\n variable: \"aws:SourceArn\",\n values: [bucket.arn],\n }],\n }],\n});\nconst topicTopic = new aws.sns.Topic(\"topic\", {\n name: \"s3-event-notification-topic\",\n policy: topic.apply(topic =\u003e topic.json),\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n topics: [{\n topicArn: topicTopic.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\ntopic = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"s3.amazonaws.com\"],\n )],\n actions=[\"SNS:Publish\"],\n resources=[\"arn:aws:sns:*:*:s3-event-notification-topic\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnLike\",\n variable=\"aws:SourceArn\",\n values=[bucket.arn],\n )],\n)])\ntopic_topic = aws.sns.Topic(\"topic\",\n name=\"s3-event-notification-topic\",\n policy=topic.json)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n topics=[aws.s3.BucketNotificationTopicArgs(\n topic_arn=topic_topic.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var topic = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"s3.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"SNS:Publish\",\n },\n Resources = new[]\n {\n \"arn:aws:sns:*:*:s3-event-notification-topic\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnLike\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n bucket.Arn,\n },\n },\n },\n },\n },\n });\n\n var topicTopic = new Aws.Sns.Topic(\"topic\", new()\n {\n Name = \"s3-event-notification-topic\",\n Policy = topic.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Topics = new[]\n {\n new Aws.S3.Inputs.BucketNotificationTopicArgs\n {\n TopicArn = topicTopic.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"s3.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"SNS:Publish\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:sns:*:*:s3-event-notification-topic\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnLike\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\ttopicTopic, err := sns.NewTopic(ctx, \"topic\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"s3-event-notification-topic\"),\n\t\t\tPolicy: topic.ApplyT(func(topic iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026topic.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tTopics: s3.BucketNotificationTopicArray{\n\t\t\t\t\u0026s3.BucketNotificationTopicArgs{\n\t\t\t\t\tTopicArn: topicTopic.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationTopicArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n final var topic = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"s3.amazonaws.com\")\n .build())\n .actions(\"SNS:Publish\")\n .resources(\"arn:aws:sns:*:*:s3-event-notification-topic\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnLike\")\n .variable(\"aws:SourceArn\")\n .values(bucket.arn())\n .build())\n .build())\n .build());\n\n var topicTopic = new Topic(\"topicTopic\", TopicArgs.builder() \n .name(\"s3-event-notification-topic\")\n .policy(topic.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(topic -\u003e topic.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .topics(BucketNotificationTopicArgs.builder()\n .topicArn(topicTopic.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n topicTopic:\n type: aws:sns:Topic\n name: topic\n properties:\n name: s3-event-notification-topic\n policy: ${topic.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n topics:\n - topicArn: ${topicTopic.arn}\n events:\n - s3:ObjectCreated:*\n filterSuffix: .log\nvariables:\n topic:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - s3.amazonaws.com\n actions:\n - SNS:Publish\n resources:\n - arn:aws:sns:*:*:s3-event-notification-topic\n conditions:\n - test: ArnLike\n variable: aws:SourceArn\n values:\n - ${bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Add notification configuration to SQS Queue\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst queue = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"sqs:SendMessage\"],\n resources: [\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [bucket.arn],\n }],\n }],\n});\nconst queueQueue = new aws.sqs.Queue(\"queue\", {\n name: \"s3-event-notification-queue\",\n policy: queue.apply(queue =\u003e queue.json),\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n queues: [{\n queueArn: queueQueue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nqueue = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"sqs:SendMessage\"],\n resources=[\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[bucket.arn],\n )],\n)])\nqueue_queue = aws.sqs.Queue(\"queue\",\n name=\"s3-event-notification-queue\",\n policy=queue.json)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n queues=[aws.s3.BucketNotificationQueueArgs(\n queue_arn=queue_queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var queue = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"sqs:SendMessage\",\n },\n Resources = new[]\n {\n \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n bucket.Arn,\n },\n },\n },\n },\n },\n });\n\n var queueQueue = new Aws.Sqs.Queue(\"queue\", new()\n {\n Name = \"s3-event-notification-queue\",\n Policy = queue.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Queues = new[]\n {\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n QueueArn = queueQueue.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tqueue := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"*\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sqs:SendMessage\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:sqs:*:*:s3-event-notification-queue\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tqueueQueue, err := sqs.NewQueue(ctx, \"queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"s3-event-notification-queue\"),\n\t\t\tPolicy: queue.ApplyT(func(queue iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026queue.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tQueues: s3.BucketNotificationQueueArray{\n\t\t\t\t\u0026s3.BucketNotificationQueueArgs{\n\t\t\t\t\tQueueArn: queueQueue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationQueueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n final var queue = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"sqs:SendMessage\")\n .resources(\"arn:aws:sqs:*:*:s3-event-notification-queue\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(bucket.arn())\n .build())\n .build())\n .build());\n\n var queueQueue = new Queue(\"queueQueue\", QueueArgs.builder() \n .name(\"s3-event-notification-queue\")\n .policy(queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(queue -\u003e queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .queues(BucketNotificationQueueArgs.builder()\n .queueArn(queueQueue.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n queueQueue:\n type: aws:sqs:Queue\n name: queue\n properties:\n name: s3-event-notification-queue\n policy: ${queue.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n queues:\n - queueArn: ${queueQueue.arn}\n events:\n - s3:ObjectCreated:*\n filterSuffix: .log\nvariables:\n queue:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - sqs:SendMessage\n resources:\n - arn:aws:sqs:*:*:s3-event-notification-queue\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - ${bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Add notification configuration to Lambda Function\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst func = new aws.lambda.Function(\"func\", {\n code: new pulumi.asset.FileArchive(\"your-function.zip\"),\n name: \"example_lambda_name\",\n role: iamForLambda.arn,\n handler: \"exports.example\",\n runtime: aws.lambda.Runtime.Go1dx,\n});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst allowBucket = new aws.lambda.Permission(\"allow_bucket\", {\n statementId: \"AllowExecutionFromS3Bucket\",\n action: \"lambda:InvokeFunction\",\n \"function\": func.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n lambdaFunctions: [{\n lambdaFunctionArn: func.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"AWSLogs/\",\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nfunc = aws.lambda_.Function(\"func\",\n code=pulumi.FileArchive(\"your-function.zip\"),\n name=\"example_lambda_name\",\n role=iam_for_lambda.arn,\n handler=\"exports.example\",\n runtime=aws.lambda_.Runtime.GO1DX)\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nallow_bucket = aws.lambda_.Permission(\"allow_bucket\",\n statement_id=\"AllowExecutionFromS3Bucket\",\n action=\"lambda:InvokeFunction\",\n function=func.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n lambda_functions=[aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"AWSLogs/\",\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var func = new Aws.Lambda.Function(\"func\", new()\n {\n Code = new FileArchive(\"your-function.zip\"),\n Name = \"example_lambda_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n Runtime = Aws.Lambda.Runtime.Go1dx,\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var allowBucket = new Aws.Lambda.Permission(\"allow_bucket\", new()\n {\n StatementId = \"AllowExecutionFromS3Bucket\",\n Action = \"lambda:InvokeFunction\",\n Function = func.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n LambdaFunctions = new[]\n {\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"AWSLogs/\",\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"func\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"your-function.zip\"),\n\t\t\tName: pulumi.String(\"example_lambda_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeGo1dx),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_bucket\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromS3Bucket\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: _func.Arn,\n\t\t\tPrincipal: pulumi.String(\"s3.amazonaws.com\"),\n\t\t\tSourceArn: bucket.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tLambdaFunctions: s3.BucketNotificationLambdaFunctionArray{\n\t\t\t\t\u0026s3.BucketNotificationLambdaFunctionArgs{\n\t\t\t\t\tLambdaFunctionArn: _func.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"AWSLogs/\"),\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationLambdaFunctionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var func = new Function(\"func\", FunctionArgs.builder() \n .code(new FileArchive(\"your-function.zip\"))\n .name(\"example_lambda_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.example\")\n .runtime(\"go1.x\")\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n var allowBucket = new Permission(\"allowBucket\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromS3Bucket\")\n .action(\"lambda:InvokeFunction\")\n .function(func.arn())\n .principal(\"s3.amazonaws.com\")\n .sourceArn(bucket.arn())\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .lambdaFunctions(BucketNotificationLambdaFunctionArgs.builder()\n .lambdaFunctionArn(func.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"AWSLogs/\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n allowBucket:\n type: aws:lambda:Permission\n name: allow_bucket\n properties:\n statementId: AllowExecutionFromS3Bucket\n action: lambda:InvokeFunction\n function: ${func.arn}\n principal: s3.amazonaws.com\n sourceArn: ${bucket.arn}\n func:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: your-function.zip\n name: example_lambda_name\n role: ${iamForLambda.arn}\n handler: exports.example\n runtime: go1.x\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n lambdaFunctions:\n - lambdaFunctionArn: ${func.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: AWSLogs/\n filterSuffix: .log\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Trigger multiple Lambda functions\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst func1 = new aws.lambda.Function(\"func1\", {\n code: new pulumi.asset.FileArchive(\"your-function1.zip\"),\n name: \"example_lambda_name1\",\n role: iamForLambda.arn,\n handler: \"exports.example\",\n runtime: aws.lambda.Runtime.Go1dx,\n});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst allowBucket1 = new aws.lambda.Permission(\"allow_bucket1\", {\n statementId: \"AllowExecutionFromS3Bucket1\",\n action: \"lambda:InvokeFunction\",\n \"function\": func1.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst func2 = new aws.lambda.Function(\"func2\", {\n code: new pulumi.asset.FileArchive(\"your-function2.zip\"),\n name: \"example_lambda_name2\",\n role: iamForLambda.arn,\n handler: \"exports.example\",\n});\nconst allowBucket2 = new aws.lambda.Permission(\"allow_bucket2\", {\n statementId: \"AllowExecutionFromS3Bucket2\",\n action: \"lambda:InvokeFunction\",\n \"function\": func2.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n lambdaFunctions: [\n {\n lambdaFunctionArn: func1.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"AWSLogs/\",\n filterSuffix: \".log\",\n },\n {\n lambdaFunctionArn: func2.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"OtherLogs/\",\n filterSuffix: \".log\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nfunc1 = aws.lambda_.Function(\"func1\",\n code=pulumi.FileArchive(\"your-function1.zip\"),\n name=\"example_lambda_name1\",\n role=iam_for_lambda.arn,\n handler=\"exports.example\",\n runtime=aws.lambda_.Runtime.GO1DX)\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nallow_bucket1 = aws.lambda_.Permission(\"allow_bucket1\",\n statement_id=\"AllowExecutionFromS3Bucket1\",\n action=\"lambda:InvokeFunction\",\n function=func1.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nfunc2 = aws.lambda_.Function(\"func2\",\n code=pulumi.FileArchive(\"your-function2.zip\"),\n name=\"example_lambda_name2\",\n role=iam_for_lambda.arn,\n handler=\"exports.example\")\nallow_bucket2 = aws.lambda_.Permission(\"allow_bucket2\",\n statement_id=\"AllowExecutionFromS3Bucket2\",\n action=\"lambda:InvokeFunction\",\n function=func2.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n lambda_functions=[\n aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func1.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"AWSLogs/\",\n filter_suffix=\".log\",\n ),\n aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func2.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"OtherLogs/\",\n filter_suffix=\".log\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var func1 = new Aws.Lambda.Function(\"func1\", new()\n {\n Code = new FileArchive(\"your-function1.zip\"),\n Name = \"example_lambda_name1\",\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n Runtime = Aws.Lambda.Runtime.Go1dx,\n });\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var allowBucket1 = new Aws.Lambda.Permission(\"allow_bucket1\", new()\n {\n StatementId = \"AllowExecutionFromS3Bucket1\",\n Action = \"lambda:InvokeFunction\",\n Function = func1.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n\n var func2 = new Aws.Lambda.Function(\"func2\", new()\n {\n Code = new FileArchive(\"your-function2.zip\"),\n Name = \"example_lambda_name2\",\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n });\n\n var allowBucket2 = new Aws.Lambda.Permission(\"allow_bucket2\", new()\n {\n StatementId = \"AllowExecutionFromS3Bucket2\",\n Action = \"lambda:InvokeFunction\",\n Function = func2.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n LambdaFunctions = new[]\n {\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func1.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"AWSLogs/\",\n FilterSuffix = \".log\",\n },\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func2.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"OtherLogs/\",\n FilterSuffix = \".log\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunc1, err := lambda.NewFunction(ctx, \"func1\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"your-function1.zip\"),\n\t\t\tName: pulumi.String(\"example_lambda_name1\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeGo1dx),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_bucket1\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromS3Bucket1\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: func1.Arn,\n\t\t\tPrincipal: pulumi.String(\"s3.amazonaws.com\"),\n\t\t\tSourceArn: bucket.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunc2, err := lambda.NewFunction(ctx, \"func2\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"your-function2.zip\"),\n\t\t\tName: pulumi.String(\"example_lambda_name2\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"exports.example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"allow_bucket2\", \u0026lambda.PermissionArgs{\n\t\t\tStatementId: pulumi.String(\"AllowExecutionFromS3Bucket2\"),\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: func2.Arn,\n\t\t\tPrincipal: pulumi.String(\"s3.amazonaws.com\"),\n\t\t\tSourceArn: bucket.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tLambdaFunctions: s3.BucketNotificationLambdaFunctionArray{\n\t\t\t\t\u0026s3.BucketNotificationLambdaFunctionArgs{\n\t\t\t\t\tLambdaFunctionArn: func1.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"AWSLogs/\"),\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketNotificationLambdaFunctionArgs{\n\t\t\t\t\tLambdaFunctionArn: func2.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"OtherLogs/\"),\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationLambdaFunctionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var func1 = new Function(\"func1\", FunctionArgs.builder() \n .code(new FileArchive(\"your-function1.zip\"))\n .name(\"example_lambda_name1\")\n .role(iamForLambda.arn())\n .handler(\"exports.example\")\n .runtime(\"go1.x\")\n .build());\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n var allowBucket1 = new Permission(\"allowBucket1\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromS3Bucket1\")\n .action(\"lambda:InvokeFunction\")\n .function(func1.arn())\n .principal(\"s3.amazonaws.com\")\n .sourceArn(bucket.arn())\n .build());\n\n var func2 = new Function(\"func2\", FunctionArgs.builder() \n .code(new FileArchive(\"your-function2.zip\"))\n .name(\"example_lambda_name2\")\n .role(iamForLambda.arn())\n .handler(\"exports.example\")\n .build());\n\n var allowBucket2 = new Permission(\"allowBucket2\", PermissionArgs.builder() \n .statementId(\"AllowExecutionFromS3Bucket2\")\n .action(\"lambda:InvokeFunction\")\n .function(func2.arn())\n .principal(\"s3.amazonaws.com\")\n .sourceArn(bucket.arn())\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .lambdaFunctions( \n BucketNotificationLambdaFunctionArgs.builder()\n .lambdaFunctionArn(func1.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"AWSLogs/\")\n .filterSuffix(\".log\")\n .build(),\n BucketNotificationLambdaFunctionArgs.builder()\n .lambdaFunctionArn(func2.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"OtherLogs/\")\n .filterSuffix(\".log\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n allowBucket1:\n type: aws:lambda:Permission\n name: allow_bucket1\n properties:\n statementId: AllowExecutionFromS3Bucket1\n action: lambda:InvokeFunction\n function: ${func1.arn}\n principal: s3.amazonaws.com\n sourceArn: ${bucket.arn}\n func1:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: your-function1.zip\n name: example_lambda_name1\n role: ${iamForLambda.arn}\n handler: exports.example\n runtime: go1.x\n allowBucket2:\n type: aws:lambda:Permission\n name: allow_bucket2\n properties:\n statementId: AllowExecutionFromS3Bucket2\n action: lambda:InvokeFunction\n function: ${func2.arn}\n principal: s3.amazonaws.com\n sourceArn: ${bucket.arn}\n func2:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: your-function2.zip\n name: example_lambda_name2\n role: ${iamForLambda.arn}\n handler: exports.example\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n lambdaFunctions:\n - lambdaFunctionArn: ${func1.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: AWSLogs/\n filterSuffix: .log\n - lambdaFunctionArn: ${func2.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: OtherLogs/\n filterSuffix: .log\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Add multiple notification configurations to SQS Queue\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst queue = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"sqs:SendMessage\"],\n resources: [\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [bucket.arn],\n }],\n }],\n});\nconst queueQueue = new aws.sqs.Queue(\"queue\", {\n name: \"s3-event-notification-queue\",\n policy: queue.apply(queue =\u003e queue.json),\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n queues: [\n {\n id: \"image-upload-event\",\n queueArn: queueQueue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"images/\",\n },\n {\n id: \"video-upload-event\",\n queueArn: queueQueue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"videos/\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nqueue = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"sqs:SendMessage\"],\n resources=[\"arn:aws:sqs:*:*:s3-event-notification-queue\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[bucket.arn],\n )],\n)])\nqueue_queue = aws.sqs.Queue(\"queue\",\n name=\"s3-event-notification-queue\",\n policy=queue.json)\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n queues=[\n aws.s3.BucketNotificationQueueArgs(\n id=\"image-upload-event\",\n queue_arn=queue_queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"images/\",\n ),\n aws.s3.BucketNotificationQueueArgs(\n id=\"video-upload-event\",\n queue_arn=queue_queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"videos/\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var queue = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"sqs:SendMessage\",\n },\n Resources = new[]\n {\n \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n bucket.Arn,\n },\n },\n },\n },\n },\n });\n\n var queueQueue = new Aws.Sqs.Queue(\"queue\", new()\n {\n Name = \"s3-event-notification-queue\",\n Policy = queue.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Queues = new[]\n {\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n Id = \"image-upload-event\",\n QueueArn = queueQueue.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"images/\",\n },\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n Id = \"video-upload-event\",\n QueueArn = queueQueue.Arn,\n Events = new[]\n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"videos/\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tqueue := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"*\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sqs:SendMessage\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"arn:aws:sqs:*:*:s3-event-notification-queue\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ArnEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tbucket.Arn,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tqueueQueue, err := sqs.NewQueue(ctx, \"queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"s3-event-notification-queue\"),\n\t\t\tPolicy: queue.ApplyT(func(queue iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026queue.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tQueues: s3.BucketNotificationQueueArray{\n\t\t\t\t\u0026s3.BucketNotificationQueueArgs{\n\t\t\t\t\tId: pulumi.String(\"image-upload-event\"),\n\t\t\t\t\tQueueArn: queueQueue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"images/\"),\n\t\t\t\t},\n\t\t\t\t\u0026s3.BucketNotificationQueueArgs{\n\t\t\t\t\tId: pulumi.String(\"video-upload-event\"),\n\t\t\t\t\tQueueArn: queueQueue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"videos/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport com.pulumi.aws.s3.inputs.BucketNotificationQueueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n final var queue = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"sqs:SendMessage\")\n .resources(\"arn:aws:sqs:*:*:s3-event-notification-queue\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(bucket.arn())\n .build())\n .build())\n .build());\n\n var queueQueue = new Queue(\"queueQueue\", QueueArgs.builder() \n .name(\"s3-event-notification-queue\")\n .policy(queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(queue -\u003e queue.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .queues( \n BucketNotificationQueueArgs.builder()\n .id(\"image-upload-event\")\n .queueArn(queueQueue.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"images/\")\n .build(),\n BucketNotificationQueueArgs.builder()\n .id(\"video-upload-event\")\n .queueArn(queueQueue.arn())\n .events(\"s3:ObjectCreated:*\")\n .filterPrefix(\"videos/\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n queueQueue:\n type: aws:sqs:Queue\n name: queue\n properties:\n name: s3-event-notification-queue\n policy: ${queue.json}\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n queues:\n - id: image-upload-event\n queueArn: ${queueQueue.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: images/\n - id: video-upload-event\n queueArn: ${queueQueue.arn}\n events:\n - s3:ObjectCreated:*\n filterPrefix: videos/\nvariables:\n queue:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - sqs:SendMessage\n resources:\n - arn:aws:sqs:*:*:s3-event-notification-queue\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - ${bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nFor JSON syntax, use an array instead of defining the `queue` key twice.\n\n```json\n{\n\t\"bucket\": \"${aws_s3_bucket.bucket.id}\",\n\t\"queue\": [\n\t\t{\n\t\t\t\"id\": \"image-upload-event\",\n\t\t\t\"queue_arn\": \"${aws_sqs_queue.queue.arn}\",\n\t\t\t\"events\": [\"s3:ObjectCreated:*\"],\n\t\t\t\"filter_prefix\": \"images/\"\n\t\t},\n\t\t{\n\t\t\t\"id\": \"video-upload-event\",\n\t\t\t\"queue_arn\": \"${aws_sqs_queue.queue.arn}\",\n\t\t\t\"events\": [\"s3:ObjectCreated:*\"],\n\t\t\t\"filter_prefix\": \"videos/\"\n\t\t}\n\t]\n}\n```\n\n### Emit events to EventBridge\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"your-bucket-name\"});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucket_notification\", {\n bucket: bucket.id,\n eventbridge: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"your-bucket-name\")\nbucket_notification = aws.s3.BucketNotification(\"bucket_notification\",\n bucket=bucket.id,\n eventbridge=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"your-bucket-name\",\n });\n\n var bucketNotification = new Aws.S3.BucketNotification(\"bucket_notification\", new()\n {\n Bucket = bucket.Id,\n Eventbridge = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"your-bucket-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucket_notification\", \u0026s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tEventbridge: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketNotification;\nimport com.pulumi.aws.s3.BucketNotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder() \n .bucket(\"your-bucket-name\")\n .build());\n\n var bucketNotification = new BucketNotification(\"bucketNotification\", BucketNotificationArgs.builder() \n .bucket(bucket.id())\n .eventbridge(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: your-bucket-name\n bucketNotification:\n type: aws:s3:BucketNotification\n name: bucket_notification\n properties:\n bucket: ${bucket.id}\n eventbridge: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import S3 bucket notification using the `bucket`. For example:\n\n```sh\n$ pulumi import aws:s3/bucketNotification:BucketNotification bucket_notification bucket-name\n```\n", "properties": { "bucket": { "type": "string", @@ -315244,7 +315244,7 @@ } }, "aws:s3/bucketReplicationConfig:BucketReplicationConfig": { - "description": "Provides an independent configuration resource for S3 bucket [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html).\n\n\u003e **NOTE:** S3 Buckets only support a single replication configuration. Declaring multiple `aws.s3.BucketReplicationConfig` resources to the same S3 Bucket will cause a perpetual difference in configuration.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n## Example Usage\n\n### Using replication configuration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"s3.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst replicationRole = new aws.iam.Role(\"replication\", {\n name: \"tf-iam-role-replication-12345\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst destination = new aws.s3.BucketV2(\"destination\", {bucket: \"tf-test-bucket-destination-12345\"});\nconst source = new aws.s3.BucketV2(\"source\", {bucket: \"tf-test-bucket-source-12345\"});\nconst replication = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources: [source.arn],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources: [pulumi.interpolate`${source.arn}/*`],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources: [pulumi.interpolate`${destination.arn}/*`],\n },\n ],\n});\nconst replicationPolicy = new aws.iam.Policy(\"replication\", {\n name: \"tf-iam-role-policy-replication-12345\",\n policy: replication.apply(replication =\u003e replication.json),\n});\nconst replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"replication\", {\n role: replicationRole.name,\n policyArn: replicationPolicy.arn,\n});\nconst destinationBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"destination\", {\n bucket: destination.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst sourceBucketAcl = new aws.s3.BucketAclV2(\"source_bucket_acl\", {\n bucket: source.id,\n acl: \"private\",\n});\nconst sourceBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"source\", {\n bucket: source.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst replicationBucketReplicationConfig = new aws.s3.BucketReplicationConfig(\"replication\", {\n role: replicationRole.arn,\n bucket: source.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: destination.arn,\n storageClass: \"STANDARD\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"s3.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nreplication_role = aws.iam.Role(\"replication\",\n name=\"tf-iam-role-replication-12345\",\n assume_role_policy=assume_role.json)\ndestination = aws.s3.BucketV2(\"destination\", bucket=\"tf-test-bucket-destination-12345\")\nsource = aws.s3.BucketV2(\"source\", bucket=\"tf-test-bucket-source-12345\")\nreplication = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources=[source.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources=[source.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources=[destination.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n])\nreplication_policy = aws.iam.Policy(\"replication\",\n name=\"tf-iam-role-policy-replication-12345\",\n policy=replication.json)\nreplication_role_policy_attachment = aws.iam.RolePolicyAttachment(\"replication\",\n role=replication_role.name,\n policy_arn=replication_policy.arn)\ndestination_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"destination\",\n bucket=destination.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nsource_bucket_acl = aws.s3.BucketAclV2(\"source_bucket_acl\",\n bucket=source.id,\n acl=\"private\")\nsource_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"source\",\n bucket=source.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nreplication_bucket_replication_config = aws.s3.BucketReplicationConfig(\"replication\",\n role=replication_role.arn,\n bucket=source.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=destination.arn,\n storage_class=\"STANDARD\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"s3.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var replicationRole = new Aws.Iam.Role(\"replication\", new()\n {\n Name = \"tf-iam-role-replication-12345\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var destination = new Aws.S3.BucketV2(\"destination\", new()\n {\n Bucket = \"tf-test-bucket-destination-12345\",\n });\n\n var source = new Aws.S3.BucketV2(\"source\", new()\n {\n Bucket = \"tf-test-bucket-source-12345\",\n });\n\n var replication = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n source.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n },\n Resources = new[]\n {\n $\"{source.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n },\n Resources = new[]\n {\n $\"{destination.Arn}/*\",\n },\n },\n },\n });\n\n var replicationPolicy = new Aws.Iam.Policy(\"replication\", new()\n {\n Name = \"tf-iam-role-policy-replication-12345\",\n PolicyDocument = replication.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"replication\", new()\n {\n Role = replicationRole.Name,\n PolicyArn = replicationPolicy.Arn,\n });\n\n var destinationBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"destination\", new()\n {\n Bucket = destination.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var sourceBucketAcl = new Aws.S3.BucketAclV2(\"source_bucket_acl\", new()\n {\n Bucket = source.Id,\n Acl = \"private\",\n });\n\n var sourceBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"source\", new()\n {\n Bucket = source.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var replicationBucketReplicationConfig = new Aws.S3.BucketReplicationConfig(\"replication\", new()\n {\n Role = replicationRole.Arn,\n Bucket = source.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = destination.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"s3.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationRole, err := iam.NewRole(ctx, \"replication\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-replication-12345\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := s3.NewBucketV2(ctx, \"destination\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-destination-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := s3.NewBucketV2(ctx, \"source\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-source-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplication := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetReplicationConfiguration\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsource.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionForReplication\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionAcl\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionTagging\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsource.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateDelete\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateTags\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tdestination.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\treplicationPolicy, err := iam.NewPolicy(ctx, \"replication\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-policy-replication-12345\"),\n\t\t\tPolicy: replication.ApplyT(func(replication iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026replication.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"replication\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: replicationRole.Name,\n\t\t\tPolicyArn: replicationPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"destination\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: destination.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"source_bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: source.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"source\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: source.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"replication\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: replicationRole.Arn,\n\t\t\tBucket: source.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: destination.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"s3.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var replicationRole = new Role(\"replicationRole\", RoleArgs.builder() \n .name(\"tf-iam-role-replication-12345\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var destination = new BucketV2(\"destination\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-destination-12345\")\n .build());\n\n var source = new BucketV2(\"source\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-source-12345\")\n .build());\n\n final var replication = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\")\n .resources(source.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\")\n .resources(source.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\")\n .resources(destination.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var replicationPolicy = new Policy(\"replicationPolicy\", PolicyArgs.builder() \n .name(\"tf-iam-role-policy-replication-12345\")\n .policy(replication.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(replication -\u003e replication.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var replicationRolePolicyAttachment = new RolePolicyAttachment(\"replicationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(replicationRole.name())\n .policyArn(replicationPolicy.arn())\n .build());\n\n var destinationBucketVersioningV2 = new BucketVersioningV2(\"destinationBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(destination.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var sourceBucketAcl = new BucketAclV2(\"sourceBucketAcl\", BucketAclV2Args.builder() \n .bucket(source.id())\n .acl(\"private\")\n .build());\n\n var sourceBucketVersioningV2 = new BucketVersioningV2(\"sourceBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(source.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var replicationBucketReplicationConfig = new BucketReplicationConfig(\"replicationBucketReplicationConfig\", BucketReplicationConfigArgs.builder() \n .role(replicationRole.arn())\n .bucket(source.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(destination.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n replicationRole:\n type: aws:iam:Role\n name: replication\n properties:\n name: tf-iam-role-replication-12345\n assumeRolePolicy: ${assumeRole.json}\n replicationPolicy:\n type: aws:iam:Policy\n name: replication\n properties:\n name: tf-iam-role-policy-replication-12345\n policy: ${replication.json}\n replicationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: replication\n properties:\n role: ${replicationRole.name}\n policyArn: ${replicationPolicy.arn}\n destination:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-destination-12345\n destinationBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: destination\n properties:\n bucket: ${destination.id}\n versioningConfiguration:\n status: Enabled\n source:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-source-12345\n sourceBucketAcl:\n type: aws:s3:BucketAclV2\n name: source_bucket_acl\n properties:\n bucket: ${source.id}\n acl: private\n sourceBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: source\n properties:\n bucket: ${source.id}\n versioningConfiguration:\n status: Enabled\n replicationBucketReplicationConfig:\n type: aws:s3:BucketReplicationConfig\n name: replication\n properties:\n role: ${replicationRole.arn}\n bucket: ${source.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${destination.arn}\n storageClass: STANDARD\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - s3.amazonaws.com\n actions:\n - sts:AssumeRole\n replication:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:GetReplicationConfiguration\n - s3:ListBucket\n resources:\n - ${source.arn}\n - effect: Allow\n actions:\n - s3:GetObjectVersionForReplication\n - s3:GetObjectVersionAcl\n - s3:GetObjectVersionTagging\n resources:\n - ${source.arn}/*\n - effect: Allow\n actions:\n - s3:ReplicateObject\n - s3:ReplicateDelete\n - s3:ReplicateTags\n resources:\n - ${destination.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Bi-Directional Replication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst east = new aws.s3.BucketV2(\"east\", {bucket: \"tf-test-bucket-east-12345\"});\nconst eastBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"east\", {\n bucket: east.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst west = new aws.s3.BucketV2(\"west\", {bucket: \"tf-test-bucket-west-12345\"});\nconst westBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"west\", {\n bucket: west.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst eastToWest = new aws.s3.BucketReplicationConfig(\"east_to_west\", {\n role: eastReplication.arn,\n bucket: east.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: west.arn,\n storageClass: \"STANDARD\",\n },\n }],\n});\nconst westToEast = new aws.s3.BucketReplicationConfig(\"west_to_east\", {\n role: westReplication.arn,\n bucket: west.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: east.arn,\n storageClass: \"STANDARD\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\neast = aws.s3.BucketV2(\"east\", bucket=\"tf-test-bucket-east-12345\")\neast_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"east\",\n bucket=east.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nwest = aws.s3.BucketV2(\"west\", bucket=\"tf-test-bucket-west-12345\")\nwest_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"west\",\n bucket=west.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\neast_to_west = aws.s3.BucketReplicationConfig(\"east_to_west\",\n role=east_replication[\"arn\"],\n bucket=east.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=west.arn,\n storage_class=\"STANDARD\",\n ),\n )])\nwest_to_east = aws.s3.BucketReplicationConfig(\"west_to_east\",\n role=west_replication[\"arn\"],\n bucket=west.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=east.arn,\n storage_class=\"STANDARD\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var east = new Aws.S3.BucketV2(\"east\", new()\n {\n Bucket = \"tf-test-bucket-east-12345\",\n });\n\n var eastBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"east\", new()\n {\n Bucket = east.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var west = new Aws.S3.BucketV2(\"west\", new()\n {\n Bucket = \"tf-test-bucket-west-12345\",\n });\n\n var westBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"west\", new()\n {\n Bucket = west.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var eastToWest = new Aws.S3.BucketReplicationConfig(\"east_to_west\", new()\n {\n Role = eastReplication.Arn,\n Bucket = east.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = west.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n });\n\n var westToEast = new Aws.S3.BucketReplicationConfig(\"west_to_east\", new()\n {\n Role = westReplication.Arn,\n Bucket = west.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = east.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\teast, err := s3.NewBucketV2(ctx, \"east\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-east-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"east\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: east.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twest, err := s3.NewBucketV2(ctx, \"west\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-west-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"west\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: west.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"east_to_west\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(eastReplication.Arn),\n\t\t\tBucket: east.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: west.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"west_to_east\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(westReplication.Arn),\n\t\t\tBucket: west.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: east.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var east = new BucketV2(\"east\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-east-12345\")\n .build());\n\n var eastBucketVersioningV2 = new BucketVersioningV2(\"eastBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(east.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var west = new BucketV2(\"west\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-west-12345\")\n .build());\n\n var westBucketVersioningV2 = new BucketVersioningV2(\"westBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(west.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var eastToWest = new BucketReplicationConfig(\"eastToWest\", BucketReplicationConfigArgs.builder() \n .role(eastReplication.arn())\n .bucket(east.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(west.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build());\n\n var westToEast = new BucketReplicationConfig(\"westToEast\", BucketReplicationConfigArgs.builder() \n .role(westReplication.arn())\n .bucket(west.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(east.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ... other configuration ...\n east:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-east-12345\n eastBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: east\n properties:\n bucket: ${east.id}\n versioningConfiguration:\n status: Enabled\n west:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-west-12345\n westBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: west\n properties:\n bucket: ${west.id}\n versioningConfiguration:\n status: Enabled\n eastToWest:\n type: aws:s3:BucketReplicationConfig\n name: east_to_west\n properties:\n role: ${eastReplication.arn}\n bucket: ${east.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${west.arn}\n storageClass: STANDARD\n westToEast:\n type: aws:s3:BucketReplicationConfig\n name: west_to_east\n properties:\n role: ${westReplication.arn}\n bucket: ${west.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${east.arn}\n storageClass: STANDARD\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import S3 bucket replication configuration using the `bucket`. For example:\n\n```sh\n$ pulumi import aws:s3/bucketReplicationConfig:BucketReplicationConfig replication bucket-name\n```\n", + "description": "Provides an independent configuration resource for S3 bucket [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html).\n\n\u003e **NOTE:** S3 Buckets only support a single replication configuration. Declaring multiple `aws.s3.BucketReplicationConfig` resources to the same S3 Bucket will cause a perpetual difference in configuration.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n## Example Usage\n\n### Using replication configuration\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"s3.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst replicationRole = new aws.iam.Role(\"replication\", {\n name: \"tf-iam-role-replication-12345\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst destination = new aws.s3.BucketV2(\"destination\", {bucket: \"tf-test-bucket-destination-12345\"});\nconst source = new aws.s3.BucketV2(\"source\", {bucket: \"tf-test-bucket-source-12345\"});\nconst replication = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources: [source.arn],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources: [pulumi.interpolate`${source.arn}/*`],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources: [pulumi.interpolate`${destination.arn}/*`],\n },\n ],\n});\nconst replicationPolicy = new aws.iam.Policy(\"replication\", {\n name: \"tf-iam-role-policy-replication-12345\",\n policy: replication.apply(replication =\u003e replication.json),\n});\nconst replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"replication\", {\n role: replicationRole.name,\n policyArn: replicationPolicy.arn,\n});\nconst destinationBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"destination\", {\n bucket: destination.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst sourceBucketAcl = new aws.s3.BucketAclV2(\"source_bucket_acl\", {\n bucket: source.id,\n acl: \"private\",\n});\nconst sourceBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"source\", {\n bucket: source.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst replicationBucketReplicationConfig = new aws.s3.BucketReplicationConfig(\"replication\", {\n role: replicationRole.arn,\n bucket: source.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: destination.arn,\n storageClass: \"STANDARD\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"s3.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nreplication_role = aws.iam.Role(\"replication\",\n name=\"tf-iam-role-replication-12345\",\n assume_role_policy=assume_role.json)\ndestination = aws.s3.BucketV2(\"destination\", bucket=\"tf-test-bucket-destination-12345\")\nsource = aws.s3.BucketV2(\"source\", bucket=\"tf-test-bucket-source-12345\")\nreplication = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources=[source.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources=[source.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources=[destination.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n])\nreplication_policy = aws.iam.Policy(\"replication\",\n name=\"tf-iam-role-policy-replication-12345\",\n policy=replication.json)\nreplication_role_policy_attachment = aws.iam.RolePolicyAttachment(\"replication\",\n role=replication_role.name,\n policy_arn=replication_policy.arn)\ndestination_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"destination\",\n bucket=destination.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nsource_bucket_acl = aws.s3.BucketAclV2(\"source_bucket_acl\",\n bucket=source.id,\n acl=\"private\")\nsource_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"source\",\n bucket=source.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nreplication_bucket_replication_config = aws.s3.BucketReplicationConfig(\"replication\",\n role=replication_role.arn,\n bucket=source.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=destination.arn,\n storage_class=\"STANDARD\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"s3.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var replicationRole = new Aws.Iam.Role(\"replication\", new()\n {\n Name = \"tf-iam-role-replication-12345\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var destination = new Aws.S3.BucketV2(\"destination\", new()\n {\n Bucket = \"tf-test-bucket-destination-12345\",\n });\n\n var source = new Aws.S3.BucketV2(\"source\", new()\n {\n Bucket = \"tf-test-bucket-source-12345\",\n });\n\n var replication = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n source.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n },\n Resources = new[]\n {\n $\"{source.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n },\n Resources = new[]\n {\n $\"{destination.Arn}/*\",\n },\n },\n },\n });\n\n var replicationPolicy = new Aws.Iam.Policy(\"replication\", new()\n {\n Name = \"tf-iam-role-policy-replication-12345\",\n PolicyDocument = replication.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"replication\", new()\n {\n Role = replicationRole.Name,\n PolicyArn = replicationPolicy.Arn,\n });\n\n var destinationBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"destination\", new()\n {\n Bucket = destination.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var sourceBucketAcl = new Aws.S3.BucketAclV2(\"source_bucket_acl\", new()\n {\n Bucket = source.Id,\n Acl = \"private\",\n });\n\n var sourceBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"source\", new()\n {\n Bucket = source.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var replicationBucketReplicationConfig = new Aws.S3.BucketReplicationConfig(\"replication\", new()\n {\n Role = replicationRole.Arn,\n Bucket = source.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = destination.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"s3.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationRole, err := iam.NewRole(ctx, \"replication\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-replication-12345\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := s3.NewBucketV2(ctx, \"destination\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-destination-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := s3.NewBucketV2(ctx, \"source\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-source-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplication := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetReplicationConfiguration\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsource.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionForReplication\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionAcl\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionTagging\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsource.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateDelete\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateTags\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tdestination.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\treplicationPolicy, err := iam.NewPolicy(ctx, \"replication\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"tf-iam-role-policy-replication-12345\"),\n\t\t\tPolicy: replication.ApplyT(func(replication iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026replication.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"replication\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: replicationRole.Name,\n\t\t\tPolicyArn: replicationPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"destination\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: destination.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"source_bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: source.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"source\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: source.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"replication\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: replicationRole.Arn,\n\t\t\tBucket: source.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: destination.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"s3.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var replicationRole = new Role(\"replicationRole\", RoleArgs.builder() \n .name(\"tf-iam-role-replication-12345\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var destination = new BucketV2(\"destination\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-destination-12345\")\n .build());\n\n var source = new BucketV2(\"source\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-source-12345\")\n .build());\n\n final var replication = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\")\n .resources(source.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\")\n .resources(source.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\")\n .resources(destination.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var replicationPolicy = new Policy(\"replicationPolicy\", PolicyArgs.builder() \n .name(\"tf-iam-role-policy-replication-12345\")\n .policy(replication.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(replication -\u003e replication.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var replicationRolePolicyAttachment = new RolePolicyAttachment(\"replicationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(replicationRole.name())\n .policyArn(replicationPolicy.arn())\n .build());\n\n var destinationBucketVersioningV2 = new BucketVersioningV2(\"destinationBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(destination.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var sourceBucketAcl = new BucketAclV2(\"sourceBucketAcl\", BucketAclV2Args.builder() \n .bucket(source.id())\n .acl(\"private\")\n .build());\n\n var sourceBucketVersioningV2 = new BucketVersioningV2(\"sourceBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(source.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var replicationBucketReplicationConfig = new BucketReplicationConfig(\"replicationBucketReplicationConfig\", BucketReplicationConfigArgs.builder() \n .role(replicationRole.arn())\n .bucket(source.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(destination.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n replicationRole:\n type: aws:iam:Role\n name: replication\n properties:\n name: tf-iam-role-replication-12345\n assumeRolePolicy: ${assumeRole.json}\n replicationPolicy:\n type: aws:iam:Policy\n name: replication\n properties:\n name: tf-iam-role-policy-replication-12345\n policy: ${replication.json}\n replicationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n name: replication\n properties:\n role: ${replicationRole.name}\n policyArn: ${replicationPolicy.arn}\n destination:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-destination-12345\n destinationBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: destination\n properties:\n bucket: ${destination.id}\n versioningConfiguration:\n status: Enabled\n source:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-source-12345\n sourceBucketAcl:\n type: aws:s3:BucketAclV2\n name: source_bucket_acl\n properties:\n bucket: ${source.id}\n acl: private\n sourceBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: source\n properties:\n bucket: ${source.id}\n versioningConfiguration:\n status: Enabled\n replicationBucketReplicationConfig:\n type: aws:s3:BucketReplicationConfig\n name: replication\n properties:\n role: ${replicationRole.arn}\n bucket: ${source.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${destination.arn}\n storageClass: STANDARD\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - s3.amazonaws.com\n actions:\n - sts:AssumeRole\n replication:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:GetReplicationConfiguration\n - s3:ListBucket\n resources:\n - ${source.arn}\n - effect: Allow\n actions:\n - s3:GetObjectVersionForReplication\n - s3:GetObjectVersionAcl\n - s3:GetObjectVersionTagging\n resources:\n - ${source.arn}/*\n - effect: Allow\n actions:\n - s3:ReplicateObject\n - s3:ReplicateDelete\n - s3:ReplicateTags\n resources:\n - ${destination.arn}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Bi-Directional Replication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst east = new aws.s3.BucketV2(\"east\", {bucket: \"tf-test-bucket-east-12345\"});\nconst eastBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"east\", {\n bucket: east.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst west = new aws.s3.BucketV2(\"west\", {bucket: \"tf-test-bucket-west-12345\"});\nconst westBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"west\", {\n bucket: west.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst eastToWest = new aws.s3.BucketReplicationConfig(\"east_to_west\", {\n role: eastReplication.arn,\n bucket: east.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: west.arn,\n storageClass: \"STANDARD\",\n },\n }],\n});\nconst westToEast = new aws.s3.BucketReplicationConfig(\"west_to_east\", {\n role: westReplication.arn,\n bucket: west.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: east.arn,\n storageClass: \"STANDARD\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\neast = aws.s3.BucketV2(\"east\", bucket=\"tf-test-bucket-east-12345\")\neast_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"east\",\n bucket=east.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nwest = aws.s3.BucketV2(\"west\", bucket=\"tf-test-bucket-west-12345\")\nwest_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"west\",\n bucket=west.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\neast_to_west = aws.s3.BucketReplicationConfig(\"east_to_west\",\n role=east_replication[\"arn\"],\n bucket=east.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=west.arn,\n storage_class=\"STANDARD\",\n ),\n )])\nwest_to_east = aws.s3.BucketReplicationConfig(\"west_to_east\",\n role=west_replication[\"arn\"],\n bucket=west.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=east.arn,\n storage_class=\"STANDARD\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var east = new Aws.S3.BucketV2(\"east\", new()\n {\n Bucket = \"tf-test-bucket-east-12345\",\n });\n\n var eastBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"east\", new()\n {\n Bucket = east.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var west = new Aws.S3.BucketV2(\"west\", new()\n {\n Bucket = \"tf-test-bucket-west-12345\",\n });\n\n var westBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"west\", new()\n {\n Bucket = west.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var eastToWest = new Aws.S3.BucketReplicationConfig(\"east_to_west\", new()\n {\n Role = eastReplication.Arn,\n Bucket = east.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = west.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n });\n\n var westToEast = new Aws.S3.BucketReplicationConfig(\"west_to_east\", new()\n {\n Role = westReplication.Arn,\n Bucket = west.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = east.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\teast, err := s3.NewBucketV2(ctx, \"east\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-east-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"east\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: east.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twest, err := s3.NewBucketV2(ctx, \"west\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-west-12345\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"west\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: west.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"east_to_west\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(eastReplication.Arn),\n\t\t\tBucket: east.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: west.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"west_to_east\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(westReplication.Arn),\n\t\t\tBucket: west.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: east.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var east = new BucketV2(\"east\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-east-12345\")\n .build());\n\n var eastBucketVersioningV2 = new BucketVersioningV2(\"eastBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(east.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var west = new BucketV2(\"west\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-west-12345\")\n .build());\n\n var westBucketVersioningV2 = new BucketVersioningV2(\"westBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(west.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var eastToWest = new BucketReplicationConfig(\"eastToWest\", BucketReplicationConfigArgs.builder() \n .role(eastReplication.arn())\n .bucket(east.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(west.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build());\n\n var westToEast = new BucketReplicationConfig(\"westToEast\", BucketReplicationConfigArgs.builder() \n .role(westReplication.arn())\n .bucket(west.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(east.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ... other configuration ...\n east:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-east-12345\n eastBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: east\n properties:\n bucket: ${east.id}\n versioningConfiguration:\n status: Enabled\n west:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket-west-12345\n westBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n name: west\n properties:\n bucket: ${west.id}\n versioningConfiguration:\n status: Enabled\n eastToWest:\n type: aws:s3:BucketReplicationConfig\n name: east_to_west\n properties:\n role: ${eastReplication.arn}\n bucket: ${east.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${west.arn}\n storageClass: STANDARD\n westToEast:\n type: aws:s3:BucketReplicationConfig\n name: west_to_east\n properties:\n role: ${westReplication.arn}\n bucket: ${west.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${east.arn}\n storageClass: STANDARD\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import S3 bucket replication configuration using the `bucket`. For example:\n\n```sh\n$ pulumi import aws:s3/bucketReplicationConfig:BucketReplicationConfig replication bucket-name\n```\n", "properties": { "bucket": { "type": "string", @@ -318019,7 +318019,7 @@ } }, "aws:s3control/storageLensConfiguration:StorageLensConfiguration": { - "description": "Provides a resource to manage an S3 Storage Lens configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = new aws.s3control.StorageLensConfiguration(\"example\", {\n configId: \"example-1\",\n storageLensConfiguration: {\n enabled: true,\n accountLevel: {\n activityMetrics: {\n enabled: true,\n },\n bucketLevel: {\n activityMetrics: {\n enabled: true,\n },\n },\n },\n dataExport: {\n cloudWatchMetrics: {\n enabled: true,\n },\n s3BucketDestination: {\n accountId: current.then(current =\u003e current.accountId),\n arn: target.arn,\n format: \"CSV\",\n outputSchemaVersion: \"V_1\",\n encryption: {\n sseS3s: [{}],\n },\n },\n },\n exclude: {\n buckets: [\n b1.arn,\n b2.arn,\n ],\n regions: [\"us-east-2\"],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.s3control.StorageLensConfiguration(\"example\",\n config_id=\"example-1\",\n storage_lens_configuration=aws.s3control.StorageLensConfigurationStorageLensConfigurationArgs(\n enabled=True,\n account_level=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs(\n activity_metrics=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs(\n enabled=True,\n ),\n bucket_level=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs(\n activity_metrics=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs(\n enabled=True,\n ),\n ),\n ),\n data_export=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportArgs(\n cloud_watch_metrics=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs(\n enabled=True,\n ),\n s3_bucket_destination=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs(\n account_id=current.account_id,\n arn=target[\"arn\"],\n format=\"CSV\",\n output_schema_version=\"V_1\",\n encryption=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs(\n sse_s3s=[aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseS3Args()],\n ),\n ),\n ),\n exclude=aws.s3control.StorageLensConfigurationStorageLensConfigurationExcludeArgs(\n buckets=[\n b1[\"arn\"],\n b2[\"arn\"],\n ],\n regions=[\"us-east-2\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.S3Control.StorageLensConfiguration(\"example\", new()\n {\n ConfigId = \"example-1\",\n StorageLensConfigurationDetail = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationArgs\n {\n Enabled = true,\n AccountLevel = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs\n {\n ActivityMetrics = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs\n {\n Enabled = true,\n },\n BucketLevel = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs\n {\n ActivityMetrics = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs\n {\n Enabled = true,\n },\n },\n },\n DataExport = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportArgs\n {\n CloudWatchMetrics = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs\n {\n Enabled = true,\n },\n S3BucketDestination = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs\n {\n AccountId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Arn = target.Arn,\n Format = \"CSV\",\n OutputSchemaVersion = \"V_1\",\n Encryption = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs\n {\n SseS3s = new[]\n {\n null,\n },\n },\n },\n },\n Exclude = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationExcludeArgs\n {\n Buckets = new[]\n {\n b1.Arn,\n b2.Arn,\n },\n Regions = new[]\n {\n \"us-east-2\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3control\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3control.NewStorageLensConfiguration(ctx, \"example\", \u0026s3control.StorageLensConfigurationArgs{\n\t\t\tConfigId: pulumi.String(\"example-1\"),\n\t\t\tStorageLensConfiguration: \u0026s3control.StorageLensConfigurationStorageLensConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tAccountLevel: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs{\n\t\t\t\t\tActivityMetrics: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tBucketLevel: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs{\n\t\t\t\t\t\tActivityMetrics: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tDataExport: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportArgs{\n\t\t\t\t\tCloudWatchMetrics: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tS3BucketDestination: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs{\n\t\t\t\t\t\tAccountId: *pulumi.String(current.AccountId),\n\t\t\t\t\t\tArn: pulumi.Any(target.Arn),\n\t\t\t\t\t\tFormat: pulumi.String(\"CSV\"),\n\t\t\t\t\t\tOutputSchemaVersion: pulumi.String(\"V_1\"),\n\t\t\t\t\t\tEncryption: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs{\n\t\t\t\t\t\t\tSseS3s: s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseS3Array{\n\t\t\t\t\t\t\t\tnil,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tExclude: \u0026s3control.StorageLensConfigurationStorageLensConfigurationExcludeArgs{\n\t\t\t\t\tBuckets: pulumi.StringArray{\n\t\t\t\t\t\tb1.Arn,\n\t\t\t\t\t\tb2.Arn,\n\t\t\t\t\t},\n\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"us-east-2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.s3control.StorageLensConfiguration;\nimport com.pulumi.aws.s3control.StorageLensConfigurationArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationExcludeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var example = new StorageLensConfiguration(\"example\", StorageLensConfigurationArgs.builder() \n .configId(\"example-1\")\n .storageLensConfiguration(StorageLensConfigurationStorageLensConfigurationArgs.builder()\n .enabled(true)\n .accountLevel(StorageLensConfigurationStorageLensConfigurationAccountLevelArgs.builder()\n .activityMetrics(StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs.builder()\n .enabled(true)\n .build())\n .bucketLevel(StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs.builder()\n .activityMetrics(StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs.builder()\n .enabled(true)\n .build())\n .build())\n .build())\n .dataExport(StorageLensConfigurationStorageLensConfigurationDataExportArgs.builder()\n .cloudWatchMetrics(StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs.builder()\n .enabled(true)\n .build())\n .s3BucketDestination(StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs.builder()\n .accountId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .arn(target.arn())\n .format(\"CSV\")\n .outputSchemaVersion(\"V_1\")\n .encryption(StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs.builder()\n .sseS3s()\n .build())\n .build())\n .build())\n .exclude(StorageLensConfigurationStorageLensConfigurationExcludeArgs.builder()\n .buckets( \n b1.arn(),\n b2.arn())\n .regions(\"us-east-2\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3control:StorageLensConfiguration\n properties:\n configId: example-1\n storageLensConfiguration:\n enabled: true\n accountLevel:\n activityMetrics:\n enabled: true\n bucketLevel:\n activityMetrics:\n enabled: true\n dataExport:\n cloudWatchMetrics:\n enabled: true\n s3BucketDestination:\n accountId: ${current.accountId}\n arn: ${target.arn}\n format: CSV\n outputSchemaVersion: V_1\n encryption:\n sseS3s:\n - {}\n exclude:\n buckets:\n - ${b1.arn}\n - ${b2.arn}\n regions:\n - us-east-2\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import S3 Storage Lens configurations using the `account_id` and `config_id`, separated by a colon (`:`). For example:\n\n```sh\n$ pulumi import aws:s3control/storageLensConfiguration:StorageLensConfiguration example 123456789012:example-1\n```\n", + "description": "Provides a resource to manage an S3 Storage Lens configuration.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = new aws.s3control.StorageLensConfiguration(\"example\", {\n configId: \"example-1\",\n storageLensConfiguration: {\n enabled: true,\n accountLevel: {\n activityMetrics: {\n enabled: true,\n },\n bucketLevel: {\n activityMetrics: {\n enabled: true,\n },\n },\n },\n dataExport: {\n cloudWatchMetrics: {\n enabled: true,\n },\n s3BucketDestination: {\n accountId: current.then(current =\u003e current.accountId),\n arn: target.arn,\n format: \"CSV\",\n outputSchemaVersion: \"V_1\",\n encryption: {\n sseS3s: [{}],\n },\n },\n },\n exclude: {\n buckets: [\n b1.arn,\n b2.arn,\n ],\n regions: [\"us-east-2\"],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.s3control.StorageLensConfiguration(\"example\",\n config_id=\"example-1\",\n storage_lens_configuration=aws.s3control.StorageLensConfigurationStorageLensConfigurationArgs(\n enabled=True,\n account_level=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs(\n activity_metrics=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs(\n enabled=True,\n ),\n bucket_level=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs(\n activity_metrics=aws.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs(\n enabled=True,\n ),\n ),\n ),\n data_export=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportArgs(\n cloud_watch_metrics=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs(\n enabled=True,\n ),\n s3_bucket_destination=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs(\n account_id=current.account_id,\n arn=target[\"arn\"],\n format=\"CSV\",\n output_schema_version=\"V_1\",\n encryption=aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs(\n sse_s3s=[aws.s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseS3Args()],\n ),\n ),\n ),\n exclude=aws.s3control.StorageLensConfigurationStorageLensConfigurationExcludeArgs(\n buckets=[\n b1[\"arn\"],\n b2[\"arn\"],\n ],\n regions=[\"us-east-2\"],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.S3Control.StorageLensConfiguration(\"example\", new()\n {\n ConfigId = \"example-1\",\n StorageLensConfigurationDetail = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationArgs\n {\n Enabled = true,\n AccountLevel = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs\n {\n ActivityMetrics = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs\n {\n Enabled = true,\n },\n BucketLevel = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs\n {\n ActivityMetrics = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs\n {\n Enabled = true,\n },\n },\n },\n DataExport = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportArgs\n {\n CloudWatchMetrics = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs\n {\n Enabled = true,\n },\n S3BucketDestination = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs\n {\n AccountId = current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Arn = target.Arn,\n Format = \"CSV\",\n OutputSchemaVersion = \"V_1\",\n Encryption = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs\n {\n SseS3s = new[]\n {\n null,\n },\n },\n },\n },\n Exclude = new Aws.S3Control.Inputs.StorageLensConfigurationStorageLensConfigurationExcludeArgs\n {\n Buckets = new[]\n {\n b1.Arn,\n b2.Arn,\n },\n Regions = new[]\n {\n \"us-east-2\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3control\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3control.NewStorageLensConfiguration(ctx, \"example\", \u0026s3control.StorageLensConfigurationArgs{\n\t\t\tConfigId: pulumi.String(\"example-1\"),\n\t\t\tStorageLensConfiguration: \u0026s3control.StorageLensConfigurationStorageLensConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tAccountLevel: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs{\n\t\t\t\t\tActivityMetrics: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tBucketLevel: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs{\n\t\t\t\t\t\tActivityMetrics: \u0026s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tDataExport: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportArgs{\n\t\t\t\t\tCloudWatchMetrics: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tS3BucketDestination: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs{\n\t\t\t\t\t\tAccountId: pulumi.String(current.AccountId),\n\t\t\t\t\t\tArn: pulumi.Any(target.Arn),\n\t\t\t\t\t\tFormat: pulumi.String(\"CSV\"),\n\t\t\t\t\t\tOutputSchemaVersion: pulumi.String(\"V_1\"),\n\t\t\t\t\t\tEncryption: \u0026s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs{\n\t\t\t\t\t\t\tSseS3s: s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseS3Array{\n\t\t\t\t\t\t\t\tnil,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tExclude: \u0026s3control.StorageLensConfigurationStorageLensConfigurationExcludeArgs{\n\t\t\t\t\tBuckets: pulumi.StringArray{\n\t\t\t\t\t\tb1.Arn,\n\t\t\t\t\t\tb2.Arn,\n\t\t\t\t\t},\n\t\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"us-east-2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.s3control.StorageLensConfiguration;\nimport com.pulumi.aws.s3control.StorageLensConfigurationArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs;\nimport com.pulumi.aws.s3control.inputs.StorageLensConfigurationStorageLensConfigurationExcludeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n var example = new StorageLensConfiguration(\"example\", StorageLensConfigurationArgs.builder() \n .configId(\"example-1\")\n .storageLensConfiguration(StorageLensConfigurationStorageLensConfigurationArgs.builder()\n .enabled(true)\n .accountLevel(StorageLensConfigurationStorageLensConfigurationAccountLevelArgs.builder()\n .activityMetrics(StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetricsArgs.builder()\n .enabled(true)\n .build())\n .bucketLevel(StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelArgs.builder()\n .activityMetrics(StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetricsArgs.builder()\n .enabled(true)\n .build())\n .build())\n .build())\n .dataExport(StorageLensConfigurationStorageLensConfigurationDataExportArgs.builder()\n .cloudWatchMetrics(StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetricsArgs.builder()\n .enabled(true)\n .build())\n .s3BucketDestination(StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs.builder()\n .accountId(current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .arn(target.arn())\n .format(\"CSV\")\n .outputSchemaVersion(\"V_1\")\n .encryption(StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionArgs.builder()\n .sseS3s()\n .build())\n .build())\n .build())\n .exclude(StorageLensConfigurationStorageLensConfigurationExcludeArgs.builder()\n .buckets( \n b1.arn(),\n b2.arn())\n .regions(\"us-east-2\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3control:StorageLensConfiguration\n properties:\n configId: example-1\n storageLensConfiguration:\n enabled: true\n accountLevel:\n activityMetrics:\n enabled: true\n bucketLevel:\n activityMetrics:\n enabled: true\n dataExport:\n cloudWatchMetrics:\n enabled: true\n s3BucketDestination:\n accountId: ${current.accountId}\n arn: ${target.arn}\n format: CSV\n outputSchemaVersion: V_1\n encryption:\n sseS3s:\n - {}\n exclude:\n buckets:\n - ${b1.arn}\n - ${b2.arn}\n regions:\n - us-east-2\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import S3 Storage Lens configurations using the `account_id` and `config_id`, separated by a colon (`:`). For example:\n\n```sh\n$ pulumi import aws:s3control/storageLensConfiguration:StorageLensConfiguration example 123456789012:example-1\n```\n", "properties": { "accountId": { "type": "string", @@ -319046,7 +319046,7 @@ } }, "aws:sagemaker/domain:Domain": { - "description": "Provides a SageMaker Domain resource.\n\n## Example Usage\n\n### Basic usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"sagemaker.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n path: \"/\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.sagemaker.Domain(\"example\", {\n domainName: \"example\",\n authMode: \"IAM\",\n vpcId: exampleAwsVpc.id,\n subnetIds: [exampleAwsSubnet.id],\n defaultUserSettings: {\n executionRole: exampleRole.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"sagemaker.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n path=\"/\",\n assume_role_policy=example.json)\nexample_domain = aws.sagemaker.Domain(\"example\",\n domain_name=\"example\",\n auth_mode=\"IAM\",\n vpc_id=example_aws_vpc[\"id\"],\n subnet_ids=[example_aws_subnet[\"id\"]],\n default_user_settings=aws.sagemaker.DomainDefaultUserSettingsArgs(\n execution_role=example_role.arn,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"sagemaker.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n Path = \"/\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.Sagemaker.Domain(\"example\", new()\n {\n DomainName = \"example\",\n AuthMode = \"IAM\",\n VpcId = exampleAwsVpc.Id,\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n DefaultUserSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsArgs\n {\n ExecutionRole = exampleRole.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"sagemaker.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewDomain(ctx, \"example\", \u0026sagemaker.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tAuthMode: pulumi.String(\"IAM\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleAwsSubnet.Id,\n\t\t\t},\n\t\t\tDefaultUserSettings: \u0026sagemaker.DomainDefaultUserSettingsArgs{\n\t\t\t\tExecutionRole: exampleRole.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.sagemaker.Domain;\nimport com.pulumi.aws.sagemaker.DomainArgs;\nimport com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"sagemaker.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .path(\"/\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(\"example\")\n .authMode(\"IAM\")\n .vpcId(exampleAwsVpc.id())\n .subnetIds(exampleAwsSubnet.id())\n .defaultUserSettings(DomainDefaultUserSettingsArgs.builder()\n .executionRole(exampleRole.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomain:\n type: aws:sagemaker:Domain\n name: example\n properties:\n domainName: example\n authMode: IAM\n vpcId: ${exampleAwsVpc.id}\n subnetIds:\n - ${exampleAwsSubnet.id}\n defaultUserSettings:\n executionRole: ${exampleRole.arn}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n path: /\n assumeRolePolicy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - sagemaker.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using Custom Images\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.Image(\"example\", {\n imageName: \"example\",\n roleArn: exampleAwsIamRole.arn,\n});\nconst exampleAppImageConfig = new aws.sagemaker.AppImageConfig(\"example\", {\n appImageConfigName: \"example\",\n kernelGatewayImageConfig: {\n kernelSpec: {\n name: \"example\",\n },\n },\n});\nconst exampleImageVersion = new aws.sagemaker.ImageVersion(\"example\", {\n imageName: example.id,\n baseImage: \"base-image\",\n});\nconst exampleDomain = new aws.sagemaker.Domain(\"example\", {\n domainName: \"example\",\n authMode: \"IAM\",\n vpcId: exampleAwsVpc.id,\n subnetIds: [exampleAwsSubnet.id],\n defaultUserSettings: {\n executionRole: exampleAwsIamRole.arn,\n kernelGatewayAppSettings: {\n customImages: [{\n appImageConfigName: exampleAppImageConfig.appImageConfigName,\n imageName: exampleImageVersion.imageName,\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.Image(\"example\",\n image_name=\"example\",\n role_arn=example_aws_iam_role[\"arn\"])\nexample_app_image_config = aws.sagemaker.AppImageConfig(\"example\",\n app_image_config_name=\"example\",\n kernel_gateway_image_config=aws.sagemaker.AppImageConfigKernelGatewayImageConfigArgs(\n kernel_spec=aws.sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs(\n name=\"example\",\n ),\n ))\nexample_image_version = aws.sagemaker.ImageVersion(\"example\",\n image_name=example.id,\n base_image=\"base-image\")\nexample_domain = aws.sagemaker.Domain(\"example\",\n domain_name=\"example\",\n auth_mode=\"IAM\",\n vpc_id=example_aws_vpc[\"id\"],\n subnet_ids=[example_aws_subnet[\"id\"]],\n default_user_settings=aws.sagemaker.DomainDefaultUserSettingsArgs(\n execution_role=example_aws_iam_role[\"arn\"],\n kernel_gateway_app_settings=aws.sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs(\n custom_images=[aws.sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs(\n app_image_config_name=example_app_image_config.app_image_config_name,\n image_name=example_image_version.image_name,\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Sagemaker.Image(\"example\", new()\n {\n ImageName = \"example\",\n RoleArn = exampleAwsIamRole.Arn,\n });\n\n var exampleAppImageConfig = new Aws.Sagemaker.AppImageConfig(\"example\", new()\n {\n AppImageConfigName = \"example\",\n KernelGatewayImageConfig = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigArgs\n {\n KernelSpec = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigKernelSpecArgs\n {\n Name = \"example\",\n },\n },\n });\n\n var exampleImageVersion = new Aws.Sagemaker.ImageVersion(\"example\", new()\n {\n ImageName = example.Id,\n BaseImage = \"base-image\",\n });\n\n var exampleDomain = new Aws.Sagemaker.Domain(\"example\", new()\n {\n DomainName = \"example\",\n AuthMode = \"IAM\",\n VpcId = exampleAwsVpc.Id,\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n DefaultUserSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsArgs\n {\n ExecutionRole = exampleAwsIamRole.Arn,\n KernelGatewayAppSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs\n {\n CustomImages = new[]\n {\n new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs\n {\n AppImageConfigName = exampleAppImageConfig.AppImageConfigName,\n ImageName = exampleImageVersion.ImageName,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sagemaker.NewImage(ctx, \"example\", \u0026sagemaker.ImageArgs{\n\t\t\tImageName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAppImageConfig, err := sagemaker.NewAppImageConfig(ctx, \"example\", \u0026sagemaker.AppImageConfigArgs{\n\t\t\tAppImageConfigName: pulumi.String(\"example\"),\n\t\t\tKernelGatewayImageConfig: \u0026sagemaker.AppImageConfigKernelGatewayImageConfigArgs{\n\t\t\t\tKernelSpec: \u0026sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs{\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleImageVersion, err := sagemaker.NewImageVersion(ctx, \"example\", \u0026sagemaker.ImageVersionArgs{\n\t\t\tImageName: example.ID(),\n\t\t\tBaseImage: pulumi.String(\"base-image\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewDomain(ctx, \"example\", \u0026sagemaker.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tAuthMode: pulumi.String(\"IAM\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleAwsSubnet.Id,\n\t\t\t},\n\t\t\tDefaultUserSettings: \u0026sagemaker.DomainDefaultUserSettingsArgs{\n\t\t\t\tExecutionRole: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\t\tKernelGatewayAppSettings: \u0026sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs{\n\t\t\t\t\tCustomImages: sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArray{\n\t\t\t\t\t\t\u0026sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs{\n\t\t\t\t\t\t\tAppImageConfigName: exampleAppImageConfig.AppImageConfigName,\n\t\t\t\t\t\t\tImageName: exampleImageVersion.ImageName,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sagemaker.Image;\nimport com.pulumi.aws.sagemaker.ImageArgs;\nimport com.pulumi.aws.sagemaker.AppImageConfig;\nimport com.pulumi.aws.sagemaker.AppImageConfigArgs;\nimport com.pulumi.aws.sagemaker.inputs.AppImageConfigKernelGatewayImageConfigArgs;\nimport com.pulumi.aws.sagemaker.inputs.AppImageConfigKernelGatewayImageConfigKernelSpecArgs;\nimport com.pulumi.aws.sagemaker.ImageVersion;\nimport com.pulumi.aws.sagemaker.ImageVersionArgs;\nimport com.pulumi.aws.sagemaker.Domain;\nimport com.pulumi.aws.sagemaker.DomainArgs;\nimport com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsArgs;\nimport com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Image(\"example\", ImageArgs.builder() \n .imageName(\"example\")\n .roleArn(exampleAwsIamRole.arn())\n .build());\n\n var exampleAppImageConfig = new AppImageConfig(\"exampleAppImageConfig\", AppImageConfigArgs.builder() \n .appImageConfigName(\"example\")\n .kernelGatewayImageConfig(AppImageConfigKernelGatewayImageConfigArgs.builder()\n .kernelSpec(AppImageConfigKernelGatewayImageConfigKernelSpecArgs.builder()\n .name(\"example\")\n .build())\n .build())\n .build());\n\n var exampleImageVersion = new ImageVersion(\"exampleImageVersion\", ImageVersionArgs.builder() \n .imageName(example.id())\n .baseImage(\"base-image\")\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(\"example\")\n .authMode(\"IAM\")\n .vpcId(exampleAwsVpc.id())\n .subnetIds(exampleAwsSubnet.id())\n .defaultUserSettings(DomainDefaultUserSettingsArgs.builder()\n .executionRole(exampleAwsIamRole.arn())\n .kernelGatewayAppSettings(DomainDefaultUserSettingsKernelGatewayAppSettingsArgs.builder()\n .customImages(DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs.builder()\n .appImageConfigName(exampleAppImageConfig.appImageConfigName())\n .imageName(exampleImageVersion.imageName())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sagemaker:Image\n properties:\n imageName: example\n roleArn: ${exampleAwsIamRole.arn}\n exampleAppImageConfig:\n type: aws:sagemaker:AppImageConfig\n name: example\n properties:\n appImageConfigName: example\n kernelGatewayImageConfig:\n kernelSpec:\n name: example\n exampleImageVersion:\n type: aws:sagemaker:ImageVersion\n name: example\n properties:\n imageName: ${example.id}\n baseImage: base-image\n exampleDomain:\n type: aws:sagemaker:Domain\n name: example\n properties:\n domainName: example\n authMode: IAM\n vpcId: ${exampleAwsVpc.id}\n subnetIds:\n - ${exampleAwsSubnet.id}\n defaultUserSettings:\n executionRole: ${exampleAwsIamRole.arn}\n kernelGatewayAppSettings:\n customImages:\n - appImageConfigName: ${exampleAppImageConfig.appImageConfigName}\n imageName: ${exampleImageVersion.imageName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SageMaker Domains using the `id`. For example:\n\n```sh\n$ pulumi import aws:sagemaker/domain:Domain test_domain d-8jgsjtilstu8\n```\n", + "description": "Provides a SageMaker Domain resource.\n\n## Example Usage\n\n### Basic usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"sagemaker.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n path: \"/\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst exampleDomain = new aws.sagemaker.Domain(\"example\", {\n domainName: \"example\",\n authMode: \"IAM\",\n vpcId: exampleAwsVpc.id,\n subnetIds: [exampleAwsSubnet.id],\n defaultUserSettings: {\n executionRole: exampleRole.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"sagemaker.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n path=\"/\",\n assume_role_policy=example.json)\nexample_domain = aws.sagemaker.Domain(\"example\",\n domain_name=\"example\",\n auth_mode=\"IAM\",\n vpc_id=example_aws_vpc[\"id\"],\n subnet_ids=[example_aws_subnet[\"id\"]],\n default_user_settings=aws.sagemaker.DomainDefaultUserSettingsArgs(\n execution_role=example_role.arn,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"sagemaker.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n Path = \"/\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleDomain = new Aws.Sagemaker.Domain(\"example\", new()\n {\n DomainName = \"example\",\n AuthMode = \"IAM\",\n VpcId = exampleAwsVpc.Id,\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n DefaultUserSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsArgs\n {\n ExecutionRole = exampleRole.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"sagemaker.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewDomain(ctx, \"example\", \u0026sagemaker.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tAuthMode: pulumi.String(\"IAM\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleAwsSubnet.Id,\n\t\t\t},\n\t\t\tDefaultUserSettings: \u0026sagemaker.DomainDefaultUserSettingsArgs{\n\t\t\t\tExecutionRole: exampleRole.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.sagemaker.Domain;\nimport com.pulumi.aws.sagemaker.DomainArgs;\nimport com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"sagemaker.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .path(\"/\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(\"example\")\n .authMode(\"IAM\")\n .vpcId(exampleAwsVpc.id())\n .subnetIds(exampleAwsSubnet.id())\n .defaultUserSettings(DomainDefaultUserSettingsArgs.builder()\n .executionRole(exampleRole.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomain:\n type: aws:sagemaker:Domain\n name: example\n properties:\n domainName: example\n authMode: IAM\n vpcId: ${exampleAwsVpc.id}\n subnetIds:\n - ${exampleAwsSubnet.id}\n defaultUserSettings:\n executionRole: ${exampleRole.arn}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n path: /\n assumeRolePolicy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - sagemaker.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using Custom Images\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.Image(\"example\", {\n imageName: \"example\",\n roleArn: exampleAwsIamRole.arn,\n});\nconst exampleAppImageConfig = new aws.sagemaker.AppImageConfig(\"example\", {\n appImageConfigName: \"example\",\n kernelGatewayImageConfig: {\n kernelSpec: {\n name: \"example\",\n },\n },\n});\nconst exampleImageVersion = new aws.sagemaker.ImageVersion(\"example\", {\n imageName: example.id,\n baseImage: \"base-image\",\n});\nconst exampleDomain = new aws.sagemaker.Domain(\"example\", {\n domainName: \"example\",\n authMode: \"IAM\",\n vpcId: exampleAwsVpc.id,\n subnetIds: [exampleAwsSubnet.id],\n defaultUserSettings: {\n executionRole: exampleAwsIamRole.arn,\n kernelGatewayAppSettings: {\n customImages: [{\n appImageConfigName: exampleAppImageConfig.appImageConfigName,\n imageName: exampleImageVersion.imageName,\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.Image(\"example\",\n image_name=\"example\",\n role_arn=example_aws_iam_role[\"arn\"])\nexample_app_image_config = aws.sagemaker.AppImageConfig(\"example\",\n app_image_config_name=\"example\",\n kernel_gateway_image_config=aws.sagemaker.AppImageConfigKernelGatewayImageConfigArgs(\n kernel_spec=aws.sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs(\n name=\"example\",\n ),\n ))\nexample_image_version = aws.sagemaker.ImageVersion(\"example\",\n image_name=example.id,\n base_image=\"base-image\")\nexample_domain = aws.sagemaker.Domain(\"example\",\n domain_name=\"example\",\n auth_mode=\"IAM\",\n vpc_id=example_aws_vpc[\"id\"],\n subnet_ids=[example_aws_subnet[\"id\"]],\n default_user_settings=aws.sagemaker.DomainDefaultUserSettingsArgs(\n execution_role=example_aws_iam_role[\"arn\"],\n kernel_gateway_app_settings=aws.sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs(\n custom_images=[aws.sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs(\n app_image_config_name=example_app_image_config.app_image_config_name,\n image_name=example_image_version.image_name,\n )],\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Sagemaker.Image(\"example\", new()\n {\n ImageName = \"example\",\n RoleArn = exampleAwsIamRole.Arn,\n });\n\n var exampleAppImageConfig = new Aws.Sagemaker.AppImageConfig(\"example\", new()\n {\n AppImageConfigName = \"example\",\n KernelGatewayImageConfig = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigArgs\n {\n KernelSpec = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigKernelSpecArgs\n {\n Name = \"example\",\n },\n },\n });\n\n var exampleImageVersion = new Aws.Sagemaker.ImageVersion(\"example\", new()\n {\n ImageName = example.Id,\n BaseImage = \"base-image\",\n });\n\n var exampleDomain = new Aws.Sagemaker.Domain(\"example\", new()\n {\n DomainName = \"example\",\n AuthMode = \"IAM\",\n VpcId = exampleAwsVpc.Id,\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n DefaultUserSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsArgs\n {\n ExecutionRole = exampleAwsIamRole.Arn,\n KernelGatewayAppSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs\n {\n CustomImages = new[]\n {\n new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs\n {\n AppImageConfigName = exampleAppImageConfig.AppImageConfigName,\n ImageName = exampleImageVersion.ImageName,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sagemaker.NewImage(ctx, \"example\", \u0026sagemaker.ImageArgs{\n\t\t\tImageName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAppImageConfig, err := sagemaker.NewAppImageConfig(ctx, \"example\", \u0026sagemaker.AppImageConfigArgs{\n\t\t\tAppImageConfigName: pulumi.String(\"example\"),\n\t\t\tKernelGatewayImageConfig: \u0026sagemaker.AppImageConfigKernelGatewayImageConfigArgs{\n\t\t\t\tKernelSpec: \u0026sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs{\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleImageVersion, err := sagemaker.NewImageVersion(ctx, \"example\", \u0026sagemaker.ImageVersionArgs{\n\t\t\tImageName: example.ID(),\n\t\t\tBaseImage: pulumi.String(\"base-image\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewDomain(ctx, \"example\", \u0026sagemaker.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tAuthMode: pulumi.String(\"IAM\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleAwsSubnet.Id,\n\t\t\t},\n\t\t\tDefaultUserSettings: \u0026sagemaker.DomainDefaultUserSettingsArgs{\n\t\t\t\tExecutionRole: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\t\tKernelGatewayAppSettings: \u0026sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs{\n\t\t\t\t\tCustomImages: sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArray{\n\t\t\t\t\t\t\u0026sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs{\n\t\t\t\t\t\t\tAppImageConfigName: exampleAppImageConfig.AppImageConfigName,\n\t\t\t\t\t\t\tImageName: exampleImageVersion.ImageName,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sagemaker.Image;\nimport com.pulumi.aws.sagemaker.ImageArgs;\nimport com.pulumi.aws.sagemaker.AppImageConfig;\nimport com.pulumi.aws.sagemaker.AppImageConfigArgs;\nimport com.pulumi.aws.sagemaker.inputs.AppImageConfigKernelGatewayImageConfigArgs;\nimport com.pulumi.aws.sagemaker.inputs.AppImageConfigKernelGatewayImageConfigKernelSpecArgs;\nimport com.pulumi.aws.sagemaker.ImageVersion;\nimport com.pulumi.aws.sagemaker.ImageVersionArgs;\nimport com.pulumi.aws.sagemaker.Domain;\nimport com.pulumi.aws.sagemaker.DomainArgs;\nimport com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsArgs;\nimport com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Image(\"example\", ImageArgs.builder() \n .imageName(\"example\")\n .roleArn(exampleAwsIamRole.arn())\n .build());\n\n var exampleAppImageConfig = new AppImageConfig(\"exampleAppImageConfig\", AppImageConfigArgs.builder() \n .appImageConfigName(\"example\")\n .kernelGatewayImageConfig(AppImageConfigKernelGatewayImageConfigArgs.builder()\n .kernelSpec(AppImageConfigKernelGatewayImageConfigKernelSpecArgs.builder()\n .name(\"example\")\n .build())\n .build())\n .build());\n\n var exampleImageVersion = new ImageVersion(\"exampleImageVersion\", ImageVersionArgs.builder() \n .imageName(example.id())\n .baseImage(\"base-image\")\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .domainName(\"example\")\n .authMode(\"IAM\")\n .vpcId(exampleAwsVpc.id())\n .subnetIds(exampleAwsSubnet.id())\n .defaultUserSettings(DomainDefaultUserSettingsArgs.builder()\n .executionRole(exampleAwsIamRole.arn())\n .kernelGatewayAppSettings(DomainDefaultUserSettingsKernelGatewayAppSettingsArgs.builder()\n .customImages(DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs.builder()\n .appImageConfigName(exampleAppImageConfig.appImageConfigName())\n .imageName(exampleImageVersion.imageName())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sagemaker:Image\n properties:\n imageName: example\n roleArn: ${exampleAwsIamRole.arn}\n exampleAppImageConfig:\n type: aws:sagemaker:AppImageConfig\n name: example\n properties:\n appImageConfigName: example\n kernelGatewayImageConfig:\n kernelSpec:\n name: example\n exampleImageVersion:\n type: aws:sagemaker:ImageVersion\n name: example\n properties:\n imageName: ${example.id}\n baseImage: base-image\n exampleDomain:\n type: aws:sagemaker:Domain\n name: example\n properties:\n domainName: example\n authMode: IAM\n vpcId: ${exampleAwsVpc.id}\n subnetIds:\n - ${exampleAwsSubnet.id}\n defaultUserSettings:\n executionRole: ${exampleAwsIamRole.arn}\n kernelGatewayAppSettings:\n customImages:\n - appImageConfigName: ${exampleAppImageConfig.appImageConfigName}\n imageName: ${exampleImageVersion.imageName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SageMaker Domains using the `id`. For example:\n\n```sh\n$ pulumi import aws:sagemaker/domain:Domain test_domain d-8jgsjtilstu8\n```\n", "properties": { "appNetworkAccessType": { "type": "string", @@ -320257,7 +320257,7 @@ } }, "aws:sagemaker/model:Model": { - "description": "Provides a SageMaker model resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"sagemaker.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst test = aws.sagemaker.getPrebuiltEcrImage({\n repositoryName: \"kmeans\",\n});\nconst example = new aws.sagemaker.Model(\"example\", {\n name: \"my-model\",\n executionRoleArn: exampleRole.arn,\n primaryContainer: {\n image: test.then(test =\u003e test.registryPath),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"sagemaker.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\", assume_role_policy=assume_role.json)\ntest = aws.sagemaker.get_prebuilt_ecr_image(repository_name=\"kmeans\")\nexample = aws.sagemaker.Model(\"example\",\n name=\"my-model\",\n execution_role_arn=example_role.arn,\n primary_container=aws.sagemaker.ModelPrimaryContainerArgs(\n image=test.registry_path,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"sagemaker.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test = Aws.Sagemaker.GetPrebuiltEcrImage.Invoke(new()\n {\n RepositoryName = \"kmeans\",\n });\n\n var example = new Aws.Sagemaker.Model(\"example\", new()\n {\n Name = \"my-model\",\n ExecutionRoleArn = exampleRole.Arn,\n PrimaryContainer = new Aws.Sagemaker.Inputs.ModelPrimaryContainerArgs\n {\n Image = test.Apply(getPrebuiltEcrImageResult =\u003e getPrebuiltEcrImageResult.RegistryPath),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"sagemaker.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := sagemaker.GetPrebuiltEcrImage(ctx, \u0026sagemaker.GetPrebuiltEcrImageArgs{\n\t\t\tRepositoryName: \"kmeans\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewModel(ctx, \"example\", \u0026sagemaker.ModelArgs{\n\t\t\tName: pulumi.String(\"my-model\"),\n\t\t\tExecutionRoleArn: exampleRole.Arn,\n\t\t\tPrimaryContainer: \u0026sagemaker.ModelPrimaryContainerArgs{\n\t\t\t\tImage: *pulumi.String(test.RegistryPath),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.sagemaker.SagemakerFunctions;\nimport com.pulumi.aws.sagemaker.inputs.GetPrebuiltEcrImageArgs;\nimport com.pulumi.aws.sagemaker.Model;\nimport com.pulumi.aws.sagemaker.ModelArgs;\nimport com.pulumi.aws.sagemaker.inputs.ModelPrimaryContainerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"sagemaker.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var test = SagemakerFunctions.getPrebuiltEcrImage(GetPrebuiltEcrImageArgs.builder()\n .repositoryName(\"kmeans\")\n .build());\n\n var example = new Model(\"example\", ModelArgs.builder() \n .name(\"my-model\")\n .executionRoleArn(exampleRole.arn())\n .primaryContainer(ModelPrimaryContainerArgs.builder()\n .image(test.applyValue(getPrebuiltEcrImageResult -\u003e getPrebuiltEcrImageResult.registryPath()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sagemaker:Model\n properties:\n name: my-model\n executionRoleArn: ${exampleRole.arn}\n primaryContainer:\n image: ${test.registryPath}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - sagemaker.amazonaws.com\n test:\n fn::invoke:\n Function: aws:sagemaker:getPrebuiltEcrImage\n Arguments:\n repositoryName: kmeans\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Inference Execution Config\n\n* `mode` - (Required) How containers in a multi-container are run. The following values are valid `Serial` and `Direct`.\n\n## Import\n\nUsing `pulumi import`, import models using the `name`. For example:\n\n```sh\n$ pulumi import aws:sagemaker/model:Model test_model model-foo\n```\n", + "description": "Provides a SageMaker model resource.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"sagemaker.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst test = aws.sagemaker.getPrebuiltEcrImage({\n repositoryName: \"kmeans\",\n});\nconst example = new aws.sagemaker.Model(\"example\", {\n name: \"my-model\",\n executionRoleArn: exampleRole.arn,\n primaryContainer: {\n image: test.then(test =\u003e test.registryPath),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"sagemaker.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\", assume_role_policy=assume_role.json)\ntest = aws.sagemaker.get_prebuilt_ecr_image(repository_name=\"kmeans\")\nexample = aws.sagemaker.Model(\"example\",\n name=\"my-model\",\n execution_role_arn=example_role.arn,\n primary_container=aws.sagemaker.ModelPrimaryContainerArgs(\n image=test.registry_path,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"sagemaker.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var test = Aws.Sagemaker.GetPrebuiltEcrImage.Invoke(new()\n {\n RepositoryName = \"kmeans\",\n });\n\n var example = new Aws.Sagemaker.Model(\"example\", new()\n {\n Name = \"my-model\",\n ExecutionRoleArn = exampleRole.Arn,\n PrimaryContainer = new Aws.Sagemaker.Inputs.ModelPrimaryContainerArgs\n {\n Image = test.Apply(getPrebuiltEcrImageResult =\u003e getPrebuiltEcrImageResult.RegistryPath),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"sagemaker.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := sagemaker.GetPrebuiltEcrImage(ctx, \u0026sagemaker.GetPrebuiltEcrImageArgs{\n\t\t\tRepositoryName: \"kmeans\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewModel(ctx, \"example\", \u0026sagemaker.ModelArgs{\n\t\t\tName: pulumi.String(\"my-model\"),\n\t\t\tExecutionRoleArn: exampleRole.Arn,\n\t\t\tPrimaryContainer: \u0026sagemaker.ModelPrimaryContainerArgs{\n\t\t\t\tImage: pulumi.String(test.RegistryPath),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.sagemaker.SagemakerFunctions;\nimport com.pulumi.aws.sagemaker.inputs.GetPrebuiltEcrImageArgs;\nimport com.pulumi.aws.sagemaker.Model;\nimport com.pulumi.aws.sagemaker.ModelArgs;\nimport com.pulumi.aws.sagemaker.inputs.ModelPrimaryContainerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"sagemaker.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var test = SagemakerFunctions.getPrebuiltEcrImage(GetPrebuiltEcrImageArgs.builder()\n .repositoryName(\"kmeans\")\n .build());\n\n var example = new Model(\"example\", ModelArgs.builder() \n .name(\"my-model\")\n .executionRoleArn(exampleRole.arn())\n .primaryContainer(ModelPrimaryContainerArgs.builder()\n .image(test.applyValue(getPrebuiltEcrImageResult -\u003e getPrebuiltEcrImageResult.registryPath()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sagemaker:Model\n properties:\n name: my-model\n executionRoleArn: ${exampleRole.arn}\n primaryContainer:\n image: ${test.registryPath}\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - sagemaker.amazonaws.com\n test:\n fn::invoke:\n Function: aws:sagemaker:getPrebuiltEcrImage\n Arguments:\n repositoryName: kmeans\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Inference Execution Config\n\n* `mode` - (Required) How containers in a multi-container are run. The following values are valid `Serial` and `Direct`.\n\n## Import\n\nUsing `pulumi import`, import models using the `name`. For example:\n\n```sh\n$ pulumi import aws:sagemaker/model:Model test_model model-foo\n```\n", "properties": { "arn": { "type": "string", @@ -322490,7 +322490,7 @@ } }, "aws:schemas/registryPolicy:RegistryPolicy": { - "description": "Resource for managing an AWS EventBridge Schemas Registry Policy.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"example\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"109876543210\"],\n }],\n actions: [\"schemas:*\"],\n resources: [\n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n ],\n }],\n});\nconst exampleRegistryPolicy = new aws.schemas.RegistryPolicy(\"example\", {\n registryName: \"example\",\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"109876543210\"],\n )],\n actions=[\"schemas:*\"],\n resources=[\n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n ],\n)])\nexample_registry_policy = aws.schemas.RegistryPolicy(\"example\",\n registry_name=\"example\",\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"109876543210\",\n },\n },\n },\n Actions = new[]\n {\n \"schemas:*\",\n },\n Resources = new[]\n {\n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n },\n },\n },\n });\n\n var exampleRegistryPolicy = new Aws.Schemas.RegistryPolicy(\"example\", new()\n {\n RegistryName = \"example\",\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/schemas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"example\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"109876543210\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"schemas:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n\t\t\t\t\t\t\"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = schemas.NewRegistryPolicy(ctx, \"example\", \u0026schemas.RegistryPolicyArgs{\n\t\t\tRegistryName: pulumi.String(\"example\"),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.schemas.RegistryPolicy;\nimport com.pulumi.aws.schemas.RegistryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"109876543210\")\n .build())\n .actions(\"schemas:*\")\n .resources( \n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\")\n .build())\n .build());\n\n var exampleRegistryPolicy = new RegistryPolicy(\"exampleRegistryPolicy\", RegistryPolicyArgs.builder() \n .registryName(\"example\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRegistryPolicy:\n type: aws:schemas:RegistryPolicy\n name: example\n properties:\n registryName: example\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: example\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '109876543210'\n actions:\n - schemas:*\n resources:\n - arn:aws:schemas:us-east-1:012345678901:registry/example\n - arn:aws:schemas:us-east-1:012345678901:schema/example*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EventBridge Schema Registry Policy using the `registry_name`. For example:\n\n```sh\n$ pulumi import aws:schemas/registryPolicy:RegistryPolicy example example\n```\n", + "description": "Resource for managing an AWS EventBridge Schemas Registry Policy.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"example\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"109876543210\"],\n }],\n actions: [\"schemas:*\"],\n resources: [\n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n ],\n }],\n});\nconst exampleRegistryPolicy = new aws.schemas.RegistryPolicy(\"example\", {\n registryName: \"example\",\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"109876543210\"],\n )],\n actions=[\"schemas:*\"],\n resources=[\n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n ],\n)])\nexample_registry_policy = aws.schemas.RegistryPolicy(\"example\",\n registry_name=\"example\",\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"109876543210\",\n },\n },\n },\n Actions = new[]\n {\n \"schemas:*\",\n },\n Resources = new[]\n {\n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n },\n },\n },\n });\n\n var exampleRegistryPolicy = new Aws.Schemas.RegistryPolicy(\"example\", new()\n {\n RegistryName = \"example\",\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/schemas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"example\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"109876543210\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"schemas:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n\t\t\t\t\t\t\"arn:aws:schemas:us-east-1:012345678901:schema/example*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = schemas.NewRegistryPolicy(ctx, \"example\", \u0026schemas.RegistryPolicyArgs{\n\t\t\tRegistryName: pulumi.String(\"example\"),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.schemas.RegistryPolicy;\nimport com.pulumi.aws.schemas.RegistryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"109876543210\")\n .build())\n .actions(\"schemas:*\")\n .resources( \n \"arn:aws:schemas:us-east-1:012345678901:registry/example\",\n \"arn:aws:schemas:us-east-1:012345678901:schema/example*\")\n .build())\n .build());\n\n var exampleRegistryPolicy = new RegistryPolicy(\"exampleRegistryPolicy\", RegistryPolicyArgs.builder() \n .registryName(\"example\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRegistryPolicy:\n type: aws:schemas:RegistryPolicy\n name: example\n properties:\n registryName: example\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: example\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '109876543210'\n actions:\n - schemas:*\n resources:\n - arn:aws:schemas:us-east-1:012345678901:registry/example\n - arn:aws:schemas:us-east-1:012345678901:schema/example*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import EventBridge Schema Registry Policy using the `registry_name`. For example:\n\n```sh\n$ pulumi import aws:schemas/registryPolicy:RegistryPolicy example example\n```\n", "properties": { "policy": { "type": "string", @@ -322874,7 +322874,7 @@ } }, "aws:secretsmanager/secretPolicy:SecretPolicy": { - "description": "Provides a resource to manage AWS Secrets Manager secret policy.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSecret = new aws.secretsmanager.Secret(\"example\", {name: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"EnableAnotherAWSAccountToReadTheSecret\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"arn:aws:iam::123456789012:root\"],\n }],\n actions: [\"secretsmanager:GetSecretValue\"],\n resources: [\"*\"],\n }],\n});\nconst exampleSecretPolicy = new aws.secretsmanager.SecretPolicy(\"example\", {\n secretArn: exampleSecret.arn,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_secret = aws.secretsmanager.Secret(\"example\", name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"EnableAnotherAWSAccountToReadTheSecret\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"arn:aws:iam::123456789012:root\"],\n )],\n actions=[\"secretsmanager:GetSecretValue\"],\n resources=[\"*\"],\n)])\nexample_secret_policy = aws.secretsmanager.SecretPolicy(\"example\",\n secret_arn=example_secret.arn,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSecret = new Aws.SecretsManager.Secret(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"EnableAnotherAWSAccountToReadTheSecret\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"arn:aws:iam::123456789012:root\",\n },\n },\n },\n Actions = new[]\n {\n \"secretsmanager:GetSecretValue\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleSecretPolicy = new Aws.SecretsManager.SecretPolicy(\"example\", new()\n {\n SecretArn = exampleSecret.Arn,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSecret, err := secretsmanager.NewSecret(ctx, \"example\", \u0026secretsmanager.SecretArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"EnableAnotherAWSAccountToReadTheSecret\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"arn:aws:iam::123456789012:root\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"secretsmanager:GetSecretValue\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretsmanager.NewSecretPolicy(ctx, \"example\", \u0026secretsmanager.SecretPolicyArgs{\n\t\t\tSecretArn: exampleSecret.Arn,\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.Secret;\nimport com.pulumi.aws.secretsmanager.SecretArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.secretsmanager.SecretPolicy;\nimport com.pulumi.aws.secretsmanager.SecretPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSecret = new Secret(\"exampleSecret\", SecretArgs.builder() \n .name(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"EnableAnotherAWSAccountToReadTheSecret\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"arn:aws:iam::123456789012:root\")\n .build())\n .actions(\"secretsmanager:GetSecretValue\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleSecretPolicy = new SecretPolicy(\"exampleSecretPolicy\", SecretPolicyArgs.builder() \n .secretArn(exampleSecret.arn())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSecret:\n type: aws:secretsmanager:Secret\n name: example\n properties:\n name: example\n exampleSecretPolicy:\n type: aws:secretsmanager:SecretPolicy\n name: example\n properties:\n secretArn: ${exampleSecret.arn}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: EnableAnotherAWSAccountToReadTheSecret\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::123456789012:root\n actions:\n - secretsmanager:GetSecretValue\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_secretsmanager_secret_policy` using the secret Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\n```\n", + "description": "Provides a resource to manage AWS Secrets Manager secret policy.\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSecret = new aws.secretsmanager.Secret(\"example\", {name: \"example\"});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"EnableAnotherAWSAccountToReadTheSecret\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"arn:aws:iam::123456789012:root\"],\n }],\n actions: [\"secretsmanager:GetSecretValue\"],\n resources: [\"*\"],\n }],\n});\nconst exampleSecretPolicy = new aws.secretsmanager.SecretPolicy(\"example\", {\n secretArn: exampleSecret.arn,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_secret = aws.secretsmanager.Secret(\"example\", name=\"example\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"EnableAnotherAWSAccountToReadTheSecret\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"arn:aws:iam::123456789012:root\"],\n )],\n actions=[\"secretsmanager:GetSecretValue\"],\n resources=[\"*\"],\n)])\nexample_secret_policy = aws.secretsmanager.SecretPolicy(\"example\",\n secret_arn=example_secret.arn,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSecret = new Aws.SecretsManager.Secret(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"EnableAnotherAWSAccountToReadTheSecret\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"arn:aws:iam::123456789012:root\",\n },\n },\n },\n Actions = new[]\n {\n \"secretsmanager:GetSecretValue\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleSecretPolicy = new Aws.SecretsManager.SecretPolicy(\"example\", new()\n {\n SecretArn = exampleSecret.Arn,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSecret, err := secretsmanager.NewSecret(ctx, \"example\", \u0026secretsmanager.SecretArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"EnableAnotherAWSAccountToReadTheSecret\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"arn:aws:iam::123456789012:root\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"secretsmanager:GetSecretValue\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretsmanager.NewSecretPolicy(ctx, \"example\", \u0026secretsmanager.SecretPolicyArgs{\n\t\t\tSecretArn: exampleSecret.Arn,\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.Secret;\nimport com.pulumi.aws.secretsmanager.SecretArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.secretsmanager.SecretPolicy;\nimport com.pulumi.aws.secretsmanager.SecretPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSecret = new Secret(\"exampleSecret\", SecretArgs.builder() \n .name(\"example\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"EnableAnotherAWSAccountToReadTheSecret\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"arn:aws:iam::123456789012:root\")\n .build())\n .actions(\"secretsmanager:GetSecretValue\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleSecretPolicy = new SecretPolicy(\"exampleSecretPolicy\", SecretPolicyArgs.builder() \n .secretArn(exampleSecret.arn())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSecret:\n type: aws:secretsmanager:Secret\n name: example\n properties:\n name: example\n exampleSecretPolicy:\n type: aws:secretsmanager:SecretPolicy\n name: example\n properties:\n secretArn: ${exampleSecret.arn}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: EnableAnotherAWSAccountToReadTheSecret\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::123456789012:root\n actions:\n - secretsmanager:GetSecretValue\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_secretsmanager_secret_policy` using the secret Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\n```\n", "properties": { "blockPublicPolicy": { "type": "boolean", @@ -327035,7 +327035,7 @@ ] }, "aws:ses/domainDkim:DomainDkim": { - "description": "Provides an SES domain DKIM generation resource.\n\nDomain ownership needs to be confirmed first using ses_domain_identity Resource\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleDomainDkim = new aws.ses.DomainDkim(\"example\", {domain: example.domain});\nconst exampleAmazonsesDkimRecord: aws.route53.Record[] = [];\nfor (const range = {value: 0}; range.value \u003c 3; range.value++) {\n exampleAmazonsesDkimRecord.push(new aws.route53.Record(`example_amazonses_dkim_record-${range.value}`, {\n zoneId: \"ABCDEFGHIJ123\",\n name: exampleDomainDkim.dkimTokens.apply(dkimTokens =\u003e `${dkimTokens[range.value]}._domainkey`),\n type: \"CNAME\",\n ttl: 600,\n records: [exampleDomainDkim.dkimTokens.apply(dkimTokens =\u003e `${dkimTokens[range.value]}.dkim.amazonses.com`)],\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_domain_dkim = aws.ses.DomainDkim(\"example\", domain=example.domain)\nexample_amazonses_dkim_record = []\nfor range in [{\"value\": i} for i in range(0, 3)]:\n example_amazonses_dkim_record.append(aws.route53.Record(f\"example_amazonses_dkim_record-{range['value']}\",\n zone_id=\"ABCDEFGHIJ123\",\n name=example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f\"{dkim_tokens[range['value']]}._domainkey\"),\n type=\"CNAME\",\n ttl=600,\n records=[example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f\"{dkim_tokens[range['value']]}.dkim.amazonses.com\")]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleDomainDkim = new Aws.Ses.DomainDkim(\"example\", new()\n {\n Domain = example.Domain,\n });\n\n var exampleAmazonsesDkimRecord = new List\u003cAws.Route53.Record\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 3; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleAmazonsesDkimRecord.Add(new Aws.Route53.Record($\"example_amazonses_dkim_record-{range.Value}\", new()\n {\n ZoneId = \"ABCDEFGHIJ123\",\n Name = exampleDomainDkim.DkimTokens.Apply(dkimTokens =\u003e $\"{dkimTokens[range.Value]}._domainkey\"),\n Type = \"CNAME\",\n Ttl = 600,\n Records = new[]\n {\n exampleDomainDkim.DkimTokens.Apply(dkimTokens =\u003e $\"{dkimTokens[range.Value]}.dkim.amazonses.com\"),\n },\n }));\n }\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDomainDkim, err := ses.NewDomainDkim(ctx, \"example\", \u0026ses.DomainDkimArgs{\n\t\t\tDomain: example.Domain,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar exampleAmazonsesDkimRecord []*route53.Record\n\t\tfor index := 0; index \u003c 3; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := route53.NewRecord(ctx, fmt.Sprintf(\"example_amazonses_dkim_record-%v\", key0), \u0026route53.RecordArgs{\n\t\t\t\tZoneId: pulumi.String(\"ABCDEFGHIJ123\"),\n\t\t\t\tName: exampleDomainDkim.DkimTokens.ApplyT(func(dkimTokens []string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"%v._domainkey\", dkimTokens[val0]), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tType: pulumi.String(\"CNAME\"),\n\t\t\t\tTtl: pulumi.Int(600),\n\t\t\t\tRecords: pulumi.StringArray{\n\t\t\t\t\texampleDomainDkim.DkimTokens.ApplyT(func(dkimTokens []string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v.dkim.amazonses.com\", dkimTokens[val0]), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\texampleAmazonsesDkimRecord = append(exampleAmazonsesDkimRecord, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.ses.DomainDkim;\nimport com.pulumi.aws.ses.DomainDkimArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleDomainDkim = new DomainDkim(\"exampleDomainDkim\", DomainDkimArgs.builder() \n .domain(example.domain())\n .build());\n\n for (var i = 0; i \u003c 3; i++) {\n new Record(\"exampleAmazonsesDkimRecord-\" + i, RecordArgs.builder() \n .zoneId(\"ABCDEFGHIJ123\")\n .name(exampleDomainDkim.dkimTokens().applyValue(dkimTokens -\u003e String.format(\"%s._domainkey\", dkimTokens[range.value()])))\n .type(\"CNAME\")\n .ttl(\"600\")\n .records(exampleDomainDkim.dkimTokens().applyValue(dkimTokens -\u003e String.format(\"%s.dkim.amazonses.com\", dkimTokens[range.value()])))\n .build());\n\n \n}\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DKIM tokens using the `domain` attribute. For example:\n\n```sh\n$ pulumi import aws:ses/domainDkim:DomainDkim example example.com\n```\n", + "description": "Provides an SES domain DKIM generation resource.\n\nDomain ownership needs to be confirmed first using ses_domain_identity Resource\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleDomainDkim = new aws.ses.DomainDkim(\"example\", {domain: example.domain});\nconst exampleAmazonsesDkimRecord: aws.route53.Record[] = [];\nfor (const range = {value: 0}; range.value \u003c 3; range.value++) {\n exampleAmazonsesDkimRecord.push(new aws.route53.Record(`example_amazonses_dkim_record-${range.value}`, {\n zoneId: \"ABCDEFGHIJ123\",\n name: exampleDomainDkim.dkimTokens.apply(dkimTokens =\u003e `${dkimTokens[range.value]}._domainkey`),\n type: aws.route53.RecordType.CNAME,\n ttl: 600,\n records: [exampleDomainDkim.dkimTokens.apply(dkimTokens =\u003e `${dkimTokens[range.value]}.dkim.amazonses.com`)],\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_domain_dkim = aws.ses.DomainDkim(\"example\", domain=example.domain)\nexample_amazonses_dkim_record = []\nfor range in [{\"value\": i} for i in range(0, 3)]:\n example_amazonses_dkim_record.append(aws.route53.Record(f\"example_amazonses_dkim_record-{range['value']}\",\n zone_id=\"ABCDEFGHIJ123\",\n name=example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f\"{dkim_tokens[range['value']]}._domainkey\"),\n type=aws.route53.RecordType.CNAME,\n ttl=600,\n records=[example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f\"{dkim_tokens[range['value']]}.dkim.amazonses.com\")]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleDomainDkim = new Aws.Ses.DomainDkim(\"example\", new()\n {\n Domain = example.Domain,\n });\n\n var exampleAmazonsesDkimRecord = new List\u003cAws.Route53.Record\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 3; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleAmazonsesDkimRecord.Add(new Aws.Route53.Record($\"example_amazonses_dkim_record-{range.Value}\", new()\n {\n ZoneId = \"ABCDEFGHIJ123\",\n Name = exampleDomainDkim.DkimTokens.Apply(dkimTokens =\u003e $\"{dkimTokens[range.Value]}._domainkey\"),\n Type = Aws.Route53.RecordType.CNAME,\n Ttl = 600,\n Records = new[]\n {\n exampleDomainDkim.DkimTokens.Apply(dkimTokens =\u003e $\"{dkimTokens[range.Value]}.dkim.amazonses.com\"),\n },\n }));\n }\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDomainDkim, err := ses.NewDomainDkim(ctx, \"example\", \u0026ses.DomainDkimArgs{\n\t\t\tDomain: example.Domain,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar exampleAmazonsesDkimRecord []*route53.Record\n\t\tfor index := 0; index \u003c 3; index++ {\n\t\t\tkey0 := index\n\t\t\tval0 := index\n\t\t\t__res, err := route53.NewRecord(ctx, fmt.Sprintf(\"example_amazonses_dkim_record-%v\", key0), \u0026route53.RecordArgs{\n\t\t\t\tZoneId: pulumi.String(\"ABCDEFGHIJ123\"),\n\t\t\t\tName: exampleDomainDkim.DkimTokens.ApplyT(func(dkimTokens []string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"%v._domainkey\", dkimTokens[val0]), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tType: pulumi.String(route53.RecordTypeCNAME),\n\t\t\t\tTtl: pulumi.Int(600),\n\t\t\t\tRecords: pulumi.StringArray{\n\t\t\t\t\texampleDomainDkim.DkimTokens.ApplyT(func(dkimTokens []string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v.dkim.amazonses.com\", dkimTokens[val0]), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\texampleAmazonsesDkimRecord = append(exampleAmazonsesDkimRecord, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.ses.DomainDkim;\nimport com.pulumi.aws.ses.DomainDkimArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleDomainDkim = new DomainDkim(\"exampleDomainDkim\", DomainDkimArgs.builder() \n .domain(example.domain())\n .build());\n\n for (var i = 0; i \u003c 3; i++) {\n new Record(\"exampleAmazonsesDkimRecord-\" + i, RecordArgs.builder() \n .zoneId(\"ABCDEFGHIJ123\")\n .name(exampleDomainDkim.dkimTokens().applyValue(dkimTokens -\u003e String.format(\"%s._domainkey\", dkimTokens[range.value()])))\n .type(\"CNAME\")\n .ttl(\"600\")\n .records(exampleDomainDkim.dkimTokens().applyValue(dkimTokens -\u003e String.format(\"%s.dkim.amazonses.com\", dkimTokens[range.value()])))\n .build());\n\n \n}\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DKIM tokens using the `domain` attribute. For example:\n\n```sh\n$ pulumi import aws:ses/domainDkim:DomainDkim example example.com\n```\n", "properties": { "dkimTokens": { "type": "array", @@ -327083,7 +327083,7 @@ } }, "aws:ses/domainIdentity:DomainIdentity": { - "description": "Provides an SES domain identity resource\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Route53 Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleAmazonsesVerificationRecord = new aws.route53.Record(\"example_amazonses_verification_record\", {\n zoneId: \"ABCDEFGHIJ123\",\n name: \"_amazonses.example.com\",\n type: \"TXT\",\n ttl: 600,\n records: [example.verificationToken],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_amazonses_verification_record = aws.route53.Record(\"example_amazonses_verification_record\",\n zone_id=\"ABCDEFGHIJ123\",\n name=\"_amazonses.example.com\",\n type=\"TXT\",\n ttl=600,\n records=[example.verification_token])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleAmazonsesVerificationRecord = new Aws.Route53.Record(\"example_amazonses_verification_record\", new()\n {\n ZoneId = \"ABCDEFGHIJ123\",\n Name = \"_amazonses.example.com\",\n Type = \"TXT\",\n Ttl = 600,\n Records = new[]\n {\n example.VerificationToken,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example_amazonses_verification_record\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.String(\"ABCDEFGHIJ123\"),\n\t\t\tName: pulumi.String(\"_amazonses.example.com\"),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.VerificationToken,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleAmazonsesVerificationRecord = new Record(\"exampleAmazonsesVerificationRecord\", RecordArgs.builder() \n .zoneId(\"ABCDEFGHIJ123\")\n .name(\"_amazonses.example.com\")\n .type(\"TXT\")\n .ttl(\"600\")\n .records(example.verificationToken())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n exampleAmazonsesVerificationRecord:\n type: aws:route53:Record\n name: example_amazonses_verification_record\n properties:\n zoneId: ABCDEFGHIJ123\n name: _amazonses.example.com\n type: TXT\n ttl: '600'\n records:\n - ${example.verificationToken}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SES domain identities using the domain name. For example:\n\n```sh\n$ pulumi import aws:ses/domainIdentity:DomainIdentity example example.com\n```\n", + "description": "Provides an SES domain identity resource\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Route53 Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleAmazonsesVerificationRecord = new aws.route53.Record(\"example_amazonses_verification_record\", {\n zoneId: \"ABCDEFGHIJ123\",\n name: \"_amazonses.example.com\",\n type: aws.route53.RecordType.TXT,\n ttl: 600,\n records: [example.verificationToken],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_amazonses_verification_record = aws.route53.Record(\"example_amazonses_verification_record\",\n zone_id=\"ABCDEFGHIJ123\",\n name=\"_amazonses.example.com\",\n type=aws.route53.RecordType.TXT,\n ttl=600,\n records=[example.verification_token])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleAmazonsesVerificationRecord = new Aws.Route53.Record(\"example_amazonses_verification_record\", new()\n {\n ZoneId = \"ABCDEFGHIJ123\",\n Name = \"_amazonses.example.com\",\n Type = Aws.Route53.RecordType.TXT,\n Ttl = 600,\n Records = new[]\n {\n example.VerificationToken,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example_amazonses_verification_record\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.String(\"ABCDEFGHIJ123\"),\n\t\t\tName: pulumi.String(\"_amazonses.example.com\"),\n\t\t\tType: pulumi.String(route53.RecordTypeTXT),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.VerificationToken,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleAmazonsesVerificationRecord = new Record(\"exampleAmazonsesVerificationRecord\", RecordArgs.builder() \n .zoneId(\"ABCDEFGHIJ123\")\n .name(\"_amazonses.example.com\")\n .type(\"TXT\")\n .ttl(\"600\")\n .records(example.verificationToken())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n exampleAmazonsesVerificationRecord:\n type: aws:route53:Record\n name: example_amazonses_verification_record\n properties:\n zoneId: ABCDEFGHIJ123\n name: _amazonses.example.com\n type: TXT\n ttl: '600'\n records:\n - ${example.verificationToken}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SES domain identities using the domain name. For example:\n\n```sh\n$ pulumi import aws:ses/domainIdentity:DomainIdentity example example.com\n```\n", "properties": { "arn": { "type": "string", @@ -327134,7 +327134,7 @@ } }, "aws:ses/domainIdentityVerification:DomainIdentityVerification": { - "description": "Represents a successful verification of an SES domain identity.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.ses.DomainIdentity` to request an SES domain identity,\ndeploy the required DNS verification records, and wait for verification to complete.\n\n\u003e **WARNING:** This resource implements a part of the verification workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleAmazonsesVerificationRecord = new aws.route53.Record(\"example_amazonses_verification_record\", {\n zoneId: exampleAwsRoute53Zone.zoneId,\n name: pulumi.interpolate`_amazonses.${example.id}`,\n type: \"TXT\",\n ttl: 600,\n records: [example.verificationToken],\n});\nconst exampleVerification = new aws.ses.DomainIdentityVerification(\"example_verification\", {domain: example.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_amazonses_verification_record = aws.route53.Record(\"example_amazonses_verification_record\",\n zone_id=example_aws_route53_zone[\"zoneId\"],\n name=example.id.apply(lambda id: f\"_amazonses.{id}\"),\n type=\"TXT\",\n ttl=600,\n records=[example.verification_token])\nexample_verification = aws.ses.DomainIdentityVerification(\"example_verification\", domain=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleAmazonsesVerificationRecord = new Aws.Route53.Record(\"example_amazonses_verification_record\", new()\n {\n ZoneId = exampleAwsRoute53Zone.ZoneId,\n Name = example.Id.Apply(id =\u003e $\"_amazonses.{id}\"),\n Type = \"TXT\",\n Ttl = 600,\n Records = new[]\n {\n example.VerificationToken,\n },\n });\n\n var exampleVerification = new Aws.Ses.DomainIdentityVerification(\"example_verification\", new()\n {\n Domain = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example_amazonses_verification_record\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.ZoneId),\n\t\t\tName: example.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"_amazonses.%v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.VerificationToken,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewDomainIdentityVerification(ctx, \"example_verification\", \u0026ses.DomainIdentityVerificationArgs{\n\t\t\tDomain: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.ses.DomainIdentityVerification;\nimport com.pulumi.aws.ses.DomainIdentityVerificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleAmazonsesVerificationRecord = new Record(\"exampleAmazonsesVerificationRecord\", RecordArgs.builder() \n .zoneId(exampleAwsRoute53Zone.zoneId())\n .name(example.id().applyValue(id -\u003e String.format(\"_amazonses.%s\", id)))\n .type(\"TXT\")\n .ttl(\"600\")\n .records(example.verificationToken())\n .build());\n\n var exampleVerification = new DomainIdentityVerification(\"exampleVerification\", DomainIdentityVerificationArgs.builder() \n .domain(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n exampleAmazonsesVerificationRecord:\n type: aws:route53:Record\n name: example_amazonses_verification_record\n properties:\n zoneId: ${exampleAwsRoute53Zone.zoneId}\n name: _amazonses.${example.id}\n type: TXT\n ttl: '600'\n records:\n - ${example.verificationToken}\n exampleVerification:\n type: aws:ses:DomainIdentityVerification\n name: example_verification\n properties:\n domain: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Represents a successful verification of an SES domain identity.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.ses.DomainIdentity` to request an SES domain identity,\ndeploy the required DNS verification records, and wait for verification to complete.\n\n\u003e **WARNING:** This resource implements a part of the verification workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleAmazonsesVerificationRecord = new aws.route53.Record(\"example_amazonses_verification_record\", {\n zoneId: exampleAwsRoute53Zone.zoneId,\n name: pulumi.interpolate`_amazonses.${example.id}`,\n type: aws.route53.RecordType.TXT,\n ttl: 600,\n records: [example.verificationToken],\n});\nconst exampleVerification = new aws.ses.DomainIdentityVerification(\"example_verification\", {domain: example.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_amazonses_verification_record = aws.route53.Record(\"example_amazonses_verification_record\",\n zone_id=example_aws_route53_zone[\"zoneId\"],\n name=example.id.apply(lambda id: f\"_amazonses.{id}\"),\n type=aws.route53.RecordType.TXT,\n ttl=600,\n records=[example.verification_token])\nexample_verification = aws.ses.DomainIdentityVerification(\"example_verification\", domain=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleAmazonsesVerificationRecord = new Aws.Route53.Record(\"example_amazonses_verification_record\", new()\n {\n ZoneId = exampleAwsRoute53Zone.ZoneId,\n Name = example.Id.Apply(id =\u003e $\"_amazonses.{id}\"),\n Type = Aws.Route53.RecordType.TXT,\n Ttl = 600,\n Records = new[]\n {\n example.VerificationToken,\n },\n });\n\n var exampleVerification = new Aws.Ses.DomainIdentityVerification(\"example_verification\", new()\n {\n Domain = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example_amazonses_verification_record\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.ZoneId),\n\t\t\tName: example.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"_amazonses.%v\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(route53.RecordTypeTXT),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.VerificationToken,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewDomainIdentityVerification(ctx, \"example_verification\", \u0026ses.DomainIdentityVerificationArgs{\n\t\t\tDomain: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.ses.DomainIdentityVerification;\nimport com.pulumi.aws.ses.DomainIdentityVerificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new DomainIdentity(\"example\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleAmazonsesVerificationRecord = new Record(\"exampleAmazonsesVerificationRecord\", RecordArgs.builder() \n .zoneId(exampleAwsRoute53Zone.zoneId())\n .name(example.id().applyValue(id -\u003e String.format(\"_amazonses.%s\", id)))\n .type(\"TXT\")\n .ttl(\"600\")\n .records(example.verificationToken())\n .build());\n\n var exampleVerification = new DomainIdentityVerification(\"exampleVerification\", DomainIdentityVerificationArgs.builder() \n .domain(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n exampleAmazonsesVerificationRecord:\n type: aws:route53:Record\n name: example_amazonses_verification_record\n properties:\n zoneId: ${exampleAwsRoute53Zone.zoneId}\n name: _amazonses.${example.id}\n type: TXT\n ttl: '600'\n records:\n - ${example.verificationToken}\n exampleVerification:\n type: aws:ses:DomainIdentityVerification\n name: example_verification\n properties:\n domain: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "arn": { "type": "string", @@ -327500,7 +327500,7 @@ } }, "aws:ses/mailFrom:MailFrom": { - "description": "Provides an SES domain MAIL FROM resource.\n\n\u003e **NOTE:** For the MAIL FROM domain to be fully usable, this resource should be paired with the aws.ses.DomainIdentity resource. To validate the MAIL FROM domain, a DNS MX record is required. To pass SPF checks, a DNS TXT record may also be required. See the [Amazon SES MAIL FROM documentation](https://docs.aws.amazon.com/ses/latest/dg/mail-from.html) for more information.\n\n## Example Usage\n\n### Domain Identity MAIL FROM\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Domain Identity\nconst exampleDomainIdentity = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst example = new aws.ses.MailFrom(\"example\", {\n domain: exampleDomainIdentity.domain,\n mailFromDomain: pulumi.interpolate`bounce.${exampleDomainIdentity.domain}`,\n});\n// Example Route53 MX record\nconst exampleSesDomainMailFromMx = new aws.route53.Record(\"example_ses_domain_mail_from_mx\", {\n zoneId: exampleAwsRoute53Zone.id,\n name: example.mailFromDomain,\n type: \"MX\",\n ttl: 600,\n records: [\"10 feedback-smtp.us-east-1.amazonses.com\"],\n});\n// Example Route53 TXT record for SPF\nconst exampleSesDomainMailFromTxt = new aws.route53.Record(\"example_ses_domain_mail_from_txt\", {\n zoneId: exampleAwsRoute53Zone.id,\n name: example.mailFromDomain,\n type: \"TXT\",\n ttl: 600,\n records: [\"v=spf1 include:amazonses.com -all\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Domain Identity\nexample_domain_identity = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample = aws.ses.MailFrom(\"example\",\n domain=example_domain_identity.domain,\n mail_from_domain=example_domain_identity.domain.apply(lambda domain: f\"bounce.{domain}\"))\n# Example Route53 MX record\nexample_ses_domain_mail_from_mx = aws.route53.Record(\"example_ses_domain_mail_from_mx\",\n zone_id=example_aws_route53_zone[\"id\"],\n name=example.mail_from_domain,\n type=\"MX\",\n ttl=600,\n records=[\"10 feedback-smtp.us-east-1.amazonses.com\"])\n# Example Route53 TXT record for SPF\nexample_ses_domain_mail_from_txt = aws.route53.Record(\"example_ses_domain_mail_from_txt\",\n zone_id=example_aws_route53_zone[\"id\"],\n name=example.mail_from_domain,\n type=\"TXT\",\n ttl=600,\n records=[\"v=spf1 include:amazonses.com -all\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Domain Identity\n var exampleDomainIdentity = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var example = new Aws.Ses.MailFrom(\"example\", new()\n {\n Domain = exampleDomainIdentity.Domain,\n MailFromDomain = exampleDomainIdentity.Domain.Apply(domain =\u003e $\"bounce.{domain}\"),\n });\n\n // Example Route53 MX record\n var exampleSesDomainMailFromMx = new Aws.Route53.Record(\"example_ses_domain_mail_from_mx\", new()\n {\n ZoneId = exampleAwsRoute53Zone.Id,\n Name = example.MailFromDomain,\n Type = \"MX\",\n Ttl = 600,\n Records = new[]\n {\n \"10 feedback-smtp.us-east-1.amazonses.com\",\n },\n });\n\n // Example Route53 TXT record for SPF\n var exampleSesDomainMailFromTxt = new Aws.Route53.Record(\"example_ses_domain_mail_from_txt\", new()\n {\n ZoneId = exampleAwsRoute53Zone.Id,\n Name = example.MailFromDomain,\n Type = \"TXT\",\n Ttl = 600,\n Records = new[]\n {\n \"v=spf1 include:amazonses.com -all\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example SES Domain Identity\n\t\texampleDomainIdentity, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ses.NewMailFrom(ctx, \"example\", \u0026ses.MailFromArgs{\n\t\t\tDomain: exampleDomainIdentity.Domain,\n\t\t\tMailFromDomain: exampleDomainIdentity.Domain.ApplyT(func(domain string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"bounce.%v\", domain), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example Route53 MX record\n\t\t_, err = route53.NewRecord(ctx, \"example_ses_domain_mail_from_mx\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tName: example.MailFromDomain,\n\t\t\tType: pulumi.String(\"MX\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10 feedback-smtp.us-east-1.amazonses.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example Route53 TXT record for SPF\n\t\t_, err = route53.NewRecord(ctx, \"example_ses_domain_mail_from_txt\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tName: example.MailFromDomain,\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"v=spf1 include:amazonses.com -all\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainIdentity = new DomainIdentity(\"exampleDomainIdentity\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var example = new MailFrom(\"example\", MailFromArgs.builder() \n .domain(exampleDomainIdentity.domain())\n .mailFromDomain(exampleDomainIdentity.domain().applyValue(domain -\u003e String.format(\"bounce.%s\", domain)))\n .build());\n\n var exampleSesDomainMailFromMx = new Record(\"exampleSesDomainMailFromMx\", RecordArgs.builder() \n .zoneId(exampleAwsRoute53Zone.id())\n .name(example.mailFromDomain())\n .type(\"MX\")\n .ttl(\"600\")\n .records(\"10 feedback-smtp.us-east-1.amazonses.com\")\n .build());\n\n var exampleSesDomainMailFromTxt = new Record(\"exampleSesDomainMailFromTxt\", RecordArgs.builder() \n .zoneId(exampleAwsRoute53Zone.id())\n .name(example.mailFromDomain())\n .type(\"TXT\")\n .ttl(\"600\")\n .records(\"v=spf1 include:amazonses.com -all\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:MailFrom\n properties:\n domain: ${exampleDomainIdentity.domain}\n mailFromDomain: bounce.${exampleDomainIdentity.domain}\n # Example SES Domain Identity\n exampleDomainIdentity:\n type: aws:ses:DomainIdentity\n name: example\n properties:\n domain: example.com\n # Example Route53 MX record\n exampleSesDomainMailFromMx:\n type: aws:route53:Record\n name: example_ses_domain_mail_from_mx\n properties:\n zoneId: ${exampleAwsRoute53Zone.id}\n name: ${example.mailFromDomain}\n type: MX\n ttl: '600'\n records: # Change to the region in which `aws_ses_domain_identity.example` is created\n - 10 feedback-smtp.us-east-1.amazonses.com\n # Example Route53 TXT record for SPF\n exampleSesDomainMailFromTxt:\n type: aws:route53:Record\n name: example_ses_domain_mail_from_txt\n properties:\n zoneId: ${exampleAwsRoute53Zone.id}\n name: ${example.mailFromDomain}\n type: TXT\n ttl: '600'\n records:\n - v=spf1 include:amazonses.com -all\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Email Identity MAIL FROM\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Email Identity\nconst example = new aws.ses.EmailIdentity(\"example\", {email: \"user@example.com\"});\nconst exampleMailFrom = new aws.ses.MailFrom(\"example\", {\n domain: example.email,\n mailFromDomain: \"mail.example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Email Identity\nexample = aws.ses.EmailIdentity(\"example\", email=\"user@example.com\")\nexample_mail_from = aws.ses.MailFrom(\"example\",\n domain=example.email,\n mail_from_domain=\"mail.example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Email Identity\n var example = new Aws.Ses.EmailIdentity(\"example\", new()\n {\n Email = \"user@example.com\",\n });\n\n var exampleMailFrom = new Aws.Ses.MailFrom(\"example\", new()\n {\n Domain = example.Email,\n MailFromDomain = \"mail.example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example SES Email Identity\n\t\texample, err := ses.NewEmailIdentity(ctx, \"example\", \u0026ses.EmailIdentityArgs{\n\t\t\tEmail: pulumi.String(\"user@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewMailFrom(ctx, \"example\", \u0026ses.MailFromArgs{\n\t\t\tDomain: example.Email,\n\t\t\tMailFromDomain: pulumi.String(\"mail.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.EmailIdentity;\nimport com.pulumi.aws.ses.EmailIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EmailIdentity(\"example\", EmailIdentityArgs.builder() \n .email(\"user@example.com\")\n .build());\n\n var exampleMailFrom = new MailFrom(\"exampleMailFrom\", MailFromArgs.builder() \n .domain(example.email())\n .mailFromDomain(\"mail.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Example SES Email Identity\n example:\n type: aws:ses:EmailIdentity\n properties:\n email: user@example.com\n exampleMailFrom:\n type: aws:ses:MailFrom\n name: example\n properties:\n domain: ${example.email}\n mailFromDomain: mail.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MAIL FROM domain using the `domain` attribute. For example:\n\n```sh\n$ pulumi import aws:ses/mailFrom:MailFrom example example.com\n```\n", + "description": "Provides an SES domain MAIL FROM resource.\n\n\u003e **NOTE:** For the MAIL FROM domain to be fully usable, this resource should be paired with the aws.ses.DomainIdentity resource. To validate the MAIL FROM domain, a DNS MX record is required. To pass SPF checks, a DNS TXT record may also be required. See the [Amazon SES MAIL FROM documentation](https://docs.aws.amazon.com/ses/latest/dg/mail-from.html) for more information.\n\n## Example Usage\n\n### Domain Identity MAIL FROM\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Domain Identity\nconst exampleDomainIdentity = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst example = new aws.ses.MailFrom(\"example\", {\n domain: exampleDomainIdentity.domain,\n mailFromDomain: pulumi.interpolate`bounce.${exampleDomainIdentity.domain}`,\n});\n// Example Route53 MX record\nconst exampleSesDomainMailFromMx = new aws.route53.Record(\"example_ses_domain_mail_from_mx\", {\n zoneId: exampleAwsRoute53Zone.id,\n name: example.mailFromDomain,\n type: aws.route53.RecordType.MX,\n ttl: 600,\n records: [\"10 feedback-smtp.us-east-1.amazonses.com\"],\n});\n// Example Route53 TXT record for SPF\nconst exampleSesDomainMailFromTxt = new aws.route53.Record(\"example_ses_domain_mail_from_txt\", {\n zoneId: exampleAwsRoute53Zone.id,\n name: example.mailFromDomain,\n type: aws.route53.RecordType.TXT,\n ttl: 600,\n records: [\"v=spf1 include:amazonses.com -all\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Domain Identity\nexample_domain_identity = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample = aws.ses.MailFrom(\"example\",\n domain=example_domain_identity.domain,\n mail_from_domain=example_domain_identity.domain.apply(lambda domain: f\"bounce.{domain}\"))\n# Example Route53 MX record\nexample_ses_domain_mail_from_mx = aws.route53.Record(\"example_ses_domain_mail_from_mx\",\n zone_id=example_aws_route53_zone[\"id\"],\n name=example.mail_from_domain,\n type=aws.route53.RecordType.MX,\n ttl=600,\n records=[\"10 feedback-smtp.us-east-1.amazonses.com\"])\n# Example Route53 TXT record for SPF\nexample_ses_domain_mail_from_txt = aws.route53.Record(\"example_ses_domain_mail_from_txt\",\n zone_id=example_aws_route53_zone[\"id\"],\n name=example.mail_from_domain,\n type=aws.route53.RecordType.TXT,\n ttl=600,\n records=[\"v=spf1 include:amazonses.com -all\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Domain Identity\n var exampleDomainIdentity = new Aws.Ses.DomainIdentity(\"example\", new()\n {\n Domain = \"example.com\",\n });\n\n var example = new Aws.Ses.MailFrom(\"example\", new()\n {\n Domain = exampleDomainIdentity.Domain,\n MailFromDomain = exampleDomainIdentity.Domain.Apply(domain =\u003e $\"bounce.{domain}\"),\n });\n\n // Example Route53 MX record\n var exampleSesDomainMailFromMx = new Aws.Route53.Record(\"example_ses_domain_mail_from_mx\", new()\n {\n ZoneId = exampleAwsRoute53Zone.Id,\n Name = example.MailFromDomain,\n Type = Aws.Route53.RecordType.MX,\n Ttl = 600,\n Records = new[]\n {\n \"10 feedback-smtp.us-east-1.amazonses.com\",\n },\n });\n\n // Example Route53 TXT record for SPF\n var exampleSesDomainMailFromTxt = new Aws.Route53.Record(\"example_ses_domain_mail_from_txt\", new()\n {\n ZoneId = exampleAwsRoute53Zone.Id,\n Name = example.MailFromDomain,\n Type = Aws.Route53.RecordType.TXT,\n Ttl = 600,\n Records = new[]\n {\n \"v=spf1 include:amazonses.com -all\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example SES Domain Identity\n\t\texampleDomainIdentity, err := ses.NewDomainIdentity(ctx, \"example\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ses.NewMailFrom(ctx, \"example\", \u0026ses.MailFromArgs{\n\t\t\tDomain: exampleDomainIdentity.Domain,\n\t\t\tMailFromDomain: exampleDomainIdentity.Domain.ApplyT(func(domain string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"bounce.%v\", domain), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example Route53 MX record\n\t\t_, err = route53.NewRecord(ctx, \"example_ses_domain_mail_from_mx\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tName: example.MailFromDomain,\n\t\t\tType: pulumi.String(route53.RecordTypeMX),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10 feedback-smtp.us-east-1.amazonses.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example Route53 TXT record for SPF\n\t\t_, err = route53.NewRecord(ctx, \"example_ses_domain_mail_from_txt\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),\n\t\t\tName: example.MailFromDomain,\n\t\t\tType: pulumi.String(route53.RecordTypeTXT),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"v=spf1 include:amazonses.com -all\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainIdentity = new DomainIdentity(\"exampleDomainIdentity\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var example = new MailFrom(\"example\", MailFromArgs.builder() \n .domain(exampleDomainIdentity.domain())\n .mailFromDomain(exampleDomainIdentity.domain().applyValue(domain -\u003e String.format(\"bounce.%s\", domain)))\n .build());\n\n var exampleSesDomainMailFromMx = new Record(\"exampleSesDomainMailFromMx\", RecordArgs.builder() \n .zoneId(exampleAwsRoute53Zone.id())\n .name(example.mailFromDomain())\n .type(\"MX\")\n .ttl(\"600\")\n .records(\"10 feedback-smtp.us-east-1.amazonses.com\")\n .build());\n\n var exampleSesDomainMailFromTxt = new Record(\"exampleSesDomainMailFromTxt\", RecordArgs.builder() \n .zoneId(exampleAwsRoute53Zone.id())\n .name(example.mailFromDomain())\n .type(\"TXT\")\n .ttl(\"600\")\n .records(\"v=spf1 include:amazonses.com -all\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ses:MailFrom\n properties:\n domain: ${exampleDomainIdentity.domain}\n mailFromDomain: bounce.${exampleDomainIdentity.domain}\n # Example SES Domain Identity\n exampleDomainIdentity:\n type: aws:ses:DomainIdentity\n name: example\n properties:\n domain: example.com\n # Example Route53 MX record\n exampleSesDomainMailFromMx:\n type: aws:route53:Record\n name: example_ses_domain_mail_from_mx\n properties:\n zoneId: ${exampleAwsRoute53Zone.id}\n name: ${example.mailFromDomain}\n type: MX\n ttl: '600'\n records: # Change to the region in which `aws_ses_domain_identity.example` is created\n - 10 feedback-smtp.us-east-1.amazonses.com\n # Example Route53 TXT record for SPF\n exampleSesDomainMailFromTxt:\n type: aws:route53:Record\n name: example_ses_domain_mail_from_txt\n properties:\n zoneId: ${exampleAwsRoute53Zone.id}\n name: ${example.mailFromDomain}\n type: TXT\n ttl: '600'\n records:\n - v=spf1 include:amazonses.com -all\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Email Identity MAIL FROM\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Email Identity\nconst example = new aws.ses.EmailIdentity(\"example\", {email: \"user@example.com\"});\nconst exampleMailFrom = new aws.ses.MailFrom(\"example\", {\n domain: example.email,\n mailFromDomain: \"mail.example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Email Identity\nexample = aws.ses.EmailIdentity(\"example\", email=\"user@example.com\")\nexample_mail_from = aws.ses.MailFrom(\"example\",\n domain=example.email,\n mail_from_domain=\"mail.example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Email Identity\n var example = new Aws.Ses.EmailIdentity(\"example\", new()\n {\n Email = \"user@example.com\",\n });\n\n var exampleMailFrom = new Aws.Ses.MailFrom(\"example\", new()\n {\n Domain = example.Email,\n MailFromDomain = \"mail.example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example SES Email Identity\n\t\texample, err := ses.NewEmailIdentity(ctx, \"example\", \u0026ses.EmailIdentityArgs{\n\t\t\tEmail: pulumi.String(\"user@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewMailFrom(ctx, \"example\", \u0026ses.MailFromArgs{\n\t\t\tDomain: example.Email,\n\t\t\tMailFromDomain: pulumi.String(\"mail.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.EmailIdentity;\nimport com.pulumi.aws.ses.EmailIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EmailIdentity(\"example\", EmailIdentityArgs.builder() \n .email(\"user@example.com\")\n .build());\n\n var exampleMailFrom = new MailFrom(\"exampleMailFrom\", MailFromArgs.builder() \n .domain(example.email())\n .mailFromDomain(\"mail.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Example SES Email Identity\n example:\n type: aws:ses:EmailIdentity\n properties:\n email: user@example.com\n exampleMailFrom:\n type: aws:ses:MailFrom\n name: example\n properties:\n domain: ${example.email}\n mailFromDomain: mail.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import MAIL FROM domain using the `domain` attribute. For example:\n\n```sh\n$ pulumi import aws:ses/mailFrom:MailFrom example example.com\n```\n", "properties": { "behaviorOnMxFailure": { "type": "string", @@ -331070,7 +331070,7 @@ } }, "aws:sns/topicSubscription:TopicSubscription": { - "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n## Example Usage\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol: \"sqs\",\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol=\"sqs\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n Protocol = \"sqs\",\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .protocol(\"sqs\")\n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n protocol: sqs\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {name: \"user-updates-topic\"});\nconst userUpdatesQueue = new aws.sqs.Queue(\"user_updates_queue\", {name: \"user-updates-queue\"});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"user_updates\", name=\"user-updates-topic\")\nuser_updates_queue = aws.sqs.Queue(\"user_updates_queue\", name=\"user-updates-queue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"user_updates\", new()\n {\n Name = \"user-updates-topic\",\n });\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"user_updates_queue\", new()\n {\n Name = \"user-updates-queue\",\n });\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"user_updates\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"user_updates_queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"user-updates-queue\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\", TopicArgs.builder() \n .name(\"user-updates-topic\")\n .build());\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\", QueueArgs.builder() \n .name(\"user-updates-queue\")\n .build());\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n name: user_updates\n properties:\n name: user-updates-topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n name: user_updates_queue\n properties:\n name: user-updates-queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject(\"sns\") || {\n \"account-id\": \"111111111111\",\n displayName: \"example\",\n name: \"example-sns-topic\",\n region: \"us-west-1\",\n \"role-name\": \"service/service\",\n};\nconst sqs = config.getObject(\"sqs\") || {\n \"account-id\": \"222222222222\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n \"role-name\": \"service/service\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\nconst sns_topic = new aws.sns.Topic(\"sns-topic\", {\n name: sns.name,\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {\n name: sqs.name,\n policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json),\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topic\", {\n topic: sns_topic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"displayName\": \"example\",\n \"name\": \"example-sns-topic\",\n \"region\": \"us-west-1\",\n \"role-name\": \"service/service\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n \"role-name\": \"service/service\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[sns[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__default_statement_ID\",\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"SNS:Endpoint\",\n values=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__console_sub_0\",\n ),\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example-sns-topic\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n actions=[\"SQS:SendMessage\"],\n resources=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n )],\n )])\nsns_topic = aws.sns.Topic(\"sns-topic\",\n name=sns[\"name\"],\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json)\nsqs_queue = aws.sqs.Queue(\"sqs-queue\",\n name=sqs[\"name\"],\n policy=sqs_queue_policy.json)\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topic\",\n topic=sns_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cdynamic\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"displayName\", \"example\" },\n { \"name\", \"example-sns-topic\" },\n { \"region\", \"us-west-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sqs = config.GetObject\u003cdynamic\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n var sns_topic = new Aws.Sns.Topic(\"sns-topic\", new()\n {\n Name = sns.Name,\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Name = sqs.Name,\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topic\", new()\n {\n Topic = sns_topic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"displayName\": \"example\",\n\"name\": \"example-sns-topic\",\n\"region\": \"us-west-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topic\", \u0026sns.TopicArgs{\nName: pulumi.Any(sns.Name),\nDisplayName: pulumi.Any(sns.Display_name),\nPolicy: *pulumi.String(sns_topic_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nName: pulumi.Any(sqs.Name),\nPolicy: *pulumi.String(sqs_queue_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topic\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var sns_topic = new Topic(\"sns-topic\", TopicArgs.builder() \n .name(sns.name())\n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder() \n .name(sqs.name())\n .policy(sqs_queue_policy.json())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder() \n .topic(sns_topic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: dynamic\n default:\n account-id: '111111111111'\n displayName: example\n name: example-sns-topic\n region: us-west-1\n role-name: service/service\n sqs:\n type: dynamic\n default:\n account-id: '222222222222'\n name: example-sqs-queue\n region: us-east-1\n role-name: service/service\nresources:\n sns-topic:\n type: aws:sns:Topic\n properties:\n name: ${sns.name}\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n name: ${sqs.name}\n policy: ${[\"sqs-queue-policy\"].json}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n name: sns-topic\n properties:\n topic: ${[\"sns-topic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\nvariables:\n sns-topic-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For example:\n\n```sh\n$ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\n```\n", + "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n## Example Usage\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol: \"sqs\",\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol=\"sqs\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n Protocol = \"sqs\",\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .protocol(\"sqs\")\n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n protocol: sqs\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {name: \"user-updates-topic\"});\nconst userUpdatesQueue = new aws.sqs.Queue(\"user_updates_queue\", {name: \"user-updates-queue\"});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"user_updates\", name=\"user-updates-topic\")\nuser_updates_queue = aws.sqs.Queue(\"user_updates_queue\", name=\"user-updates-queue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"user_updates\", new()\n {\n Name = \"user-updates-topic\",\n });\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"user_updates_queue\", new()\n {\n Name = \"user-updates-queue\",\n });\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"user_updates\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"user_updates_queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"user-updates-queue\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\", TopicArgs.builder() \n .name(\"user-updates-topic\")\n .build());\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\", QueueArgs.builder() \n .name(\"user-updates-queue\")\n .build());\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n name: user_updates\n properties:\n name: user-updates-topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n name: user_updates_queue\n properties:\n name: user-updates-queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject(\"sns\") || {\n \"account-id\": \"111111111111\",\n displayName: \"example\",\n name: \"example-sns-topic\",\n region: \"us-west-1\",\n \"role-name\": \"service/service\",\n};\nconst sqs = config.getObject(\"sqs\") || {\n \"account-id\": \"222222222222\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n \"role-name\": \"service/service\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\nconst sns_topic = new aws.sns.Topic(\"sns-topic\", {\n name: sns.name,\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {\n name: sqs.name,\n policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json),\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topic\", {\n topic: sns_topic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"displayName\": \"example\",\n \"name\": \"example-sns-topic\",\n \"region\": \"us-west-1\",\n \"role-name\": \"service/service\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n \"role-name\": \"service/service\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[sns[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__default_statement_ID\",\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"SNS:Endpoint\",\n values=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__console_sub_0\",\n ),\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example-sns-topic\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n actions=[\"SQS:SendMessage\"],\n resources=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n )],\n )])\nsns_topic = aws.sns.Topic(\"sns-topic\",\n name=sns[\"name\"],\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json)\nsqs_queue = aws.sqs.Queue(\"sqs-queue\",\n name=sqs[\"name\"],\n policy=sqs_queue_policy.json)\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topic\",\n topic=sns_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cdynamic\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"displayName\", \"example\" },\n { \"name\", \"example-sns-topic\" },\n { \"region\", \"us-west-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sqs = config.GetObject\u003cdynamic\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n var sns_topic = new Aws.Sns.Topic(\"sns-topic\", new()\n {\n Name = sns.Name,\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Name = sqs.Name,\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topic\", new()\n {\n Topic = sns_topic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"displayName\": \"example\",\n\"name\": \"example-sns-topic\",\n\"region\": \"us-west-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topic\", \u0026sns.TopicArgs{\nName: pulumi.Any(sns.Name),\nDisplayName: pulumi.Any(sns.Display_name),\nPolicy: pulumi.String(sns_topic_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nName: pulumi.Any(sqs.Name),\nPolicy: pulumi.String(sqs_queue_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topic\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var sns_topic = new Topic(\"sns-topic\", TopicArgs.builder() \n .name(sns.name())\n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder() \n .name(sqs.name())\n .policy(sqs_queue_policy.json())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder() \n .topic(sns_topic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: dynamic\n default:\n account-id: '111111111111'\n displayName: example\n name: example-sns-topic\n region: us-west-1\n role-name: service/service\n sqs:\n type: dynamic\n default:\n account-id: '222222222222'\n name: example-sqs-queue\n region: us-east-1\n role-name: service/service\nresources:\n sns-topic:\n type: aws:sns:Topic\n properties:\n name: ${sns.name}\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n name: ${sqs.name}\n policy: ${[\"sqs-queue-policy\"].json}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n name: sns-topic\n properties:\n topic: ${[\"sns-topic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\nvariables:\n sns-topic-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For example:\n\n```sh\n$ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\n```\n", "properties": { "arn": { "type": "string", @@ -331777,7 +331777,7 @@ } }, "aws:ssm/activation:Activation": { - "description": "Registers an on-premises server or virtual machine with Amazon EC2 so that it can be managed using Run Command.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ssm.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst testRole = new aws.iam.Role(\"test_role\", {\n name: \"test_role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testAttach = new aws.iam.RolePolicyAttachment(\"test_attach\", {\n role: testRole.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\",\n});\nconst foo = new aws.ssm.Activation(\"foo\", {\n name: \"test_ssm_activation\",\n description: \"Test\",\n iamRole: testRole.id,\n registrationLimit: 5,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ssm.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ntest_role = aws.iam.Role(\"test_role\",\n name=\"test_role\",\n assume_role_policy=assume_role.json)\ntest_attach = aws.iam.RolePolicyAttachment(\"test_attach\",\n role=test_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\")\nfoo = aws.ssm.Activation(\"foo\",\n name=\"test_ssm_activation\",\n description=\"Test\",\n iam_role=test_role.id,\n registration_limit=5)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ssm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n Name = \"test_role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testAttach = new Aws.Iam.RolePolicyAttachment(\"test_attach\", new()\n {\n Role = testRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\",\n });\n\n var foo = new Aws.Ssm.Activation(\"foo\", new()\n {\n Name = \"test_ssm_activation\",\n Description = \"Test\",\n IamRole = testRole.Id,\n RegistrationLimit = 5,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ssm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"test_attach\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: testRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewActivation(ctx, \"foo\", \u0026ssm.ActivationArgs{\n\t\t\tName: pulumi.String(\"test_ssm_activation\"),\n\t\t\tDescription: pulumi.String(\"Test\"),\n\t\t\tIamRole: testRole.ID(),\n\t\t\tRegistrationLimit: pulumi.Int(5),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.ssm.Activation;\nimport com.pulumi.aws.ssm.ActivationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ssm.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testAttach = new RolePolicyAttachment(\"testAttach\", RolePolicyAttachmentArgs.builder() \n .role(testRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\")\n .build());\n\n var foo = new Activation(\"foo\", ActivationArgs.builder() \n .name(\"test_ssm_activation\")\n .description(\"Test\")\n .iamRole(testRole.id())\n .registrationLimit(\"5\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n name: test_role\n assumeRolePolicy: ${assumeRole.json}\n testAttach:\n type: aws:iam:RolePolicyAttachment\n name: test_attach\n properties:\n role: ${testRole.name}\n policyArn: arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\n foo:\n type: aws:ssm:Activation\n properties:\n name: test_ssm_activation\n description: Test\n iamRole: ${testRole.id}\n registrationLimit: '5'\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ssm.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS SSM Activation using the `id`. For example:\n\n```sh\n$ pulumi import aws:ssm/activation:Activation example e488f2f6-e686-4afb-8a04-ef6dfEXAMPLE\n```\n-\u003e __Note:__ The `activation_code` attribute cannot be imported.\n\n", + "description": "Registers an on-premises server or virtual machine with Amazon EC2 so that it can be managed using Run Command.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ssm.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst testRole = new aws.iam.Role(\"test_role\", {\n name: \"test_role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testAttach = new aws.iam.RolePolicyAttachment(\"test_attach\", {\n role: testRole.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\",\n});\nconst foo = new aws.ssm.Activation(\"foo\", {\n name: \"test_ssm_activation\",\n description: \"Test\",\n iamRole: testRole.id,\n registrationLimit: 5,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ssm.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\ntest_role = aws.iam.Role(\"test_role\",\n name=\"test_role\",\n assume_role_policy=assume_role.json)\ntest_attach = aws.iam.RolePolicyAttachment(\"test_attach\",\n role=test_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\")\nfoo = aws.ssm.Activation(\"foo\",\n name=\"test_ssm_activation\",\n description=\"Test\",\n iam_role=test_role.id,\n registration_limit=5)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ssm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n Name = \"test_role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testAttach = new Aws.Iam.RolePolicyAttachment(\"test_attach\", new()\n {\n Role = testRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\",\n });\n\n var foo = new Aws.Ssm.Activation(\"foo\", new()\n {\n Name = \"test_ssm_activation\",\n Description = \"Test\",\n IamRole = testRole.Id,\n RegistrationLimit = 5,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ssm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"test_attach\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: testRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewActivation(ctx, \"foo\", \u0026ssm.ActivationArgs{\n\t\t\tName: pulumi.String(\"test_ssm_activation\"),\n\t\t\tDescription: pulumi.String(\"Test\"),\n\t\t\tIamRole: testRole.ID(),\n\t\t\tRegistrationLimit: pulumi.Int(5),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.ssm.Activation;\nimport com.pulumi.aws.ssm.ActivationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ssm.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var testRole = new Role(\"testRole\", RoleArgs.builder() \n .name(\"test_role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testAttach = new RolePolicyAttachment(\"testAttach\", RolePolicyAttachmentArgs.builder() \n .role(testRole.name())\n .policyArn(\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\")\n .build());\n\n var foo = new Activation(\"foo\", ActivationArgs.builder() \n .name(\"test_ssm_activation\")\n .description(\"Test\")\n .iamRole(testRole.id())\n .registrationLimit(\"5\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n name: test_role\n assumeRolePolicy: ${assumeRole.json}\n testAttach:\n type: aws:iam:RolePolicyAttachment\n name: test_attach\n properties:\n role: ${testRole.name}\n policyArn: arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\n foo:\n type: aws:ssm:Activation\n properties:\n name: test_ssm_activation\n description: Test\n iamRole: ${testRole.id}\n registrationLimit: '5'\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - ssm.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import AWS SSM Activation using the `id`. For example:\n\n```sh\n$ pulumi import aws:ssm/activation:Activation example e488f2f6-e686-4afb-8a04-ef6dfEXAMPLE\n```\n-\u003e __Note:__ The `activation_code` attribute cannot be imported.\n\n", "properties": { "activationCode": { "type": "string", @@ -333177,7 +333177,7 @@ } }, "aws:ssm/parameter:Parameter": { - "description": "Provides an SSM Parameter resource.\n\n\u003e **Note:** `overwrite` also makes it possible to overwrite an existing SSM Parameter that's not created by the provider before. This argument has been deprecated and will be removed in v6.0.0 of the provider. For more information on how this affects the behavior of this resource, see this issue comment.\n\n## Example Usage\n\n### Basic example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ssm.Parameter(\"foo\", {\n name: \"foo\",\n type: \"String\",\n value: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ssm.Parameter(\"foo\",\n name=\"foo\",\n type=\"String\",\n value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ssm.Parameter(\"foo\", new()\n {\n Name = \"foo\",\n Type = \"String\",\n Value = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewParameter(ctx, \"foo\", \u0026ssm.ParameterArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tType: pulumi.String(\"String\"),\n\t\t\tValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ssm.Parameter;\nimport com.pulumi.aws.ssm.ParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Parameter(\"foo\", ParameterArgs.builder() \n .name(\"foo\")\n .type(\"String\")\n .value(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ssm:Parameter\n properties:\n name: foo\n type: String\n value: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Encrypted string using default SSM KMS key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n storageType: \"gp2\",\n engine: \"mysql\",\n engineVersion: \"5.7.16\",\n instanceClass: \"db.t2.micro\",\n dbName: \"mydb\",\n username: \"foo\",\n password: databaseMasterPassword,\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.7\",\n});\nconst secret = new aws.ssm.Parameter(\"secret\", {\n name: \"/production/database/password/master\",\n description: \"The parameter description\",\n type: \"SecureString\",\n value: databaseMasterPassword,\n tags: {\n environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n storage_type=\"gp2\",\n engine=\"mysql\",\n engine_version=\"5.7.16\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydb\",\n username=\"foo\",\n password=database_master_password,\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.7\")\nsecret = aws.ssm.Parameter(\"secret\",\n name=\"/production/database/password/master\",\n description=\"The parameter description\",\n type=\"SecureString\",\n value=database_master_password,\n tags={\n \"environment\": \"production\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n StorageType = \"gp2\",\n Engine = \"mysql\",\n EngineVersion = \"5.7.16\",\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydb\",\n Username = \"foo\",\n Password = databaseMasterPassword,\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n var secret = new Aws.Ssm.Parameter(\"secret\", new()\n {\n Name = \"/production/database/password/master\",\n Description = \"The parameter description\",\n Type = \"SecureString\",\n Value = databaseMasterPassword,\n Tags = \n {\n { \"environment\", \"production\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tStorageType: pulumi.String(\"gp2\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.16\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.Any(databaseMasterPassword),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewParameter(ctx, \"secret\", \u0026ssm.ParameterArgs{\n\t\t\tName: pulumi.String(\"/production/database/password/master\"),\n\t\t\tDescription: pulumi.String(\"The parameter description\"),\n\t\t\tType: pulumi.String(\"SecureString\"),\n\t\t\tValue: pulumi.Any(databaseMasterPassword),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.ssm.Parameter;\nimport com.pulumi.aws.ssm.ParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .storageType(\"gp2\")\n .engine(\"mysql\")\n .engineVersion(\"5.7.16\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(databaseMasterPassword)\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n var secret = new Parameter(\"secret\", ParameterArgs.builder() \n .name(\"/production/database/password/master\")\n .description(\"The parameter description\")\n .type(\"SecureString\")\n .value(databaseMasterPassword)\n .tags(Map.of(\"environment\", \"production\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n storageType: gp2\n engine: mysql\n engineVersion: 5.7.16\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: ${databaseMasterPassword}\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.7\n secret:\n type: aws:ssm:Parameter\n properties:\n name: /production/database/password/master\n description: The parameter description\n type: SecureString\n value: ${databaseMasterPassword}\n tags:\n environment: production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SSM Parameters using the parameter store `name`. For example:\n\n```sh\n$ pulumi import aws:ssm/parameter:Parameter my_param /my_path/my_paramname\n```\n", + "description": "Provides an SSM Parameter resource.\n\n\u003e **Note:** `overwrite` also makes it possible to overwrite an existing SSM Parameter that's not created by the provider before. This argument has been deprecated and will be removed in v6.0.0 of the provider. For more information on how this affects the behavior of this resource, see this issue comment.\n\n## Example Usage\n\n### Basic example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ssm.Parameter(\"foo\", {\n name: \"foo\",\n type: aws.ssm.ParameterType.String,\n value: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ssm.Parameter(\"foo\",\n name=\"foo\",\n type=aws.ssm.ParameterType.STRING,\n value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ssm.Parameter(\"foo\", new()\n {\n Name = \"foo\",\n Type = Aws.Ssm.ParameterType.String,\n Value = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewParameter(ctx, \"foo\", \u0026ssm.ParameterArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tType: pulumi.String(ssm.ParameterTypeString),\n\t\t\tValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ssm.Parameter;\nimport com.pulumi.aws.ssm.ParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Parameter(\"foo\", ParameterArgs.builder() \n .name(\"foo\")\n .type(\"String\")\n .value(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ssm:Parameter\n properties:\n name: foo\n type: String\n value: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Encrypted string using default SSM KMS key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n storageType: aws.rds.StorageType.GP2,\n engine: \"mysql\",\n engineVersion: \"5.7.16\",\n instanceClass: aws.rds.InstanceType.T2_Micro,\n dbName: \"mydb\",\n username: \"foo\",\n password: databaseMasterPassword,\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.7\",\n});\nconst secret = new aws.ssm.Parameter(\"secret\", {\n name: \"/production/database/password/master\",\n description: \"The parameter description\",\n type: aws.ssm.ParameterType.SecureString,\n value: databaseMasterPassword,\n tags: {\n environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n storage_type=aws.rds.StorageType.GP2,\n engine=\"mysql\",\n engine_version=\"5.7.16\",\n instance_class=aws.rds.InstanceType.T2_MICRO,\n db_name=\"mydb\",\n username=\"foo\",\n password=database_master_password,\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.7\")\nsecret = aws.ssm.Parameter(\"secret\",\n name=\"/production/database/password/master\",\n description=\"The parameter description\",\n type=aws.ssm.ParameterType.SECURE_STRING,\n value=database_master_password,\n tags={\n \"environment\": \"production\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n StorageType = Aws.Rds.StorageType.GP2,\n Engine = \"mysql\",\n EngineVersion = \"5.7.16\",\n InstanceClass = Aws.Rds.InstanceType.T2_Micro,\n DbName = \"mydb\",\n Username = \"foo\",\n Password = databaseMasterPassword,\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n var secret = new Aws.Ssm.Parameter(\"secret\", new()\n {\n Name = \"/production/database/password/master\",\n Description = \"The parameter description\",\n Type = Aws.Ssm.ParameterType.SecureString,\n Value = databaseMasterPassword,\n Tags = \n {\n { \"environment\", \"production\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tStorageType: pulumi.String(rds.StorageTypeGP2),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.16\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Micro),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.Any(databaseMasterPassword),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewParameter(ctx, \"secret\", \u0026ssm.ParameterArgs{\n\t\t\tName: pulumi.String(\"/production/database/password/master\"),\n\t\t\tDescription: pulumi.String(\"The parameter description\"),\n\t\t\tType: pulumi.String(ssm.ParameterTypeSecureString),\n\t\t\tValue: pulumi.Any(databaseMasterPassword),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.ssm.Parameter;\nimport com.pulumi.aws.ssm.ParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .storageType(\"gp2\")\n .engine(\"mysql\")\n .engineVersion(\"5.7.16\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(databaseMasterPassword)\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n var secret = new Parameter(\"secret\", ParameterArgs.builder() \n .name(\"/production/database/password/master\")\n .description(\"The parameter description\")\n .type(\"SecureString\")\n .value(databaseMasterPassword)\n .tags(Map.of(\"environment\", \"production\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n storageType: gp2\n engine: mysql\n engineVersion: 5.7.16\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: ${databaseMasterPassword}\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.7\n secret:\n type: aws:ssm:Parameter\n properties:\n name: /production/database/password/master\n description: The parameter description\n type: SecureString\n value: ${databaseMasterPassword}\n tags:\n environment: production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SSM Parameters using the parameter store `name`. For example:\n\n```sh\n$ pulumi import aws:ssm/parameter:Parameter my_param /my_path/my_paramname\n```\n", "properties": { "allowedPattern": { "type": "string", @@ -333723,7 +333723,7 @@ } }, "aws:ssm/resourceDataSync:ResourceDataSync": { - "description": "Provides a SSM resource data sync.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst hogeBucketV2 = new aws.s3.BucketV2(\"hoge\", {bucket: \"tf-test-bucket-1234\"});\nconst hoge = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"SSMBucketPermissionsCheck\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ssm.amazonaws.com\"],\n }],\n actions: [\"s3:GetBucketAcl\"],\n resources: [\"arn:aws:s3:::tf-test-bucket-1234\"],\n },\n {\n sid: \"SSMBucketDelivery\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ssm.amazonaws.com\"],\n }],\n actions: [\"s3:PutObject\"],\n resources: [\"arn:aws:s3:::tf-test-bucket-1234/*\"],\n conditions: [{\n test: \"StringEquals\",\n variable: \"s3:x-amz-acl\",\n values: [\"bucket-owner-full-control\"],\n }],\n },\n ],\n});\nconst hogeBucketPolicy = new aws.s3.BucketPolicy(\"hoge\", {\n bucket: hogeBucketV2.id,\n policy: hoge.then(hoge =\u003e hoge.json),\n});\nconst foo = new aws.ssm.ResourceDataSync(\"foo\", {\n name: \"foo\",\n s3Destination: {\n bucketName: hogeBucketV2.bucket,\n region: hogeBucketV2.region,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nhoge_bucket_v2 = aws.s3.BucketV2(\"hoge\", bucket=\"tf-test-bucket-1234\")\nhoge = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SSMBucketPermissionsCheck\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ssm.amazonaws.com\"],\n )],\n actions=[\"s3:GetBucketAcl\"],\n resources=[\"arn:aws:s3:::tf-test-bucket-1234\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SSMBucketDelivery\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ssm.amazonaws.com\"],\n )],\n actions=[\"s3:PutObject\"],\n resources=[\"arn:aws:s3:::tf-test-bucket-1234/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"s3:x-amz-acl\",\n values=[\"bucket-owner-full-control\"],\n )],\n ),\n])\nhoge_bucket_policy = aws.s3.BucketPolicy(\"hoge\",\n bucket=hoge_bucket_v2.id,\n policy=hoge.json)\nfoo = aws.ssm.ResourceDataSync(\"foo\",\n name=\"foo\",\n s3_destination=aws.ssm.ResourceDataSyncS3DestinationArgs(\n bucket_name=hoge_bucket_v2.bucket,\n region=hoge_bucket_v2.region,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hogeBucketV2 = new Aws.S3.BucketV2(\"hoge\", new()\n {\n Bucket = \"tf-test-bucket-1234\",\n });\n\n var hoge = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SSMBucketPermissionsCheck\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ssm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::tf-test-bucket-1234\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SSMBucketDelivery\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ssm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::tf-test-bucket-1234/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"s3:x-amz-acl\",\n Values = new[]\n {\n \"bucket-owner-full-control\",\n },\n },\n },\n },\n },\n });\n\n var hogeBucketPolicy = new Aws.S3.BucketPolicy(\"hoge\", new()\n {\n Bucket = hogeBucketV2.Id,\n Policy = hoge.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Ssm.ResourceDataSync(\"foo\", new()\n {\n Name = \"foo\",\n S3Destination = new Aws.Ssm.Inputs.ResourceDataSyncS3DestinationArgs\n {\n BucketName = hogeBucketV2.Bucket,\n Region = hogeBucketV2.Region,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thogeBucketV2, err := s3.NewBucketV2(ctx, \"hoge\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thoge, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"SSMBucketPermissionsCheck\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ssm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:GetBucketAcl\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::tf-test-bucket-1234\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"SSMBucketDelivery\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ssm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::tf-test-bucket-1234/*\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringEquals\",\n\t\t\t\t\t\t\tVariable: \"s3:x-amz-acl\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"bucket-owner-full-control\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPolicy(ctx, \"hoge\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: hogeBucketV2.ID(),\n\t\t\tPolicy: *pulumi.String(hoge.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewResourceDataSync(ctx, \"foo\", \u0026ssm.ResourceDataSyncArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tS3Destination: \u0026ssm.ResourceDataSyncS3DestinationArgs{\n\t\t\t\tBucketName: hogeBucketV2.Bucket,\n\t\t\t\tRegion: hogeBucketV2.Region,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.ssm.ResourceDataSync;\nimport com.pulumi.aws.ssm.ResourceDataSyncArgs;\nimport com.pulumi.aws.ssm.inputs.ResourceDataSyncS3DestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hogeBucketV2 = new BucketV2(\"hogeBucketV2\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-1234\")\n .build());\n\n final var hoge = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SSMBucketPermissionsCheck\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ssm.amazonaws.com\")\n .build())\n .actions(\"s3:GetBucketAcl\")\n .resources(\"arn:aws:s3:::tf-test-bucket-1234\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SSMBucketDelivery\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ssm.amazonaws.com\")\n .build())\n .actions(\"s3:PutObject\")\n .resources(\"arn:aws:s3:::tf-test-bucket-1234/*\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"s3:x-amz-acl\")\n .values(\"bucket-owner-full-control\")\n .build())\n .build())\n .build());\n\n var hogeBucketPolicy = new BucketPolicy(\"hogeBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(hogeBucketV2.id())\n .policy(hoge.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new ResourceDataSync(\"foo\", ResourceDataSyncArgs.builder() \n .name(\"foo\")\n .s3Destination(ResourceDataSyncS3DestinationArgs.builder()\n .bucketName(hogeBucketV2.bucket())\n .region(hogeBucketV2.region())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hogeBucketV2:\n type: aws:s3:BucketV2\n name: hoge\n properties:\n bucket: tf-test-bucket-1234\n hogeBucketPolicy:\n type: aws:s3:BucketPolicy\n name: hoge\n properties:\n bucket: ${hogeBucketV2.id}\n policy: ${hoge.json}\n foo:\n type: aws:ssm:ResourceDataSync\n properties:\n name: foo\n s3Destination:\n bucketName: ${hogeBucketV2.bucket}\n region: ${hogeBucketV2.region}\nvariables:\n hoge:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: SSMBucketPermissionsCheck\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - ssm.amazonaws.com\n actions:\n - s3:GetBucketAcl\n resources:\n - arn:aws:s3:::tf-test-bucket-1234\n - sid: SSMBucketDelivery\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - ssm.amazonaws.com\n actions:\n - s3:PutObject\n resources:\n - arn:aws:s3:::tf-test-bucket-1234/*\n conditions:\n - test: StringEquals\n variable: s3:x-amz-acl\n values:\n - bucket-owner-full-control\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SSM resource data sync using the `name`. For example:\n\n```sh\n$ pulumi import aws:ssm/resourceDataSync:ResourceDataSync example example-name\n```\n", + "description": "Provides a SSM resource data sync.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst hogeBucketV2 = new aws.s3.BucketV2(\"hoge\", {bucket: \"tf-test-bucket-1234\"});\nconst hoge = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"SSMBucketPermissionsCheck\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ssm.amazonaws.com\"],\n }],\n actions: [\"s3:GetBucketAcl\"],\n resources: [\"arn:aws:s3:::tf-test-bucket-1234\"],\n },\n {\n sid: \"SSMBucketDelivery\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"ssm.amazonaws.com\"],\n }],\n actions: [\"s3:PutObject\"],\n resources: [\"arn:aws:s3:::tf-test-bucket-1234/*\"],\n conditions: [{\n test: \"StringEquals\",\n variable: \"s3:x-amz-acl\",\n values: [\"bucket-owner-full-control\"],\n }],\n },\n ],\n});\nconst hogeBucketPolicy = new aws.s3.BucketPolicy(\"hoge\", {\n bucket: hogeBucketV2.id,\n policy: hoge.then(hoge =\u003e hoge.json),\n});\nconst foo = new aws.ssm.ResourceDataSync(\"foo\", {\n name: \"foo\",\n s3Destination: {\n bucketName: hogeBucketV2.bucket,\n region: hogeBucketV2.region,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nhoge_bucket_v2 = aws.s3.BucketV2(\"hoge\", bucket=\"tf-test-bucket-1234\")\nhoge = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SSMBucketPermissionsCheck\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ssm.amazonaws.com\"],\n )],\n actions=[\"s3:GetBucketAcl\"],\n resources=[\"arn:aws:s3:::tf-test-bucket-1234\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SSMBucketDelivery\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ssm.amazonaws.com\"],\n )],\n actions=[\"s3:PutObject\"],\n resources=[\"arn:aws:s3:::tf-test-bucket-1234/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"s3:x-amz-acl\",\n values=[\"bucket-owner-full-control\"],\n )],\n ),\n])\nhoge_bucket_policy = aws.s3.BucketPolicy(\"hoge\",\n bucket=hoge_bucket_v2.id,\n policy=hoge.json)\nfoo = aws.ssm.ResourceDataSync(\"foo\",\n name=\"foo\",\n s3_destination=aws.ssm.ResourceDataSyncS3DestinationArgs(\n bucket_name=hoge_bucket_v2.bucket,\n region=hoge_bucket_v2.region,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hogeBucketV2 = new Aws.S3.BucketV2(\"hoge\", new()\n {\n Bucket = \"tf-test-bucket-1234\",\n });\n\n var hoge = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SSMBucketPermissionsCheck\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ssm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::tf-test-bucket-1234\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SSMBucketDelivery\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ssm.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::tf-test-bucket-1234/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"s3:x-amz-acl\",\n Values = new[]\n {\n \"bucket-owner-full-control\",\n },\n },\n },\n },\n },\n });\n\n var hogeBucketPolicy = new Aws.S3.BucketPolicy(\"hoge\", new()\n {\n Bucket = hogeBucketV2.Id,\n Policy = hoge.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Ssm.ResourceDataSync(\"foo\", new()\n {\n Name = \"foo\",\n S3Destination = new Aws.Ssm.Inputs.ResourceDataSyncS3DestinationArgs\n {\n BucketName = hogeBucketV2.Bucket,\n Region = hogeBucketV2.Region,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thogeBucketV2, err := s3.NewBucketV2(ctx, \"hoge\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket-1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thoge, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"SSMBucketPermissionsCheck\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ssm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:GetBucketAcl\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::tf-test-bucket-1234\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"SSMBucketDelivery\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ssm.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::tf-test-bucket-1234/*\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringEquals\",\n\t\t\t\t\t\t\tVariable: \"s3:x-amz-acl\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"bucket-owner-full-control\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPolicy(ctx, \"hoge\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: hogeBucketV2.ID(),\n\t\t\tPolicy: pulumi.String(hoge.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewResourceDataSync(ctx, \"foo\", \u0026ssm.ResourceDataSyncArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tS3Destination: \u0026ssm.ResourceDataSyncS3DestinationArgs{\n\t\t\t\tBucketName: hogeBucketV2.Bucket,\n\t\t\t\tRegion: hogeBucketV2.Region,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.ssm.ResourceDataSync;\nimport com.pulumi.aws.ssm.ResourceDataSyncArgs;\nimport com.pulumi.aws.ssm.inputs.ResourceDataSyncS3DestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hogeBucketV2 = new BucketV2(\"hogeBucketV2\", BucketV2Args.builder() \n .bucket(\"tf-test-bucket-1234\")\n .build());\n\n final var hoge = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SSMBucketPermissionsCheck\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ssm.amazonaws.com\")\n .build())\n .actions(\"s3:GetBucketAcl\")\n .resources(\"arn:aws:s3:::tf-test-bucket-1234\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SSMBucketDelivery\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ssm.amazonaws.com\")\n .build())\n .actions(\"s3:PutObject\")\n .resources(\"arn:aws:s3:::tf-test-bucket-1234/*\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"s3:x-amz-acl\")\n .values(\"bucket-owner-full-control\")\n .build())\n .build())\n .build());\n\n var hogeBucketPolicy = new BucketPolicy(\"hogeBucketPolicy\", BucketPolicyArgs.builder() \n .bucket(hogeBucketV2.id())\n .policy(hoge.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new ResourceDataSync(\"foo\", ResourceDataSyncArgs.builder() \n .name(\"foo\")\n .s3Destination(ResourceDataSyncS3DestinationArgs.builder()\n .bucketName(hogeBucketV2.bucket())\n .region(hogeBucketV2.region())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hogeBucketV2:\n type: aws:s3:BucketV2\n name: hoge\n properties:\n bucket: tf-test-bucket-1234\n hogeBucketPolicy:\n type: aws:s3:BucketPolicy\n name: hoge\n properties:\n bucket: ${hogeBucketV2.id}\n policy: ${hoge.json}\n foo:\n type: aws:ssm:ResourceDataSync\n properties:\n name: foo\n s3Destination:\n bucketName: ${hogeBucketV2.bucket}\n region: ${hogeBucketV2.region}\nvariables:\n hoge:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: SSMBucketPermissionsCheck\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - ssm.amazonaws.com\n actions:\n - s3:GetBucketAcl\n resources:\n - arn:aws:s3:::tf-test-bucket-1234\n - sid: SSMBucketDelivery\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - ssm.amazonaws.com\n actions:\n - s3:PutObject\n resources:\n - arn:aws:s3:::tf-test-bucket-1234/*\n conditions:\n - test: StringEquals\n variable: s3:x-amz-acl\n values:\n - bucket-owner-full-control\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SSM resource data sync using the `name`. For example:\n\n```sh\n$ pulumi import aws:ssm/resourceDataSync:ResourceDataSync example example-name\n```\n", "properties": { "name": { "type": "string", @@ -335717,7 +335717,7 @@ } }, "aws:storagegateway/fileSystemAssociation:FileSystemAssociation": { - "description": "Associate an Amazon FSx file system with the FSx File Gateway. After the association process is complete, the file shares on the Amazon FSx file system are available for access through the gateway. This operation only supports the FSx File Gateway type.\n\n[FSx File Gateway requirements](https://docs.aws.amazon.com/filegateway/latest/filefsxw/Requirements.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.FileSystemAssociation(\"example\", {\n gatewayArn: exampleAwsStoragegatewayGateway.arn,\n locationArn: exampleAwsFsxWindowsFileSystem.arn,\n username: \"Admin\",\n password: \"avoid-plaintext-passwords\",\n auditDestinationArn: exampleAwsS3Bucket.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.FileSystemAssociation(\"example\",\n gateway_arn=example_aws_storagegateway_gateway[\"arn\"],\n location_arn=example_aws_fsx_windows_file_system[\"arn\"],\n username=\"Admin\",\n password=\"avoid-plaintext-passwords\",\n audit_destination_arn=example_aws_s3_bucket[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.FileSystemAssociation(\"example\", new()\n {\n GatewayArn = exampleAwsStoragegatewayGateway.Arn,\n LocationArn = exampleAwsFsxWindowsFileSystem.Arn,\n Username = \"Admin\",\n Password = \"avoid-plaintext-passwords\",\n AuditDestinationArn = exampleAwsS3Bucket.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewFileSystemAssociation(ctx, \"example\", \u0026storagegateway.FileSystemAssociationArgs{\n\t\t\tGatewayArn: pulumi.Any(exampleAwsStoragegatewayGateway.Arn),\n\t\t\tLocationArn: pulumi.Any(exampleAwsFsxWindowsFileSystem.Arn),\n\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tAuditDestinationArn: pulumi.Any(exampleAwsS3Bucket.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.FileSystemAssociation;\nimport com.pulumi.aws.storagegateway.FileSystemAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FileSystemAssociation(\"example\", FileSystemAssociationArgs.builder() \n .gatewayArn(exampleAwsStoragegatewayGateway.arn())\n .locationArn(exampleAwsFsxWindowsFileSystem.arn())\n .username(\"Admin\")\n .password(\"avoid-plaintext-passwords\")\n .auditDestinationArn(exampleAwsS3Bucket.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:FileSystemAssociation\n properties:\n gatewayArn: ${exampleAwsStoragegatewayGateway.arn}\n locationArn: ${exampleAwsFsxWindowsFileSystem.arn}\n username: Admin\n password: avoid-plaintext-passwords\n auditDestinationArn: ${exampleAwsS3Bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Required Services Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsServiceStoragegatewayAmiFILES3Latest = aws.ssm.getParameter({\n name: \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n});\nconst test = new aws.ec2.Instance(\"test\", {\n ami: awsServiceStoragegatewayAmiFILES3Latest.then(awsServiceStoragegatewayAmiFILES3Latest =\u003e awsServiceStoragegatewayAmiFILES3Latest.value),\n associatePublicIpAddress: true,\n instanceType: aws.ec2.instancetype.InstanceType[available.instanceType],\n vpcSecurityGroupIds: [testAwsSecurityGroup.id],\n subnetId: testAwsSubnet[0].id,\n});\nconst testGateway = new aws.storagegateway.Gateway(\"test\", {\n gatewayIpAddress: test.publicIp,\n gatewayName: \"test-sgw\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_FSX_SMB\",\n smbActiveDirectorySettings: {\n domainName: testAwsDirectoryServiceDirectory.name,\n password: testAwsDirectoryServiceDirectory.password,\n username: \"Admin\",\n },\n});\nconst testWindowsFileSystem = new aws.fsx.WindowsFileSystem(\"test\", {\n activeDirectoryId: testAwsDirectoryServiceDirectory.id,\n securityGroupIds: [testAwsSecurityGroup.id],\n skipFinalBackup: true,\n storageCapacity: 32,\n subnetIds: [testAwsSubnet[0].id],\n throughputCapacity: 8,\n});\nconst fsx = new aws.storagegateway.FileSystemAssociation(\"fsx\", {\n gatewayArn: testGateway.arn,\n locationArn: testWindowsFileSystem.arn,\n username: \"Admin\",\n password: testAwsDirectoryServiceDirectory.password,\n cacheAttributes: {\n cacheStaleTimeoutInSeconds: 400,\n },\n auditDestinationArn: testAwsCloudwatchLogGroup.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_service_storagegateway_ami_files3_latest = aws.ssm.get_parameter(name=\"/aws/service/storagegateway/ami/FILE_S3/latest\")\ntest = aws.ec2.Instance(\"test\",\n ami=aws_service_storagegateway_ami_files3_latest.value,\n associate_public_ip_address=True,\n instance_type=aws.ec2/instancetype.InstanceType(available[\"instanceType\"]),\n vpc_security_group_ids=[test_aws_security_group[\"id\"]],\n subnet_id=test_aws_subnet[0][\"id\"])\ntest_gateway = aws.storagegateway.Gateway(\"test\",\n gateway_ip_address=test.public_ip,\n gateway_name=\"test-sgw\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_FSX_SMB\",\n smb_active_directory_settings=aws.storagegateway.GatewaySmbActiveDirectorySettingsArgs(\n domain_name=test_aws_directory_service_directory[\"name\"],\n password=test_aws_directory_service_directory[\"password\"],\n username=\"Admin\",\n ))\ntest_windows_file_system = aws.fsx.WindowsFileSystem(\"test\",\n active_directory_id=test_aws_directory_service_directory[\"id\"],\n security_group_ids=[test_aws_security_group[\"id\"]],\n skip_final_backup=True,\n storage_capacity=32,\n subnet_ids=[test_aws_subnet[0][\"id\"]],\n throughput_capacity=8)\nfsx = aws.storagegateway.FileSystemAssociation(\"fsx\",\n gateway_arn=test_gateway.arn,\n location_arn=test_windows_file_system.arn,\n username=\"Admin\",\n password=test_aws_directory_service_directory[\"password\"],\n cache_attributes=aws.storagegateway.FileSystemAssociationCacheAttributesArgs(\n cache_stale_timeout_in_seconds=400,\n ),\n audit_destination_arn=test_aws_cloudwatch_log_group[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var awsServiceStoragegatewayAmiFILES3Latest = Aws.Ssm.GetParameter.Invoke(new()\n {\n Name = \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n });\n\n var test = new Aws.Ec2.Instance(\"test\", new()\n {\n Ami = awsServiceStoragegatewayAmiFILES3Latest.Apply(getParameterResult =\u003e getParameterResult.Value),\n AssociatePublicIpAddress = true,\n InstanceType = System.Enum.Parse\u003cAws.Ec2.InstanceType.InstanceType\u003e(available.InstanceType),\n VpcSecurityGroupIds = new[]\n {\n testAwsSecurityGroup.Id,\n },\n SubnetId = testAwsSubnet[0].Id,\n });\n\n var testGateway = new Aws.StorageGateway.Gateway(\"test\", new()\n {\n GatewayIpAddress = test.PublicIp,\n GatewayName = \"test-sgw\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_FSX_SMB\",\n SmbActiveDirectorySettings = new Aws.StorageGateway.Inputs.GatewaySmbActiveDirectorySettingsArgs\n {\n DomainName = testAwsDirectoryServiceDirectory.Name,\n Password = testAwsDirectoryServiceDirectory.Password,\n Username = \"Admin\",\n },\n });\n\n var testWindowsFileSystem = new Aws.Fsx.WindowsFileSystem(\"test\", new()\n {\n ActiveDirectoryId = testAwsDirectoryServiceDirectory.Id,\n SecurityGroupIds = new[]\n {\n testAwsSecurityGroup.Id,\n },\n SkipFinalBackup = true,\n StorageCapacity = 32,\n SubnetIds = new[]\n {\n testAwsSubnet[0].Id,\n },\n ThroughputCapacity = 8,\n });\n\n var fsx = new Aws.StorageGateway.FileSystemAssociation(\"fsx\", new()\n {\n GatewayArn = testGateway.Arn,\n LocationArn = testWindowsFileSystem.Arn,\n Username = \"Admin\",\n Password = testAwsDirectoryServiceDirectory.Password,\n CacheAttributes = new Aws.StorageGateway.Inputs.FileSystemAssociationCacheAttributesArgs\n {\n CacheStaleTimeoutInSeconds = 400,\n },\n AuditDestinationArn = testAwsCloudwatchLogGroup.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tawsServiceStoragegatewayAmiFILES3Latest, err := ssm.LookupParameter(ctx, \u0026ssm.LookupParameterArgs{\n\t\t\tName: \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := ec2.NewInstance(ctx, \"test\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: *pulumi.String(awsServiceStoragegatewayAmiFILES3Latest.Value),\n\t\t\tAssociatePublicIpAddress: pulumi.Bool(true),\n\t\t\tInstanceType: ec2.InstanceType(available.InstanceType),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\ttestAwsSecurityGroup.Id,\n\t\t\t},\n\t\t\tSubnetId: pulumi.Any(testAwsSubnet[0].Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestGateway, err := storagegateway.NewGateway(ctx, \"test\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: test.PublicIp,\n\t\t\tGatewayName: pulumi.String(\"test-sgw\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_FSX_SMB\"),\n\t\t\tSmbActiveDirectorySettings: \u0026storagegateway.GatewaySmbActiveDirectorySettingsArgs{\n\t\t\t\tDomainName: pulumi.Any(testAwsDirectoryServiceDirectory.Name),\n\t\t\t\tPassword: pulumi.Any(testAwsDirectoryServiceDirectory.Password),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestWindowsFileSystem, err := fsx.NewWindowsFileSystem(ctx, \"test\", \u0026fsx.WindowsFileSystemArgs{\n\t\t\tActiveDirectoryId: pulumi.Any(testAwsDirectoryServiceDirectory.Id),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\ttestAwsSecurityGroup.Id,\n\t\t\t},\n\t\t\tSkipFinalBackup: pulumi.Bool(true),\n\t\t\tStorageCapacity: pulumi.Int(32),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\ttestAwsSubnet[0].Id,\n\t\t\t},\n\t\t\tThroughputCapacity: pulumi.Int(8),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewFileSystemAssociation(ctx, \"fsx\", \u0026storagegateway.FileSystemAssociationArgs{\n\t\t\tGatewayArn: testGateway.Arn,\n\t\t\tLocationArn: testWindowsFileSystem.Arn,\n\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\tPassword: pulumi.Any(testAwsDirectoryServiceDirectory.Password),\n\t\t\tCacheAttributes: \u0026storagegateway.FileSystemAssociationCacheAttributesArgs{\n\t\t\t\tCacheStaleTimeoutInSeconds: pulumi.Int(400),\n\t\t\t},\n\t\t\tAuditDestinationArn: pulumi.Any(testAwsCloudwatchLogGroup.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ssm.SsmFunctions;\nimport com.pulumi.aws.ssm.inputs.GetParameterArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport com.pulumi.aws.storagegateway.inputs.GatewaySmbActiveDirectorySettingsArgs;\nimport com.pulumi.aws.fsx.WindowsFileSystem;\nimport com.pulumi.aws.fsx.WindowsFileSystemArgs;\nimport com.pulumi.aws.storagegateway.FileSystemAssociation;\nimport com.pulumi.aws.storagegateway.FileSystemAssociationArgs;\nimport com.pulumi.aws.storagegateway.inputs.FileSystemAssociationCacheAttributesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var awsServiceStoragegatewayAmiFILES3Latest = SsmFunctions.getParameter(GetParameterArgs.builder()\n .name(\"/aws/service/storagegateway/ami/FILE_S3/latest\")\n .build());\n\n var test = new Instance(\"test\", InstanceArgs.builder() \n .ami(awsServiceStoragegatewayAmiFILES3Latest.applyValue(getParameterResult -\u003e getParameterResult.value()))\n .associatePublicIpAddress(true)\n .instanceType(available.instanceType())\n .vpcSecurityGroupIds(testAwsSecurityGroup.id())\n .subnetId(testAwsSubnet[0].id())\n .build());\n\n var testGateway = new Gateway(\"testGateway\", GatewayArgs.builder() \n .gatewayIpAddress(test.publicIp())\n .gatewayName(\"test-sgw\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"FILE_FSX_SMB\")\n .smbActiveDirectorySettings(GatewaySmbActiveDirectorySettingsArgs.builder()\n .domainName(testAwsDirectoryServiceDirectory.name())\n .password(testAwsDirectoryServiceDirectory.password())\n .username(\"Admin\")\n .build())\n .build());\n\n var testWindowsFileSystem = new WindowsFileSystem(\"testWindowsFileSystem\", WindowsFileSystemArgs.builder() \n .activeDirectoryId(testAwsDirectoryServiceDirectory.id())\n .securityGroupIds(testAwsSecurityGroup.id())\n .skipFinalBackup(true)\n .storageCapacity(32)\n .subnetIds(testAwsSubnet[0].id())\n .throughputCapacity(8)\n .build());\n\n var fsx = new FileSystemAssociation(\"fsx\", FileSystemAssociationArgs.builder() \n .gatewayArn(testGateway.arn())\n .locationArn(testWindowsFileSystem.arn())\n .username(\"Admin\")\n .password(testAwsDirectoryServiceDirectory.password())\n .cacheAttributes(FileSystemAssociationCacheAttributesArgs.builder()\n .cacheStaleTimeoutInSeconds(400)\n .build())\n .auditDestinationArn(testAwsCloudwatchLogGroup.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:Instance\n properties:\n ami: ${awsServiceStoragegatewayAmiFILES3Latest.value}\n associatePublicIpAddress: true\n instanceType: ${available.instanceType}\n vpcSecurityGroupIds:\n - ${testAwsSecurityGroup.id}\n subnetId: ${testAwsSubnet[0].id}\n testGateway:\n type: aws:storagegateway:Gateway\n name: test\n properties:\n gatewayIpAddress: ${test.publicIp}\n gatewayName: test-sgw\n gatewayTimezone: GMT\n gatewayType: FILE_FSX_SMB\n smbActiveDirectorySettings:\n domainName: ${testAwsDirectoryServiceDirectory.name}\n password: ${testAwsDirectoryServiceDirectory.password}\n username: Admin\n testWindowsFileSystem:\n type: aws:fsx:WindowsFileSystem\n name: test\n properties:\n activeDirectoryId: ${testAwsDirectoryServiceDirectory.id}\n securityGroupIds:\n - ${testAwsSecurityGroup.id}\n skipFinalBackup: true\n storageCapacity: 32\n subnetIds:\n - ${testAwsSubnet[0].id}\n throughputCapacity: 8\n fsx:\n type: aws:storagegateway:FileSystemAssociation\n properties:\n gatewayArn: ${testGateway.arn}\n locationArn: ${testWindowsFileSystem.arn}\n username: Admin\n password: ${testAwsDirectoryServiceDirectory.password}\n cacheAttributes:\n cacheStaleTimeoutInSeconds: 400\n auditDestinationArn: ${testAwsCloudwatchLogGroup.arn}\nvariables:\n awsServiceStoragegatewayAmiFILES3Latest:\n fn::invoke:\n Function: aws:ssm:getParameter\n Arguments:\n name: /aws/service/storagegateway/ami/FILE_S3/latest\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_storagegateway_file_system_association` using the FSx file system association Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:storagegateway/fileSystemAssociation:FileSystemAssociation example arn:aws:storagegateway:us-east-1:123456789012:fs-association/fsa-0DA347732FDB40125\n```\n", + "description": "Associate an Amazon FSx file system with the FSx File Gateway. After the association process is complete, the file shares on the Amazon FSx file system are available for access through the gateway. This operation only supports the FSx File Gateway type.\n\n[FSx File Gateway requirements](https://docs.aws.amazon.com/filegateway/latest/filefsxw/Requirements.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.FileSystemAssociation(\"example\", {\n gatewayArn: exampleAwsStoragegatewayGateway.arn,\n locationArn: exampleAwsFsxWindowsFileSystem.arn,\n username: \"Admin\",\n password: \"avoid-plaintext-passwords\",\n auditDestinationArn: exampleAwsS3Bucket.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.FileSystemAssociation(\"example\",\n gateway_arn=example_aws_storagegateway_gateway[\"arn\"],\n location_arn=example_aws_fsx_windows_file_system[\"arn\"],\n username=\"Admin\",\n password=\"avoid-plaintext-passwords\",\n audit_destination_arn=example_aws_s3_bucket[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.FileSystemAssociation(\"example\", new()\n {\n GatewayArn = exampleAwsStoragegatewayGateway.Arn,\n LocationArn = exampleAwsFsxWindowsFileSystem.Arn,\n Username = \"Admin\",\n Password = \"avoid-plaintext-passwords\",\n AuditDestinationArn = exampleAwsS3Bucket.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewFileSystemAssociation(ctx, \"example\", \u0026storagegateway.FileSystemAssociationArgs{\n\t\t\tGatewayArn: pulumi.Any(exampleAwsStoragegatewayGateway.Arn),\n\t\t\tLocationArn: pulumi.Any(exampleAwsFsxWindowsFileSystem.Arn),\n\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tAuditDestinationArn: pulumi.Any(exampleAwsS3Bucket.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.FileSystemAssociation;\nimport com.pulumi.aws.storagegateway.FileSystemAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FileSystemAssociation(\"example\", FileSystemAssociationArgs.builder() \n .gatewayArn(exampleAwsStoragegatewayGateway.arn())\n .locationArn(exampleAwsFsxWindowsFileSystem.arn())\n .username(\"Admin\")\n .password(\"avoid-plaintext-passwords\")\n .auditDestinationArn(exampleAwsS3Bucket.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:FileSystemAssociation\n properties:\n gatewayArn: ${exampleAwsStoragegatewayGateway.arn}\n locationArn: ${exampleAwsFsxWindowsFileSystem.arn}\n username: Admin\n password: avoid-plaintext-passwords\n auditDestinationArn: ${exampleAwsS3Bucket.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Required Services Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsServiceStoragegatewayAmiFILES3Latest = aws.ssm.getParameter({\n name: \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n});\nconst test = new aws.ec2.Instance(\"test\", {\n ami: awsServiceStoragegatewayAmiFILES3Latest.then(awsServiceStoragegatewayAmiFILES3Latest =\u003e awsServiceStoragegatewayAmiFILES3Latest.value),\n associatePublicIpAddress: true,\n instanceType: aws.ec2.InstanceType[available.instanceType],\n vpcSecurityGroupIds: [testAwsSecurityGroup.id],\n subnetId: testAwsSubnet[0].id,\n});\nconst testGateway = new aws.storagegateway.Gateway(\"test\", {\n gatewayIpAddress: test.publicIp,\n gatewayName: \"test-sgw\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_FSX_SMB\",\n smbActiveDirectorySettings: {\n domainName: testAwsDirectoryServiceDirectory.name,\n password: testAwsDirectoryServiceDirectory.password,\n username: \"Admin\",\n },\n});\nconst testWindowsFileSystem = new aws.fsx.WindowsFileSystem(\"test\", {\n activeDirectoryId: testAwsDirectoryServiceDirectory.id,\n securityGroupIds: [testAwsSecurityGroup.id],\n skipFinalBackup: true,\n storageCapacity: 32,\n subnetIds: [testAwsSubnet[0].id],\n throughputCapacity: 8,\n});\nconst fsx = new aws.storagegateway.FileSystemAssociation(\"fsx\", {\n gatewayArn: testGateway.arn,\n locationArn: testWindowsFileSystem.arn,\n username: \"Admin\",\n password: testAwsDirectoryServiceDirectory.password,\n cacheAttributes: {\n cacheStaleTimeoutInSeconds: 400,\n },\n auditDestinationArn: testAwsCloudwatchLogGroup.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_service_storagegateway_ami_files3_latest = aws.ssm.get_parameter(name=\"/aws/service/storagegateway/ami/FILE_S3/latest\")\ntest = aws.ec2.Instance(\"test\",\n ami=aws_service_storagegateway_ami_files3_latest.value,\n associate_public_ip_address=True,\n instance_type=aws.ec2.InstanceType(available[\"instanceType\"]),\n vpc_security_group_ids=[test_aws_security_group[\"id\"]],\n subnet_id=test_aws_subnet[0][\"id\"])\ntest_gateway = aws.storagegateway.Gateway(\"test\",\n gateway_ip_address=test.public_ip,\n gateway_name=\"test-sgw\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_FSX_SMB\",\n smb_active_directory_settings=aws.storagegateway.GatewaySmbActiveDirectorySettingsArgs(\n domain_name=test_aws_directory_service_directory[\"name\"],\n password=test_aws_directory_service_directory[\"password\"],\n username=\"Admin\",\n ))\ntest_windows_file_system = aws.fsx.WindowsFileSystem(\"test\",\n active_directory_id=test_aws_directory_service_directory[\"id\"],\n security_group_ids=[test_aws_security_group[\"id\"]],\n skip_final_backup=True,\n storage_capacity=32,\n subnet_ids=[test_aws_subnet[0][\"id\"]],\n throughput_capacity=8)\nfsx = aws.storagegateway.FileSystemAssociation(\"fsx\",\n gateway_arn=test_gateway.arn,\n location_arn=test_windows_file_system.arn,\n username=\"Admin\",\n password=test_aws_directory_service_directory[\"password\"],\n cache_attributes=aws.storagegateway.FileSystemAssociationCacheAttributesArgs(\n cache_stale_timeout_in_seconds=400,\n ),\n audit_destination_arn=test_aws_cloudwatch_log_group[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var awsServiceStoragegatewayAmiFILES3Latest = Aws.Ssm.GetParameter.Invoke(new()\n {\n Name = \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n });\n\n var test = new Aws.Ec2.Instance(\"test\", new()\n {\n Ami = awsServiceStoragegatewayAmiFILES3Latest.Apply(getParameterResult =\u003e getParameterResult.Value),\n AssociatePublicIpAddress = true,\n InstanceType = System.Enum.Parse\u003cAws.Ec2.InstanceType\u003e(available.InstanceType),\n VpcSecurityGroupIds = new[]\n {\n testAwsSecurityGroup.Id,\n },\n SubnetId = testAwsSubnet[0].Id,\n });\n\n var testGateway = new Aws.StorageGateway.Gateway(\"test\", new()\n {\n GatewayIpAddress = test.PublicIp,\n GatewayName = \"test-sgw\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_FSX_SMB\",\n SmbActiveDirectorySettings = new Aws.StorageGateway.Inputs.GatewaySmbActiveDirectorySettingsArgs\n {\n DomainName = testAwsDirectoryServiceDirectory.Name,\n Password = testAwsDirectoryServiceDirectory.Password,\n Username = \"Admin\",\n },\n });\n\n var testWindowsFileSystem = new Aws.Fsx.WindowsFileSystem(\"test\", new()\n {\n ActiveDirectoryId = testAwsDirectoryServiceDirectory.Id,\n SecurityGroupIds = new[]\n {\n testAwsSecurityGroup.Id,\n },\n SkipFinalBackup = true,\n StorageCapacity = 32,\n SubnetIds = new[]\n {\n testAwsSubnet[0].Id,\n },\n ThroughputCapacity = 8,\n });\n\n var fsx = new Aws.StorageGateway.FileSystemAssociation(\"fsx\", new()\n {\n GatewayArn = testGateway.Arn,\n LocationArn = testWindowsFileSystem.Arn,\n Username = \"Admin\",\n Password = testAwsDirectoryServiceDirectory.Password,\n CacheAttributes = new Aws.StorageGateway.Inputs.FileSystemAssociationCacheAttributesArgs\n {\n CacheStaleTimeoutInSeconds = 400,\n },\n AuditDestinationArn = testAwsCloudwatchLogGroup.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tawsServiceStoragegatewayAmiFILES3Latest, err := ssm.LookupParameter(ctx, \u0026ssm.LookupParameterArgs{\n\t\t\tName: \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := ec2.NewInstance(ctx, \"test\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(awsServiceStoragegatewayAmiFILES3Latest.Value),\n\t\t\tAssociatePublicIpAddress: pulumi.Bool(true),\n\t\t\tInstanceType: ec2.InstanceType(available.InstanceType),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\ttestAwsSecurityGroup.Id,\n\t\t\t},\n\t\t\tSubnetId: pulumi.Any(testAwsSubnet[0].Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestGateway, err := storagegateway.NewGateway(ctx, \"test\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: test.PublicIp,\n\t\t\tGatewayName: pulumi.String(\"test-sgw\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_FSX_SMB\"),\n\t\t\tSmbActiveDirectorySettings: \u0026storagegateway.GatewaySmbActiveDirectorySettingsArgs{\n\t\t\t\tDomainName: pulumi.Any(testAwsDirectoryServiceDirectory.Name),\n\t\t\t\tPassword: pulumi.Any(testAwsDirectoryServiceDirectory.Password),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestWindowsFileSystem, err := fsx.NewWindowsFileSystem(ctx, \"test\", \u0026fsx.WindowsFileSystemArgs{\n\t\t\tActiveDirectoryId: pulumi.Any(testAwsDirectoryServiceDirectory.Id),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\ttestAwsSecurityGroup.Id,\n\t\t\t},\n\t\t\tSkipFinalBackup: pulumi.Bool(true),\n\t\t\tStorageCapacity: pulumi.Int(32),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\ttestAwsSubnet[0].Id,\n\t\t\t},\n\t\t\tThroughputCapacity: pulumi.Int(8),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewFileSystemAssociation(ctx, \"fsx\", \u0026storagegateway.FileSystemAssociationArgs{\n\t\t\tGatewayArn: testGateway.Arn,\n\t\t\tLocationArn: testWindowsFileSystem.Arn,\n\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\tPassword: pulumi.Any(testAwsDirectoryServiceDirectory.Password),\n\t\t\tCacheAttributes: \u0026storagegateway.FileSystemAssociationCacheAttributesArgs{\n\t\t\t\tCacheStaleTimeoutInSeconds: pulumi.Int(400),\n\t\t\t},\n\t\t\tAuditDestinationArn: pulumi.Any(testAwsCloudwatchLogGroup.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ssm.SsmFunctions;\nimport com.pulumi.aws.ssm.inputs.GetParameterArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport com.pulumi.aws.storagegateway.inputs.GatewaySmbActiveDirectorySettingsArgs;\nimport com.pulumi.aws.fsx.WindowsFileSystem;\nimport com.pulumi.aws.fsx.WindowsFileSystemArgs;\nimport com.pulumi.aws.storagegateway.FileSystemAssociation;\nimport com.pulumi.aws.storagegateway.FileSystemAssociationArgs;\nimport com.pulumi.aws.storagegateway.inputs.FileSystemAssociationCacheAttributesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var awsServiceStoragegatewayAmiFILES3Latest = SsmFunctions.getParameter(GetParameterArgs.builder()\n .name(\"/aws/service/storagegateway/ami/FILE_S3/latest\")\n .build());\n\n var test = new Instance(\"test\", InstanceArgs.builder() \n .ami(awsServiceStoragegatewayAmiFILES3Latest.applyValue(getParameterResult -\u003e getParameterResult.value()))\n .associatePublicIpAddress(true)\n .instanceType(available.instanceType())\n .vpcSecurityGroupIds(testAwsSecurityGroup.id())\n .subnetId(testAwsSubnet[0].id())\n .build());\n\n var testGateway = new Gateway(\"testGateway\", GatewayArgs.builder() \n .gatewayIpAddress(test.publicIp())\n .gatewayName(\"test-sgw\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"FILE_FSX_SMB\")\n .smbActiveDirectorySettings(GatewaySmbActiveDirectorySettingsArgs.builder()\n .domainName(testAwsDirectoryServiceDirectory.name())\n .password(testAwsDirectoryServiceDirectory.password())\n .username(\"Admin\")\n .build())\n .build());\n\n var testWindowsFileSystem = new WindowsFileSystem(\"testWindowsFileSystem\", WindowsFileSystemArgs.builder() \n .activeDirectoryId(testAwsDirectoryServiceDirectory.id())\n .securityGroupIds(testAwsSecurityGroup.id())\n .skipFinalBackup(true)\n .storageCapacity(32)\n .subnetIds(testAwsSubnet[0].id())\n .throughputCapacity(8)\n .build());\n\n var fsx = new FileSystemAssociation(\"fsx\", FileSystemAssociationArgs.builder() \n .gatewayArn(testGateway.arn())\n .locationArn(testWindowsFileSystem.arn())\n .username(\"Admin\")\n .password(testAwsDirectoryServiceDirectory.password())\n .cacheAttributes(FileSystemAssociationCacheAttributesArgs.builder()\n .cacheStaleTimeoutInSeconds(400)\n .build())\n .auditDestinationArn(testAwsCloudwatchLogGroup.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:ec2:Instance\n properties:\n ami: ${awsServiceStoragegatewayAmiFILES3Latest.value}\n associatePublicIpAddress: true\n instanceType: ${available.instanceType}\n vpcSecurityGroupIds:\n - ${testAwsSecurityGroup.id}\n subnetId: ${testAwsSubnet[0].id}\n testGateway:\n type: aws:storagegateway:Gateway\n name: test\n properties:\n gatewayIpAddress: ${test.publicIp}\n gatewayName: test-sgw\n gatewayTimezone: GMT\n gatewayType: FILE_FSX_SMB\n smbActiveDirectorySettings:\n domainName: ${testAwsDirectoryServiceDirectory.name}\n password: ${testAwsDirectoryServiceDirectory.password}\n username: Admin\n testWindowsFileSystem:\n type: aws:fsx:WindowsFileSystem\n name: test\n properties:\n activeDirectoryId: ${testAwsDirectoryServiceDirectory.id}\n securityGroupIds:\n - ${testAwsSecurityGroup.id}\n skipFinalBackup: true\n storageCapacity: 32\n subnetIds:\n - ${testAwsSubnet[0].id}\n throughputCapacity: 8\n fsx:\n type: aws:storagegateway:FileSystemAssociation\n properties:\n gatewayArn: ${testGateway.arn}\n locationArn: ${testWindowsFileSystem.arn}\n username: Admin\n password: ${testAwsDirectoryServiceDirectory.password}\n cacheAttributes:\n cacheStaleTimeoutInSeconds: 400\n auditDestinationArn: ${testAwsCloudwatchLogGroup.arn}\nvariables:\n awsServiceStoragegatewayAmiFILES3Latest:\n fn::invoke:\n Function: aws:ssm:getParameter\n Arguments:\n name: /aws/service/storagegateway/ami/FILE_S3/latest\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_storagegateway_file_system_association` using the FSx file system association Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:storagegateway/fileSystemAssociation:FileSystemAssociation example arn:aws:storagegateway:us-east-1:123456789012:fs-association/fsa-0DA347732FDB40125\n```\n", "properties": { "arn": { "type": "string", @@ -335868,7 +335868,7 @@ } }, "aws:storagegateway/gateway:Gateway": { - "description": "Manages an AWS Storage Gateway file, tape, or volume gateway in the provider region.\n\n\u003e **NOTE:** The Storage Gateway API requires the gateway to be connected to properly return information after activation. If you are receiving `The specified gateway is not connected` errors during resource creation (gateway activation), ensure your gateway instance meets the [Storage Gateway requirements](https://docs.aws.amazon.com/storagegateway/latest/userguide/Requirements.html).\n\n## Example Usage\n\n### Local Cache\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testVolumeAttachment = new aws.ec2.VolumeAttachment(\"test\", {\n deviceName: \"/dev/xvdb\",\n volumeId: testAwsEbsVolume.id,\n instanceId: testAwsInstance.id,\n});\nconst test = aws.storagegateway.getLocalDisk({\n diskNode: testAwsVolumeAttachment.deviceName,\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\nconst testCache = new aws.storagegateway.Cache(\"test\", {\n diskId: test.then(test =\u003e test.diskId),\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_volume_attachment = aws.ec2.VolumeAttachment(\"test\",\n device_name=\"/dev/xvdb\",\n volume_id=test_aws_ebs_volume[\"id\"],\n instance_id=test_aws_instance[\"id\"])\ntest = aws.storagegateway.get_local_disk(disk_node=test_aws_volume_attachment[\"deviceName\"],\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\ntest_cache = aws.storagegateway.Cache(\"test\",\n disk_id=test.disk_id,\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testVolumeAttachment = new Aws.Ec2.VolumeAttachment(\"test\", new()\n {\n DeviceName = \"/dev/xvdb\",\n VolumeId = testAwsEbsVolume.Id,\n InstanceId = testAwsInstance.Id,\n });\n\n var test = Aws.StorageGateway.GetLocalDisk.Invoke(new()\n {\n DiskNode = testAwsVolumeAttachment.DeviceName,\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n var testCache = new Aws.StorageGateway.Cache(\"test\", new()\n {\n DiskId = test.Apply(getLocalDiskResult =\u003e getLocalDiskResult.DiskId),\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVolumeAttachment(ctx, \"test\", \u0026ec2.VolumeAttachmentArgs{\n\t\t\tDeviceName: pulumi.String(\"/dev/xvdb\"),\n\t\t\tVolumeId: pulumi.Any(testAwsEbsVolume.Id),\n\t\t\tInstanceId: pulumi.Any(testAwsInstance.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := storagegateway.GetLocalDisk(ctx, \u0026storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: pulumi.StringRef(testAwsVolumeAttachment.DeviceName),\n\t\t\tGatewayArn: testAwsStoragegatewayGateway.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewCache(ctx, \"test\", \u0026storagegateway.CacheArgs{\n\t\t\tDiskId: *pulumi.String(test.DiskId),\n\t\t\tGatewayArn: pulumi.Any(testAwsStoragegatewayGateway.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VolumeAttachment;\nimport com.pulumi.aws.ec2.VolumeAttachmentArgs;\nimport com.pulumi.aws.storagegateway.StoragegatewayFunctions;\nimport com.pulumi.aws.storagegateway.inputs.GetLocalDiskArgs;\nimport com.pulumi.aws.storagegateway.Cache;\nimport com.pulumi.aws.storagegateway.CacheArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testVolumeAttachment = new VolumeAttachment(\"testVolumeAttachment\", VolumeAttachmentArgs.builder() \n .deviceName(\"/dev/xvdb\")\n .volumeId(testAwsEbsVolume.id())\n .instanceId(testAwsInstance.id())\n .build());\n\n final var test = StoragegatewayFunctions.getLocalDisk(GetLocalDiskArgs.builder()\n .diskNode(testAwsVolumeAttachment.deviceName())\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n var testCache = new Cache(\"testCache\", CacheArgs.builder() \n .diskId(test.applyValue(getLocalDiskResult -\u003e getLocalDiskResult.diskId()))\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVolumeAttachment:\n type: aws:ec2:VolumeAttachment\n name: test\n properties:\n deviceName: /dev/xvdb\n volumeId: ${testAwsEbsVolume.id}\n instanceId: ${testAwsInstance.id}\n testCache:\n type: aws:storagegateway:Cache\n name: test\n properties:\n diskId: ${test.diskId}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:storagegateway:getLocalDisk\n Arguments:\n diskNode: ${testAwsVolumeAttachment.deviceName}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### FSx File Gateway\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_FSX_SMB\",\n smbActiveDirectorySettings: {\n domainName: \"corp.example.com\",\n password: \"avoid-plaintext-passwords\",\n username: \"Admin\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_FSX_SMB\",\n smb_active_directory_settings=aws.storagegateway.GatewaySmbActiveDirectorySettingsArgs(\n domain_name=\"corp.example.com\",\n password=\"avoid-plaintext-passwords\",\n username=\"Admin\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_FSX_SMB\",\n SmbActiveDirectorySettings = new Aws.StorageGateway.Inputs.GatewaySmbActiveDirectorySettingsArgs\n {\n DomainName = \"corp.example.com\",\n Password = \"avoid-plaintext-passwords\",\n Username = \"Admin\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_FSX_SMB\"),\n\t\t\tSmbActiveDirectorySettings: \u0026storagegateway.GatewaySmbActiveDirectorySettingsArgs{\n\t\t\t\tDomainName: pulumi.String(\"corp.example.com\"),\n\t\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport com.pulumi.aws.storagegateway.inputs.GatewaySmbActiveDirectorySettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"FILE_FSX_SMB\")\n .smbActiveDirectorySettings(GatewaySmbActiveDirectorySettingsArgs.builder()\n .domainName(\"corp.example.com\")\n .password(\"avoid-plaintext-passwords\")\n .username(\"Admin\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: FILE_FSX_SMB\n smbActiveDirectorySettings:\n domainName: corp.example.com\n password: avoid-plaintext-passwords\n username: Admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 File Gateway\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_S3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_S3\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_S3\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_S3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"FILE_S3\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: FILE_S3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Tape Gateway\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"VTL\",\n mediumChangerType: \"AWS-Gateway-VTL\",\n tapeDriveType: \"IBM-ULT3580-TD5\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"VTL\",\n medium_changer_type=\"AWS-Gateway-VTL\",\n tape_drive_type=\"IBM-ULT3580-TD5\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"VTL\",\n MediumChangerType = \"AWS-Gateway-VTL\",\n TapeDriveType = \"IBM-ULT3580-TD5\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"VTL\"),\n\t\t\tMediumChangerType: pulumi.String(\"AWS-Gateway-VTL\"),\n\t\t\tTapeDriveType: pulumi.String(\"IBM-ULT3580-TD5\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"VTL\")\n .mediumChangerType(\"AWS-Gateway-VTL\")\n .tapeDriveType(\"IBM-ULT3580-TD5\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: VTL\n mediumChangerType: AWS-Gateway-VTL\n tapeDriveType: IBM-ULT3580-TD5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Volume Gateway (Cached)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"CACHED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"CACHED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"CACHED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"CACHED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"CACHED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: CACHED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Volume Gateway (Stored)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"STORED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"STORED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"STORED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"STORED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"STORED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: STORED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_storagegateway_gateway` using the gateway Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:storagegateway/gateway:Gateway example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678\n```\nCertain resource arguments, like `gateway_ip_address` do not have a Storage Gateway API method for reading the information after creation, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", + "description": "Manages an AWS Storage Gateway file, tape, or volume gateway in the provider region.\n\n\u003e **NOTE:** The Storage Gateway API requires the gateway to be connected to properly return information after activation. If you are receiving `The specified gateway is not connected` errors during resource creation (gateway activation), ensure your gateway instance meets the [Storage Gateway requirements](https://docs.aws.amazon.com/storagegateway/latest/userguide/Requirements.html).\n\n## Example Usage\n\n### Local Cache\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testVolumeAttachment = new aws.ec2.VolumeAttachment(\"test\", {\n deviceName: \"/dev/xvdb\",\n volumeId: testAwsEbsVolume.id,\n instanceId: testAwsInstance.id,\n});\nconst test = aws.storagegateway.getLocalDisk({\n diskNode: testAwsVolumeAttachment.deviceName,\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\nconst testCache = new aws.storagegateway.Cache(\"test\", {\n diskId: test.then(test =\u003e test.diskId),\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_volume_attachment = aws.ec2.VolumeAttachment(\"test\",\n device_name=\"/dev/xvdb\",\n volume_id=test_aws_ebs_volume[\"id\"],\n instance_id=test_aws_instance[\"id\"])\ntest = aws.storagegateway.get_local_disk(disk_node=test_aws_volume_attachment[\"deviceName\"],\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\ntest_cache = aws.storagegateway.Cache(\"test\",\n disk_id=test.disk_id,\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testVolumeAttachment = new Aws.Ec2.VolumeAttachment(\"test\", new()\n {\n DeviceName = \"/dev/xvdb\",\n VolumeId = testAwsEbsVolume.Id,\n InstanceId = testAwsInstance.Id,\n });\n\n var test = Aws.StorageGateway.GetLocalDisk.Invoke(new()\n {\n DiskNode = testAwsVolumeAttachment.DeviceName,\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n var testCache = new Aws.StorageGateway.Cache(\"test\", new()\n {\n DiskId = test.Apply(getLocalDiskResult =\u003e getLocalDiskResult.DiskId),\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVolumeAttachment(ctx, \"test\", \u0026ec2.VolumeAttachmentArgs{\n\t\t\tDeviceName: pulumi.String(\"/dev/xvdb\"),\n\t\t\tVolumeId: pulumi.Any(testAwsEbsVolume.Id),\n\t\t\tInstanceId: pulumi.Any(testAwsInstance.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := storagegateway.GetLocalDisk(ctx, \u0026storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: pulumi.StringRef(testAwsVolumeAttachment.DeviceName),\n\t\t\tGatewayArn: testAwsStoragegatewayGateway.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewCache(ctx, \"test\", \u0026storagegateway.CacheArgs{\n\t\t\tDiskId: pulumi.String(test.DiskId),\n\t\t\tGatewayArn: pulumi.Any(testAwsStoragegatewayGateway.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VolumeAttachment;\nimport com.pulumi.aws.ec2.VolumeAttachmentArgs;\nimport com.pulumi.aws.storagegateway.StoragegatewayFunctions;\nimport com.pulumi.aws.storagegateway.inputs.GetLocalDiskArgs;\nimport com.pulumi.aws.storagegateway.Cache;\nimport com.pulumi.aws.storagegateway.CacheArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testVolumeAttachment = new VolumeAttachment(\"testVolumeAttachment\", VolumeAttachmentArgs.builder() \n .deviceName(\"/dev/xvdb\")\n .volumeId(testAwsEbsVolume.id())\n .instanceId(testAwsInstance.id())\n .build());\n\n final var test = StoragegatewayFunctions.getLocalDisk(GetLocalDiskArgs.builder()\n .diskNode(testAwsVolumeAttachment.deviceName())\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n var testCache = new Cache(\"testCache\", CacheArgs.builder() \n .diskId(test.applyValue(getLocalDiskResult -\u003e getLocalDiskResult.diskId()))\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVolumeAttachment:\n type: aws:ec2:VolumeAttachment\n name: test\n properties:\n deviceName: /dev/xvdb\n volumeId: ${testAwsEbsVolume.id}\n instanceId: ${testAwsInstance.id}\n testCache:\n type: aws:storagegateway:Cache\n name: test\n properties:\n diskId: ${test.diskId}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:storagegateway:getLocalDisk\n Arguments:\n diskNode: ${testAwsVolumeAttachment.deviceName}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### FSx File Gateway\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_FSX_SMB\",\n smbActiveDirectorySettings: {\n domainName: \"corp.example.com\",\n password: \"avoid-plaintext-passwords\",\n username: \"Admin\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_FSX_SMB\",\n smb_active_directory_settings=aws.storagegateway.GatewaySmbActiveDirectorySettingsArgs(\n domain_name=\"corp.example.com\",\n password=\"avoid-plaintext-passwords\",\n username=\"Admin\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_FSX_SMB\",\n SmbActiveDirectorySettings = new Aws.StorageGateway.Inputs.GatewaySmbActiveDirectorySettingsArgs\n {\n DomainName = \"corp.example.com\",\n Password = \"avoid-plaintext-passwords\",\n Username = \"Admin\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_FSX_SMB\"),\n\t\t\tSmbActiveDirectorySettings: \u0026storagegateway.GatewaySmbActiveDirectorySettingsArgs{\n\t\t\t\tDomainName: pulumi.String(\"corp.example.com\"),\n\t\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport com.pulumi.aws.storagegateway.inputs.GatewaySmbActiveDirectorySettingsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"FILE_FSX_SMB\")\n .smbActiveDirectorySettings(GatewaySmbActiveDirectorySettingsArgs.builder()\n .domainName(\"corp.example.com\")\n .password(\"avoid-plaintext-passwords\")\n .username(\"Admin\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: FILE_FSX_SMB\n smbActiveDirectorySettings:\n domainName: corp.example.com\n password: avoid-plaintext-passwords\n username: Admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### S3 File Gateway\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_S3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_S3\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_S3\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_S3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"FILE_S3\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: FILE_S3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Tape Gateway\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"VTL\",\n mediumChangerType: \"AWS-Gateway-VTL\",\n tapeDriveType: \"IBM-ULT3580-TD5\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"VTL\",\n medium_changer_type=\"AWS-Gateway-VTL\",\n tape_drive_type=\"IBM-ULT3580-TD5\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"VTL\",\n MediumChangerType = \"AWS-Gateway-VTL\",\n TapeDriveType = \"IBM-ULT3580-TD5\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"VTL\"),\n\t\t\tMediumChangerType: pulumi.String(\"AWS-Gateway-VTL\"),\n\t\t\tTapeDriveType: pulumi.String(\"IBM-ULT3580-TD5\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"VTL\")\n .mediumChangerType(\"AWS-Gateway-VTL\")\n .tapeDriveType(\"IBM-ULT3580-TD5\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: VTL\n mediumChangerType: AWS-Gateway-VTL\n tapeDriveType: IBM-ULT3580-TD5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Volume Gateway (Cached)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"CACHED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"CACHED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"CACHED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"CACHED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"CACHED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: CACHED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Volume Gateway (Stored)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"STORED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"STORED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.StorageGateway.Gateway(\"example\", new()\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"STORED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", \u0026storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"STORED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.Gateway;\nimport com.pulumi.aws.storagegateway.GatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .gatewayIpAddress(\"1.2.3.4\")\n .gatewayName(\"example\")\n .gatewayTimezone(\"GMT\")\n .gatewayType(\"STORED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:Gateway\n properties:\n gatewayIpAddress: 1.2.3.4\n gatewayName: example\n gatewayTimezone: GMT\n gatewayType: STORED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_storagegateway_gateway` using the gateway Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:storagegateway/gateway:Gateway example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678\n```\nCertain resource arguments, like `gateway_ip_address` do not have a Storage Gateway API method for reading the information after creation, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", "properties": { "activationKey": { "type": "string", @@ -337344,7 +337344,7 @@ } }, "aws:storagegateway/uploadBuffer:UploadBuffer": { - "description": "Manages an AWS Storage Gateway upload buffer.\n\n\u003e **NOTE:** The Storage Gateway API provides no method to remove an upload buffer disk. Destroying this resource does not perform any Storage Gateway actions.\n\n## Example Usage\n\n### Cached and VTL Gateway Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.storagegateway.getLocalDisk({\n diskNode: testAwsVolumeAttachment.deviceName,\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\nconst testUploadBuffer = new aws.storagegateway.UploadBuffer(\"test\", {\n diskPath: test.then(test =\u003e test.diskPath),\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.storagegateway.get_local_disk(disk_node=test_aws_volume_attachment[\"deviceName\"],\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\ntest_upload_buffer = aws.storagegateway.UploadBuffer(\"test\",\n disk_path=test.disk_path,\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.StorageGateway.GetLocalDisk.Invoke(new()\n {\n DiskNode = testAwsVolumeAttachment.DeviceName,\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n var testUploadBuffer = new Aws.StorageGateway.UploadBuffer(\"test\", new()\n {\n DiskPath = test.Apply(getLocalDiskResult =\u003e getLocalDiskResult.DiskPath),\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := storagegateway.GetLocalDisk(ctx, \u0026storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: pulumi.StringRef(testAwsVolumeAttachment.DeviceName),\n\t\t\tGatewayArn: testAwsStoragegatewayGateway.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewUploadBuffer(ctx, \"test\", \u0026storagegateway.UploadBufferArgs{\n\t\t\tDiskPath: *pulumi.String(test.DiskPath),\n\t\t\tGatewayArn: pulumi.Any(testAwsStoragegatewayGateway.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.StoragegatewayFunctions;\nimport com.pulumi.aws.storagegateway.inputs.GetLocalDiskArgs;\nimport com.pulumi.aws.storagegateway.UploadBuffer;\nimport com.pulumi.aws.storagegateway.UploadBufferArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = StoragegatewayFunctions.getLocalDisk(GetLocalDiskArgs.builder()\n .diskNode(testAwsVolumeAttachment.deviceName())\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n var testUploadBuffer = new UploadBuffer(\"testUploadBuffer\", UploadBufferArgs.builder() \n .diskPath(test.applyValue(getLocalDiskResult -\u003e getLocalDiskResult.diskPath()))\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testUploadBuffer:\n type: aws:storagegateway:UploadBuffer\n name: test\n properties:\n diskPath: ${test.diskPath}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:storagegateway:getLocalDisk\n Arguments:\n diskNode: ${testAwsVolumeAttachment.deviceName}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Stored Gateway Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.storagegateway.getLocalDisk({\n diskNode: testAwsVolumeAttachment.deviceName,\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\nconst example = new aws.storagegateway.UploadBuffer(\"example\", {\n diskId: exampleAwsStoragegatewayLocalDisk.id,\n gatewayArn: exampleAwsStoragegatewayGateway.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.storagegateway.get_local_disk(disk_node=test_aws_volume_attachment[\"deviceName\"],\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\nexample = aws.storagegateway.UploadBuffer(\"example\",\n disk_id=example_aws_storagegateway_local_disk[\"id\"],\n gateway_arn=example_aws_storagegateway_gateway[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.StorageGateway.GetLocalDisk.Invoke(new()\n {\n DiskNode = testAwsVolumeAttachment.DeviceName,\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n var example = new Aws.StorageGateway.UploadBuffer(\"example\", new()\n {\n DiskId = exampleAwsStoragegatewayLocalDisk.Id,\n GatewayArn = exampleAwsStoragegatewayGateway.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.GetLocalDisk(ctx, \u0026storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: pulumi.StringRef(testAwsVolumeAttachment.DeviceName),\n\t\t\tGatewayArn: testAwsStoragegatewayGateway.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewUploadBuffer(ctx, \"example\", \u0026storagegateway.UploadBufferArgs{\n\t\t\tDiskId: pulumi.Any(exampleAwsStoragegatewayLocalDisk.Id),\n\t\t\tGatewayArn: pulumi.Any(exampleAwsStoragegatewayGateway.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.StoragegatewayFunctions;\nimport com.pulumi.aws.storagegateway.inputs.GetLocalDiskArgs;\nimport com.pulumi.aws.storagegateway.UploadBuffer;\nimport com.pulumi.aws.storagegateway.UploadBufferArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = StoragegatewayFunctions.getLocalDisk(GetLocalDiskArgs.builder()\n .diskNode(testAwsVolumeAttachment.deviceName())\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n var example = new UploadBuffer(\"example\", UploadBufferArgs.builder() \n .diskId(exampleAwsStoragegatewayLocalDisk.id())\n .gatewayArn(exampleAwsStoragegatewayGateway.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:UploadBuffer\n properties:\n diskId: ${exampleAwsStoragegatewayLocalDisk.id}\n gatewayArn: ${exampleAwsStoragegatewayGateway.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:storagegateway:getLocalDisk\n Arguments:\n diskNode: ${testAwsVolumeAttachment.deviceName}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_storagegateway_upload_buffer` using the gateway Amazon Resource Name (ARN) and local disk identifier separated with a colon (`:`). For example:\n\n```sh\n$ pulumi import aws:storagegateway/uploadBuffer:UploadBuffer example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678:pci-0000:03:00.0-scsi-0:0:0:0\n```\n", + "description": "Manages an AWS Storage Gateway upload buffer.\n\n\u003e **NOTE:** The Storage Gateway API provides no method to remove an upload buffer disk. Destroying this resource does not perform any Storage Gateway actions.\n\n## Example Usage\n\n### Cached and VTL Gateway Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.storagegateway.getLocalDisk({\n diskNode: testAwsVolumeAttachment.deviceName,\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\nconst testUploadBuffer = new aws.storagegateway.UploadBuffer(\"test\", {\n diskPath: test.then(test =\u003e test.diskPath),\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.storagegateway.get_local_disk(disk_node=test_aws_volume_attachment[\"deviceName\"],\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\ntest_upload_buffer = aws.storagegateway.UploadBuffer(\"test\",\n disk_path=test.disk_path,\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.StorageGateway.GetLocalDisk.Invoke(new()\n {\n DiskNode = testAwsVolumeAttachment.DeviceName,\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n var testUploadBuffer = new Aws.StorageGateway.UploadBuffer(\"test\", new()\n {\n DiskPath = test.Apply(getLocalDiskResult =\u003e getLocalDiskResult.DiskPath),\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := storagegateway.GetLocalDisk(ctx, \u0026storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: pulumi.StringRef(testAwsVolumeAttachment.DeviceName),\n\t\t\tGatewayArn: testAwsStoragegatewayGateway.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewUploadBuffer(ctx, \"test\", \u0026storagegateway.UploadBufferArgs{\n\t\t\tDiskPath: pulumi.String(test.DiskPath),\n\t\t\tGatewayArn: pulumi.Any(testAwsStoragegatewayGateway.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.StoragegatewayFunctions;\nimport com.pulumi.aws.storagegateway.inputs.GetLocalDiskArgs;\nimport com.pulumi.aws.storagegateway.UploadBuffer;\nimport com.pulumi.aws.storagegateway.UploadBufferArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = StoragegatewayFunctions.getLocalDisk(GetLocalDiskArgs.builder()\n .diskNode(testAwsVolumeAttachment.deviceName())\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n var testUploadBuffer = new UploadBuffer(\"testUploadBuffer\", UploadBufferArgs.builder() \n .diskPath(test.applyValue(getLocalDiskResult -\u003e getLocalDiskResult.diskPath()))\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testUploadBuffer:\n type: aws:storagegateway:UploadBuffer\n name: test\n properties:\n diskPath: ${test.diskPath}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:storagegateway:getLocalDisk\n Arguments:\n diskNode: ${testAwsVolumeAttachment.deviceName}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Stored Gateway Type\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.storagegateway.getLocalDisk({\n diskNode: testAwsVolumeAttachment.deviceName,\n gatewayArn: testAwsStoragegatewayGateway.arn,\n});\nconst example = new aws.storagegateway.UploadBuffer(\"example\", {\n diskId: exampleAwsStoragegatewayLocalDisk.id,\n gatewayArn: exampleAwsStoragegatewayGateway.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.storagegateway.get_local_disk(disk_node=test_aws_volume_attachment[\"deviceName\"],\n gateway_arn=test_aws_storagegateway_gateway[\"arn\"])\nexample = aws.storagegateway.UploadBuffer(\"example\",\n disk_id=example_aws_storagegateway_local_disk[\"id\"],\n gateway_arn=example_aws_storagegateway_gateway[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.StorageGateway.GetLocalDisk.Invoke(new()\n {\n DiskNode = testAwsVolumeAttachment.DeviceName,\n GatewayArn = testAwsStoragegatewayGateway.Arn,\n });\n\n var example = new Aws.StorageGateway.UploadBuffer(\"example\", new()\n {\n DiskId = exampleAwsStoragegatewayLocalDisk.Id,\n GatewayArn = exampleAwsStoragegatewayGateway.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.GetLocalDisk(ctx, \u0026storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: pulumi.StringRef(testAwsVolumeAttachment.DeviceName),\n\t\t\tGatewayArn: testAwsStoragegatewayGateway.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewUploadBuffer(ctx, \"example\", \u0026storagegateway.UploadBufferArgs{\n\t\t\tDiskId: pulumi.Any(exampleAwsStoragegatewayLocalDisk.Id),\n\t\t\tGatewayArn: pulumi.Any(exampleAwsStoragegatewayGateway.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.storagegateway.StoragegatewayFunctions;\nimport com.pulumi.aws.storagegateway.inputs.GetLocalDiskArgs;\nimport com.pulumi.aws.storagegateway.UploadBuffer;\nimport com.pulumi.aws.storagegateway.UploadBufferArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = StoragegatewayFunctions.getLocalDisk(GetLocalDiskArgs.builder()\n .diskNode(testAwsVolumeAttachment.deviceName())\n .gatewayArn(testAwsStoragegatewayGateway.arn())\n .build());\n\n var example = new UploadBuffer(\"example\", UploadBufferArgs.builder() \n .diskId(exampleAwsStoragegatewayLocalDisk.id())\n .gatewayArn(exampleAwsStoragegatewayGateway.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:storagegateway:UploadBuffer\n properties:\n diskId: ${exampleAwsStoragegatewayLocalDisk.id}\n gatewayArn: ${exampleAwsStoragegatewayGateway.arn}\nvariables:\n test:\n fn::invoke:\n Function: aws:storagegateway:getLocalDisk\n Arguments:\n diskNode: ${testAwsVolumeAttachment.deviceName}\n gatewayArn: ${testAwsStoragegatewayGateway.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_storagegateway_upload_buffer` using the gateway Amazon Resource Name (ARN) and local disk identifier separated with a colon (`:`). For example:\n\n```sh\n$ pulumi import aws:storagegateway/uploadBuffer:UploadBuffer example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678:pci-0000:03:00.0-scsi-0:0:0:0\n```\n", "properties": { "diskId": { "type": "string", @@ -338294,7 +338294,7 @@ } }, "aws:transcribe/languageModel:LanguageModel": { - "description": "Resource for managing an AWS Transcribe LanguageModel.\n\n\u003e This resource can take a significant amount of time to provision. See Language Model [FAQ](https://aws.amazon.com/transcribe/faqs/) for more details.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"transcribe.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst testPolicy = new aws.iam.RolePolicy(\"test_policy\", {\n name: \"example\",\n role: exampleRole.id,\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n effect: \"Allow\",\n resource: [\"*\"],\n }],\n }),\n});\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {\n bucket: \"example-transcribe\",\n forceDestroy: true,\n});\nconst object = new aws.s3.BucketObjectv2(\"object\", {\n bucket: exampleBucketV2.id,\n key: \"transcribe/test1.txt\",\n source: new pulumi.asset.FileAsset(\"test1.txt\"),\n});\nconst exampleLanguageModel = new aws.transcribe.LanguageModel(\"example\", {\n modelName: \"example\",\n baseModelName: \"NarrowBand\",\n inputDataConfig: {\n dataAccessRoleArn: exampleRole.arn,\n s3Uri: pulumi.interpolate`s3://${exampleBucketV2.id}/transcribe/`,\n },\n languageCode: \"en-US\",\n tags: {\n ENVIRONMENT: \"development\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transcribe.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=example.json)\ntest_policy = aws.iam.RolePolicy(\"test_policy\",\n name=\"example\",\n role=example_role.id,\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n \"effect\": \"Allow\",\n \"resource\": [\"*\"],\n }],\n }))\nexample_bucket_v2 = aws.s3.BucketV2(\"example\",\n bucket=\"example-transcribe\",\n force_destroy=True)\nobject = aws.s3.BucketObjectv2(\"object\",\n bucket=example_bucket_v2.id,\n key=\"transcribe/test1.txt\",\n source=pulumi.FileAsset(\"test1.txt\"))\nexample_language_model = aws.transcribe.LanguageModel(\"example\",\n model_name=\"example\",\n base_model_name=\"NarrowBand\",\n input_data_config=aws.transcribe.LanguageModelInputDataConfigArgs(\n data_access_role_arn=example_role.arn,\n s3_uri=example_bucket_v2.id.apply(lambda id: f\"s3://{id}/transcribe/\"),\n ),\n language_code=\"en-US\",\n tags={\n \"ENVIRONMENT\": \"development\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transcribe.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testPolicy = new Aws.Iam.RolePolicy(\"test_policy\", new()\n {\n Name = \"example\",\n Role = exampleRole.Id,\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"s3:GetObject\",\n \"s3:ListBucket\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = new[]\n {\n \"*\",\n },\n },\n },\n }),\n });\n\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example-transcribe\",\n ForceDestroy = true,\n });\n\n var @object = new Aws.S3.BucketObjectv2(\"object\", new()\n {\n Bucket = exampleBucketV2.Id,\n Key = \"transcribe/test1.txt\",\n Source = new FileAsset(\"test1.txt\"),\n });\n\n var exampleLanguageModel = new Aws.Transcribe.LanguageModel(\"example\", new()\n {\n ModelName = \"example\",\n BaseModelName = \"NarrowBand\",\n InputDataConfig = new Aws.Transcribe.Inputs.LanguageModelInputDataConfigArgs\n {\n DataAccessRoleArn = exampleRole.Arn,\n S3Uri = exampleBucketV2.Id.Apply(id =\u003e $\"s3://{id}/transcribe/\"),\n },\n LanguageCode = \"en-US\",\n Tags = \n {\n { \"ENVIRONMENT\", \"development\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transcribe\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transcribe.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRolePolicy(ctx, \"test_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-transcribe\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObjectv2(ctx, \"object\", \u0026s3.BucketObjectv2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tKey: pulumi.String(\"transcribe/test1.txt\"),\n\t\t\tSource: pulumi.NewFileAsset(\"test1.txt\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcribe.NewLanguageModel(ctx, \"example\", \u0026transcribe.LanguageModelArgs{\n\t\t\tModelName: pulumi.String(\"example\"),\n\t\t\tBaseModelName: pulumi.String(\"NarrowBand\"),\n\t\t\tInputDataConfig: \u0026transcribe.LanguageModelInputDataConfigArgs{\n\t\t\t\tDataAccessRoleArn: exampleRole.Arn,\n\t\t\t\tS3Uri: exampleBucketV2.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"s3://%v/transcribe/\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"ENVIRONMENT\": pulumi.String(\"development\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketObjectv2;\nimport com.pulumi.aws.s3.BucketObjectv2Args;\nimport com.pulumi.aws.transcribe.LanguageModel;\nimport com.pulumi.aws.transcribe.LanguageModelArgs;\nimport com.pulumi.aws.transcribe.inputs.LanguageModelInputDataConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transcribe.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testPolicy = new RolePolicy(\"testPolicy\", RolePolicyArgs.builder() \n .name(\"example\")\n .role(exampleRole.id())\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\n \"s3:GetObject\", \n \"s3:ListBucket\"\n )),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", jsonArray(\"*\"))\n )))\n )))\n .build());\n\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example-transcribe\")\n .forceDestroy(true)\n .build());\n\n var object = new BucketObjectv2(\"object\", BucketObjectv2Args.builder() \n .bucket(exampleBucketV2.id())\n .key(\"transcribe/test1.txt\")\n .source(new FileAsset(\"test1.txt\"))\n .build());\n\n var exampleLanguageModel = new LanguageModel(\"exampleLanguageModel\", LanguageModelArgs.builder() \n .modelName(\"example\")\n .baseModelName(\"NarrowBand\")\n .inputDataConfig(LanguageModelInputDataConfigArgs.builder()\n .dataAccessRoleArn(exampleRole.arn())\n .s3Uri(exampleBucketV2.id().applyValue(id -\u003e String.format(\"s3://%s/transcribe/\", id)))\n .build())\n .languageCode(\"en-US\")\n .tags(Map.of(\"ENVIRONMENT\", \"development\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${example.json}\n testPolicy:\n type: aws:iam:RolePolicy\n name: test_policy\n properties:\n name: example\n role: ${exampleRole.id}\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - s3:GetObject\n - s3:ListBucket\n effect: Allow\n resource:\n - '*'\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example-transcribe\n forceDestroy: true\n object:\n type: aws:s3:BucketObjectv2\n properties:\n bucket: ${exampleBucketV2.id}\n key: transcribe/test1.txt\n source:\n fn::FileAsset: test1.txt\n exampleLanguageModel:\n type: aws:transcribe:LanguageModel\n name: example\n properties:\n modelName: example\n baseModelName: NarrowBand\n inputDataConfig:\n dataAccessRoleArn: ${exampleRole.arn}\n s3Uri: s3://${exampleBucketV2.id}/transcribe/\n languageCode: en-US\n tags:\n ENVIRONMENT: development\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - transcribe.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transcribe LanguageModel using the `model_name`. For example:\n\n```sh\n$ pulumi import aws:transcribe/languageModel:LanguageModel example example-name\n```\n", + "description": "Resource for managing an AWS Transcribe LanguageModel.\n\n\u003e This resource can take a significant amount of time to provision. See Language Model [FAQ](https://aws.amazon.com/transcribe/faqs/) for more details.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"transcribe.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"example\",\n assumeRolePolicy: example.then(example =\u003e example.json),\n});\nconst testPolicy = new aws.iam.RolePolicy(\"test_policy\", {\n name: \"example\",\n role: exampleRole.id,\n policy: JSON.stringify({\n version: \"2012-10-17\",\n statement: [{\n action: [\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n effect: \"Allow\",\n resource: [\"*\"],\n }],\n }),\n});\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {\n bucket: \"example-transcribe\",\n forceDestroy: true,\n});\nconst object = new aws.s3.BucketObjectv2(\"object\", {\n bucket: exampleBucketV2.id,\n key: \"transcribe/test1.txt\",\n source: new pulumi.asset.FileAsset(\"test1.txt\"),\n});\nconst exampleLanguageModel = new aws.transcribe.LanguageModel(\"example\", {\n modelName: \"example\",\n baseModelName: \"NarrowBand\",\n inputDataConfig: {\n dataAccessRoleArn: exampleRole.arn,\n s3Uri: pulumi.interpolate`s3://${exampleBucketV2.id}/transcribe/`,\n },\n languageCode: \"en-US\",\n tags: {\n ENVIRONMENT: \"development\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transcribe.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"example\",\n assume_role_policy=example.json)\ntest_policy = aws.iam.RolePolicy(\"test_policy\",\n name=\"example\",\n role=example_role.id,\n policy=json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\n \"s3:GetObject\",\n \"s3:ListBucket\",\n ],\n \"effect\": \"Allow\",\n \"resource\": [\"*\"],\n }],\n }))\nexample_bucket_v2 = aws.s3.BucketV2(\"example\",\n bucket=\"example-transcribe\",\n force_destroy=True)\nobject = aws.s3.BucketObjectv2(\"object\",\n bucket=example_bucket_v2.id,\n key=\"transcribe/test1.txt\",\n source=pulumi.FileAsset(\"test1.txt\"))\nexample_language_model = aws.transcribe.LanguageModel(\"example\",\n model_name=\"example\",\n base_model_name=\"NarrowBand\",\n input_data_config=aws.transcribe.LanguageModelInputDataConfigArgs(\n data_access_role_arn=example_role.arn,\n s3_uri=example_bucket_v2.id.apply(lambda id: f\"s3://{id}/transcribe/\"),\n ),\n language_code=\"en-US\",\n tags={\n \"ENVIRONMENT\": \"development\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transcribe.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"example\",\n AssumeRolePolicy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testPolicy = new Aws.Iam.RolePolicy(\"test_policy\", new()\n {\n Name = \"example\",\n Role = exampleRole.Id,\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"version\"] = \"2012-10-17\",\n [\"statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"action\"] = new[]\n {\n \"s3:GetObject\",\n \"s3:ListBucket\",\n },\n [\"effect\"] = \"Allow\",\n [\"resource\"] = new[]\n {\n \"*\",\n },\n },\n },\n }),\n });\n\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example-transcribe\",\n ForceDestroy = true,\n });\n\n var @object = new Aws.S3.BucketObjectv2(\"object\", new()\n {\n Bucket = exampleBucketV2.Id,\n Key = \"transcribe/test1.txt\",\n Source = new FileAsset(\"test1.txt\"),\n });\n\n var exampleLanguageModel = new Aws.Transcribe.LanguageModel(\"example\", new()\n {\n ModelName = \"example\",\n BaseModelName = \"NarrowBand\",\n InputDataConfig = new Aws.Transcribe.Inputs.LanguageModelInputDataConfigArgs\n {\n DataAccessRoleArn = exampleRole.Arn,\n S3Uri = exampleBucketV2.Id.Apply(id =\u003e $\"s3://{id}/transcribe/\"),\n },\n LanguageCode = \"en-US\",\n Tags = \n {\n { \"ENVIRONMENT\", \"development\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transcribe\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transcribe.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tAssumeRolePolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"version\": \"2012-10-17\",\n\t\t\t\"statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"action\": []string{\n\t\t\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\t\"effect\": \"Allow\",\n\t\t\t\t\t\"resource\": []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRolePolicy(ctx, \"test_policy\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example-transcribe\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObjectv2(ctx, \"object\", \u0026s3.BucketObjectv2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tKey: pulumi.String(\"transcribe/test1.txt\"),\n\t\t\tSource: pulumi.NewFileAsset(\"test1.txt\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transcribe.NewLanguageModel(ctx, \"example\", \u0026transcribe.LanguageModelArgs{\n\t\t\tModelName: pulumi.String(\"example\"),\n\t\t\tBaseModelName: pulumi.String(\"NarrowBand\"),\n\t\t\tInputDataConfig: \u0026transcribe.LanguageModelInputDataConfigArgs{\n\t\t\t\tDataAccessRoleArn: exampleRole.Arn,\n\t\t\t\tS3Uri: exampleBucketV2.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"s3://%v/transcribe/\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t\tLanguageCode: pulumi.String(\"en-US\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"ENVIRONMENT\": pulumi.String(\"development\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketObjectv2;\nimport com.pulumi.aws.s3.BucketObjectv2Args;\nimport com.pulumi.aws.transcribe.LanguageModel;\nimport com.pulumi.aws.transcribe.LanguageModelArgs;\nimport com.pulumi.aws.transcribe.inputs.LanguageModelInputDataConfigArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transcribe.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"example\")\n .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testPolicy = new RolePolicy(\"testPolicy\", RolePolicyArgs.builder() \n .name(\"example\")\n .role(exampleRole.id())\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"version\", \"2012-10-17\"),\n jsonProperty(\"statement\", jsonArray(jsonObject(\n jsonProperty(\"action\", jsonArray(\n \"s3:GetObject\", \n \"s3:ListBucket\"\n )),\n jsonProperty(\"effect\", \"Allow\"),\n jsonProperty(\"resource\", jsonArray(\"*\"))\n )))\n )))\n .build());\n\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example-transcribe\")\n .forceDestroy(true)\n .build());\n\n var object = new BucketObjectv2(\"object\", BucketObjectv2Args.builder() \n .bucket(exampleBucketV2.id())\n .key(\"transcribe/test1.txt\")\n .source(new FileAsset(\"test1.txt\"))\n .build());\n\n var exampleLanguageModel = new LanguageModel(\"exampleLanguageModel\", LanguageModelArgs.builder() \n .modelName(\"example\")\n .baseModelName(\"NarrowBand\")\n .inputDataConfig(LanguageModelInputDataConfigArgs.builder()\n .dataAccessRoleArn(exampleRole.arn())\n .s3Uri(exampleBucketV2.id().applyValue(id -\u003e String.format(\"s3://%s/transcribe/\", id)))\n .build())\n .languageCode(\"en-US\")\n .tags(Map.of(\"ENVIRONMENT\", \"development\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: example\n assumeRolePolicy: ${example.json}\n testPolicy:\n type: aws:iam:RolePolicy\n name: test_policy\n properties:\n name: example\n role: ${exampleRole.id}\n policy:\n fn::toJSON:\n version: 2012-10-17\n statement:\n - action:\n - s3:GetObject\n - s3:ListBucket\n effect: Allow\n resource:\n - '*'\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example-transcribe\n forceDestroy: true\n object:\n type: aws:s3:BucketObjectv2\n properties:\n bucket: ${exampleBucketV2.id}\n key: transcribe/test1.txt\n source:\n fn::FileAsset: test1.txt\n exampleLanguageModel:\n type: aws:transcribe:LanguageModel\n name: example\n properties:\n modelName: example\n baseModelName: NarrowBand\n inputDataConfig:\n dataAccessRoleArn: ${exampleRole.arn}\n s3Uri: s3://${exampleBucketV2.id}/transcribe/\n languageCode: en-US\n tags:\n ENVIRONMENT: development\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - transcribe.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transcribe LanguageModel using the `model_name`. For example:\n\n```sh\n$ pulumi import aws:transcribe/languageModel:LanguageModel example example-name\n```\n", "properties": { "arn": { "type": "string", @@ -339542,7 +339542,7 @@ } }, "aws:transfer/server:Server": { - "description": "Provides a AWS Transfer Server resource.\n\n\u003e **NOTE on AWS IAM permissions:** If the `endpoint_type` is set to `VPC`, the `ec2:DescribeVpcEndpoints` and `ec2:ModifyVpcEndpoint` [actions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions) are used.\n\n\u003e **NOTE:** Use the `aws.transfer.Tag` resource to manage the system tags used for [custom hostnames](https://docs.aws.amazon.com/transfer/latest/userguide/requirements-dns.html#tag-custom-hostname-cdk).\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {tags: {\n Name: \"Example\",\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\", tags={\n \"Name\": \"Example\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n Tags = \n {\n { \"Name\", \"Example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .tags(Map.of(\"Name\", \"Example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n tags:\n Name: Example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Security Policy Name\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {securityPolicyName: \"TransferSecurityPolicy-2020-06\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\", security_policy_name=\"TransferSecurityPolicy-2020-06\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n SecurityPolicyName = \"TransferSecurityPolicy-2020-06\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tSecurityPolicyName: pulumi.String(\"TransferSecurityPolicy-2020-06\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .securityPolicyName(\"TransferSecurityPolicy-2020-06\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n securityPolicyName: TransferSecurityPolicy-2020-06\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### VPC Endpoint\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n endpointType: \"VPC\",\n endpointDetails: {\n addressAllocationIds: [exampleAwsEip.id],\n subnetIds: [exampleAwsSubnet.id],\n vpcId: exampleAwsVpc.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n endpoint_type=\"VPC\",\n endpoint_details=aws.transfer.ServerEndpointDetailsArgs(\n address_allocation_ids=[example_aws_eip[\"id\"]],\n subnet_ids=[example_aws_subnet[\"id\"]],\n vpc_id=example_aws_vpc[\"id\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n EndpointType = \"VPC\",\n EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs\n {\n AddressAllocationIds = new[]\n {\n exampleAwsEip.Id,\n },\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n VpcId = exampleAwsVpc.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"VPC\"),\n\t\t\tEndpointDetails: \u0026transfer.ServerEndpointDetailsArgs{\n\t\t\t\tAddressAllocationIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsEip.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .endpointType(\"VPC\")\n .endpointDetails(ServerEndpointDetailsArgs.builder()\n .addressAllocationIds(exampleAwsEip.id())\n .subnetIds(exampleAwsSubnet.id())\n .vpcId(exampleAwsVpc.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n endpointType: VPC\n endpointDetails:\n addressAllocationIds:\n - ${exampleAwsEip.id}\n subnetIds:\n - ${exampleAwsSubnet.id}\n vpcId: ${exampleAwsVpc.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### AWS Directory authentication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n identityProviderType: \"AWS_DIRECTORY_SERVICE\",\n directoryId: exampleAwsDirectoryServiceDirectory.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n identity_provider_type=\"AWS_DIRECTORY_SERVICE\",\n directory_id=example_aws_directory_service_directory[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n IdentityProviderType = \"AWS_DIRECTORY_SERVICE\",\n DirectoryId = exampleAwsDirectoryServiceDirectory.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"AWS_DIRECTORY_SERVICE\"),\n\t\t\tDirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .identityProviderType(\"AWS_DIRECTORY_SERVICE\")\n .directoryId(exampleAwsDirectoryServiceDirectory.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n identityProviderType: AWS_DIRECTORY_SERVICE\n directoryId: ${exampleAwsDirectoryServiceDirectory.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### AWS Lambda authentication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n identityProviderType: \"AWS_LAMBDA\",\n \"function\": exampleAwsLambdaIdentityProvider.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n identity_provider_type=\"AWS_LAMBDA\",\n function=example_aws_lambda_identity_provider[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n IdentityProviderType = \"AWS_LAMBDA\",\n Function = exampleAwsLambdaIdentityProvider.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"AWS_LAMBDA\"),\n\t\t\tFunction: pulumi.Any(exampleAwsLambdaIdentityProvider.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .identityProviderType(\"AWS_LAMBDA\")\n .function(exampleAwsLambdaIdentityProvider.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n identityProviderType: AWS_LAMBDA\n function: ${exampleAwsLambdaIdentityProvider.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Protocols\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n endpointType: \"VPC\",\n endpointDetails: {\n subnetIds: [exampleAwsSubnet.id],\n vpcId: exampleAwsVpc.id,\n },\n protocols: [\n \"FTP\",\n \"FTPS\",\n ],\n certificate: exampleAwsAcmCertificate.arn,\n identityProviderType: \"API_GATEWAY\",\n url: `${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n endpoint_type=\"VPC\",\n endpoint_details=aws.transfer.ServerEndpointDetailsArgs(\n subnet_ids=[example_aws_subnet[\"id\"]],\n vpc_id=example_aws_vpc[\"id\"],\n ),\n protocols=[\n \"FTP\",\n \"FTPS\",\n ],\n certificate=example_aws_acm_certificate[\"arn\"],\n identity_provider_type=\"API_GATEWAY\",\n url=f\"{example_aws_api_gateway_deployment['invokeUrl']}{example_aws_api_gateway_resource['path']}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n EndpointType = \"VPC\",\n EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs\n {\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n VpcId = exampleAwsVpc.Id,\n },\n Protocols = new[]\n {\n \"FTP\",\n \"FTPS\",\n },\n Certificate = exampleAwsAcmCertificate.Arn,\n IdentityProviderType = \"API_GATEWAY\",\n Url = $\"{exampleAwsApiGatewayDeployment.InvokeUrl}{exampleAwsApiGatewayResource.Path}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"VPC\"),\n\t\t\tEndpointDetails: \u0026transfer.ServerEndpointDetailsArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\t},\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FTP\"),\n\t\t\t\tpulumi.String(\"FTPS\"),\n\t\t\t},\n\t\t\tCertificate: pulumi.Any(exampleAwsAcmCertificate.Arn),\n\t\t\tIdentityProviderType: pulumi.String(\"API_GATEWAY\"),\n\t\t\tUrl: pulumi.String(fmt.Sprintf(\"%v%v\", exampleAwsApiGatewayDeployment.InvokeUrl, exampleAwsApiGatewayResource.Path)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .endpointType(\"VPC\")\n .endpointDetails(ServerEndpointDetailsArgs.builder()\n .subnetIds(exampleAwsSubnet.id())\n .vpcId(exampleAwsVpc.id())\n .build())\n .protocols( \n \"FTP\",\n \"FTPS\")\n .certificate(exampleAwsAcmCertificate.arn())\n .identityProviderType(\"API_GATEWAY\")\n .url(String.format(\"%s%s\", exampleAwsApiGatewayDeployment.invokeUrl(),exampleAwsApiGatewayResource.path()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n endpointType: VPC\n endpointDetails:\n subnetIds:\n - ${exampleAwsSubnet.id}\n vpcId: ${exampleAwsVpc.id}\n protocols:\n - FTP\n - FTPS\n certificate: ${exampleAwsAcmCertificate.arn}\n identityProviderType: API_GATEWAY\n url: ${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using Structured Logging Destinations\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst transfer = new aws.cloudwatch.LogGroup(\"transfer\", {namePrefix: \"transfer_test_\"});\nconst transferAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transfer.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForTransfer = new aws.iam.Role(\"iam_for_transfer\", {\n namePrefix: \"iam_for_transfer_\",\n assumeRolePolicy: transferAssumeRole.then(transferAssumeRole =\u003e transferAssumeRole.json),\n managedPolicyArns: [\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\"],\n});\nconst transferServer = new aws.transfer.Server(\"transfer\", {\n endpointType: \"PUBLIC\",\n loggingRole: iamForTransfer.arn,\n protocols: [\"SFTP\"],\n structuredLogDestinations: [pulumi.interpolate`${transfer.arn}:*`],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntransfer = aws.cloudwatch.LogGroup(\"transfer\", name_prefix=\"transfer_test_\")\ntransfer_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transfer.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_transfer = aws.iam.Role(\"iam_for_transfer\",\n name_prefix=\"iam_for_transfer_\",\n assume_role_policy=transfer_assume_role.json,\n managed_policy_arns=[\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\"])\ntransfer_server = aws.transfer.Server(\"transfer\",\n endpoint_type=\"PUBLIC\",\n logging_role=iam_for_transfer.arn,\n protocols=[\"SFTP\"],\n structured_log_destinations=[transfer.arn.apply(lambda arn: f\"{arn}:*\")])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var transfer = new Aws.CloudWatch.LogGroup(\"transfer\", new()\n {\n NamePrefix = \"transfer_test_\",\n });\n\n var transferAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transfer.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForTransfer = new Aws.Iam.Role(\"iam_for_transfer\", new()\n {\n NamePrefix = \"iam_for_transfer_\",\n AssumeRolePolicy = transferAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n ManagedPolicyArns = new[]\n {\n \"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\",\n },\n });\n\n var transferServer = new Aws.Transfer.Server(\"transfer\", new()\n {\n EndpointType = \"PUBLIC\",\n LoggingRole = iamForTransfer.Arn,\n Protocols = new[]\n {\n \"SFTP\",\n },\n StructuredLogDestinations = new[]\n {\n transfer.Arn.Apply(arn =\u003e $\"{arn}:*\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttransfer, err := cloudwatch.NewLogGroup(ctx, \"transfer\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tNamePrefix: pulumi.String(\"transfer_test_\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttransferAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transfer.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForTransfer, err := iam.NewRole(ctx, \"iam_for_transfer\", \u0026iam.RoleArgs{\n\t\t\tNamePrefix: pulumi.String(\"iam_for_transfer_\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(transferAssumeRole.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewServer(ctx, \"transfer\", \u0026transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"PUBLIC\"),\n\t\t\tLoggingRole: iamForTransfer.Arn,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SFTP\"),\n\t\t\t},\n\t\t\tStructuredLogDestinations: pulumi.StringArray{\n\t\t\t\ttransfer.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var transfer = new LogGroup(\"transfer\", LogGroupArgs.builder() \n .namePrefix(\"transfer_test_\")\n .build());\n\n final var transferAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transfer.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForTransfer = new Role(\"iamForTransfer\", RoleArgs.builder() \n .namePrefix(\"iam_for_transfer_\")\n .assumeRolePolicy(transferAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .managedPolicyArns(\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\")\n .build());\n\n var transferServer = new Server(\"transferServer\", ServerArgs.builder() \n .endpointType(\"PUBLIC\")\n .loggingRole(iamForTransfer.arn())\n .protocols(\"SFTP\")\n .structuredLogDestinations(transfer.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n transfer:\n type: aws:cloudwatch:LogGroup\n properties:\n namePrefix: transfer_test_\n iamForTransfer:\n type: aws:iam:Role\n name: iam_for_transfer\n properties:\n namePrefix: iam_for_transfer_\n assumeRolePolicy: ${transferAssumeRole.json}\n managedPolicyArns:\n - arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\n transferServer:\n type: aws:transfer:Server\n name: transfer\n properties:\n endpointType: PUBLIC\n loggingRole: ${iamForTransfer.arn}\n protocols:\n - SFTP\n structuredLogDestinations:\n - ${transfer.arn}:*\nvariables:\n transferAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transfer.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transfer Servers using the server `id`. For example:\n\n```sh\n$ pulumi import aws:transfer/server:Server example s-12345678\n```\nCertain resource arguments, such as `host_key`, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource.\n\n", + "description": "Provides a AWS Transfer Server resource.\n\n\u003e **NOTE on AWS IAM permissions:** If the `endpoint_type` is set to `VPC`, the `ec2:DescribeVpcEndpoints` and `ec2:ModifyVpcEndpoint` [actions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions) are used.\n\n\u003e **NOTE:** Use the `aws.transfer.Tag` resource to manage the system tags used for [custom hostnames](https://docs.aws.amazon.com/transfer/latest/userguide/requirements-dns.html#tag-custom-hostname-cdk).\n\n## Example Usage\n\n### Basic\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {tags: {\n Name: \"Example\",\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\", tags={\n \"Name\": \"Example\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n Tags = \n {\n { \"Name\", \"Example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .tags(Map.of(\"Name\", \"Example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n tags:\n Name: Example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Security Policy Name\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {securityPolicyName: \"TransferSecurityPolicy-2020-06\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\", security_policy_name=\"TransferSecurityPolicy-2020-06\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n SecurityPolicyName = \"TransferSecurityPolicy-2020-06\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tSecurityPolicyName: pulumi.String(\"TransferSecurityPolicy-2020-06\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .securityPolicyName(\"TransferSecurityPolicy-2020-06\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n securityPolicyName: TransferSecurityPolicy-2020-06\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### VPC Endpoint\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n endpointType: \"VPC\",\n endpointDetails: {\n addressAllocationIds: [exampleAwsEip.id],\n subnetIds: [exampleAwsSubnet.id],\n vpcId: exampleAwsVpc.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n endpoint_type=\"VPC\",\n endpoint_details=aws.transfer.ServerEndpointDetailsArgs(\n address_allocation_ids=[example_aws_eip[\"id\"]],\n subnet_ids=[example_aws_subnet[\"id\"]],\n vpc_id=example_aws_vpc[\"id\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n EndpointType = \"VPC\",\n EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs\n {\n AddressAllocationIds = new[]\n {\n exampleAwsEip.Id,\n },\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n VpcId = exampleAwsVpc.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"VPC\"),\n\t\t\tEndpointDetails: \u0026transfer.ServerEndpointDetailsArgs{\n\t\t\t\tAddressAllocationIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsEip.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .endpointType(\"VPC\")\n .endpointDetails(ServerEndpointDetailsArgs.builder()\n .addressAllocationIds(exampleAwsEip.id())\n .subnetIds(exampleAwsSubnet.id())\n .vpcId(exampleAwsVpc.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n endpointType: VPC\n endpointDetails:\n addressAllocationIds:\n - ${exampleAwsEip.id}\n subnetIds:\n - ${exampleAwsSubnet.id}\n vpcId: ${exampleAwsVpc.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### AWS Directory authentication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n identityProviderType: \"AWS_DIRECTORY_SERVICE\",\n directoryId: exampleAwsDirectoryServiceDirectory.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n identity_provider_type=\"AWS_DIRECTORY_SERVICE\",\n directory_id=example_aws_directory_service_directory[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n IdentityProviderType = \"AWS_DIRECTORY_SERVICE\",\n DirectoryId = exampleAwsDirectoryServiceDirectory.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"AWS_DIRECTORY_SERVICE\"),\n\t\t\tDirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .identityProviderType(\"AWS_DIRECTORY_SERVICE\")\n .directoryId(exampleAwsDirectoryServiceDirectory.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n identityProviderType: AWS_DIRECTORY_SERVICE\n directoryId: ${exampleAwsDirectoryServiceDirectory.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### AWS Lambda authentication\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n identityProviderType: \"AWS_LAMBDA\",\n \"function\": exampleAwsLambdaIdentityProvider.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n identity_provider_type=\"AWS_LAMBDA\",\n function=example_aws_lambda_identity_provider[\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n IdentityProviderType = \"AWS_LAMBDA\",\n Function = exampleAwsLambdaIdentityProvider.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"AWS_LAMBDA\"),\n\t\t\tFunction: pulumi.Any(exampleAwsLambdaIdentityProvider.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .identityProviderType(\"AWS_LAMBDA\")\n .function(exampleAwsLambdaIdentityProvider.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n identityProviderType: AWS_LAMBDA\n function: ${exampleAwsLambdaIdentityProvider.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Protocols\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n endpointType: \"VPC\",\n endpointDetails: {\n subnetIds: [exampleAwsSubnet.id],\n vpcId: exampleAwsVpc.id,\n },\n protocols: [\n \"FTP\",\n \"FTPS\",\n ],\n certificate: exampleAwsAcmCertificate.arn,\n identityProviderType: \"API_GATEWAY\",\n url: `${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n endpoint_type=\"VPC\",\n endpoint_details=aws.transfer.ServerEndpointDetailsArgs(\n subnet_ids=[example_aws_subnet[\"id\"]],\n vpc_id=example_aws_vpc[\"id\"],\n ),\n protocols=[\n \"FTP\",\n \"FTPS\",\n ],\n certificate=example_aws_acm_certificate[\"arn\"],\n identity_provider_type=\"API_GATEWAY\",\n url=f\"{example_aws_api_gateway_deployment['invokeUrl']}{example_aws_api_gateway_resource['path']}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Transfer.Server(\"example\", new()\n {\n EndpointType = \"VPC\",\n EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs\n {\n SubnetIds = new[]\n {\n exampleAwsSubnet.Id,\n },\n VpcId = exampleAwsVpc.Id,\n },\n Protocols = new[]\n {\n \"FTP\",\n \"FTPS\",\n },\n Certificate = exampleAwsAcmCertificate.Arn,\n IdentityProviderType = \"API_GATEWAY\",\n Url = $\"{exampleAwsApiGatewayDeployment.InvokeUrl}{exampleAwsApiGatewayResource.Path}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"VPC\"),\n\t\t\tEndpointDetails: \u0026transfer.ServerEndpointDetailsArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleAwsSubnet.Id,\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\t},\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FTP\"),\n\t\t\t\tpulumi.String(\"FTPS\"),\n\t\t\t},\n\t\t\tCertificate: pulumi.Any(exampleAwsAcmCertificate.Arn),\n\t\t\tIdentityProviderType: pulumi.String(\"API_GATEWAY\"),\n\t\t\tUrl: pulumi.String(fmt.Sprintf(\"%v%v\", exampleAwsApiGatewayDeployment.InvokeUrl, exampleAwsApiGatewayResource.Path)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Server(\"example\", ServerArgs.builder() \n .endpointType(\"VPC\")\n .endpointDetails(ServerEndpointDetailsArgs.builder()\n .subnetIds(exampleAwsSubnet.id())\n .vpcId(exampleAwsVpc.id())\n .build())\n .protocols( \n \"FTP\",\n \"FTPS\")\n .certificate(exampleAwsAcmCertificate.arn())\n .identityProviderType(\"API_GATEWAY\")\n .url(String.format(\"%s%s\", exampleAwsApiGatewayDeployment.invokeUrl(),exampleAwsApiGatewayResource.path()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:transfer:Server\n properties:\n endpointType: VPC\n endpointDetails:\n subnetIds:\n - ${exampleAwsSubnet.id}\n vpcId: ${exampleAwsVpc.id}\n protocols:\n - FTP\n - FTPS\n certificate: ${exampleAwsAcmCertificate.arn}\n identityProviderType: API_GATEWAY\n url: ${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using Structured Logging Destinations\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst transfer = new aws.cloudwatch.LogGroup(\"transfer\", {namePrefix: \"transfer_test_\"});\nconst transferAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transfer.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForTransfer = new aws.iam.Role(\"iam_for_transfer\", {\n namePrefix: \"iam_for_transfer_\",\n assumeRolePolicy: transferAssumeRole.then(transferAssumeRole =\u003e transferAssumeRole.json),\n managedPolicyArns: [\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\"],\n});\nconst transferServer = new aws.transfer.Server(\"transfer\", {\n endpointType: \"PUBLIC\",\n loggingRole: iamForTransfer.arn,\n protocols: [\"SFTP\"],\n structuredLogDestinations: [pulumi.interpolate`${transfer.arn}:*`],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntransfer = aws.cloudwatch.LogGroup(\"transfer\", name_prefix=\"transfer_test_\")\ntransfer_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transfer.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_transfer = aws.iam.Role(\"iam_for_transfer\",\n name_prefix=\"iam_for_transfer_\",\n assume_role_policy=transfer_assume_role.json,\n managed_policy_arns=[\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\"])\ntransfer_server = aws.transfer.Server(\"transfer\",\n endpoint_type=\"PUBLIC\",\n logging_role=iam_for_transfer.arn,\n protocols=[\"SFTP\"],\n structured_log_destinations=[transfer.arn.apply(lambda arn: f\"{arn}:*\")])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var transfer = new Aws.CloudWatch.LogGroup(\"transfer\", new()\n {\n NamePrefix = \"transfer_test_\",\n });\n\n var transferAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transfer.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForTransfer = new Aws.Iam.Role(\"iam_for_transfer\", new()\n {\n NamePrefix = \"iam_for_transfer_\",\n AssumeRolePolicy = transferAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n ManagedPolicyArns = new[]\n {\n \"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\",\n },\n });\n\n var transferServer = new Aws.Transfer.Server(\"transfer\", new()\n {\n EndpointType = \"PUBLIC\",\n LoggingRole = iamForTransfer.Arn,\n Protocols = new[]\n {\n \"SFTP\",\n },\n StructuredLogDestinations = new[]\n {\n transfer.Arn.Apply(arn =\u003e $\"{arn}:*\"),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttransfer, err := cloudwatch.NewLogGroup(ctx, \"transfer\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tNamePrefix: pulumi.String(\"transfer_test_\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttransferAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transfer.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForTransfer, err := iam.NewRole(ctx, \"iam_for_transfer\", \u0026iam.RoleArgs{\n\t\t\tNamePrefix: pulumi.String(\"iam_for_transfer_\"),\n\t\t\tAssumeRolePolicy: pulumi.String(transferAssumeRole.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewServer(ctx, \"transfer\", \u0026transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"PUBLIC\"),\n\t\t\tLoggingRole: iamForTransfer.Arn,\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SFTP\"),\n\t\t\t},\n\t\t\tStructuredLogDestinations: pulumi.StringArray{\n\t\t\t\ttransfer.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var transfer = new LogGroup(\"transfer\", LogGroupArgs.builder() \n .namePrefix(\"transfer_test_\")\n .build());\n\n final var transferAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transfer.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForTransfer = new Role(\"iamForTransfer\", RoleArgs.builder() \n .namePrefix(\"iam_for_transfer_\")\n .assumeRolePolicy(transferAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .managedPolicyArns(\"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\")\n .build());\n\n var transferServer = new Server(\"transferServer\", ServerArgs.builder() \n .endpointType(\"PUBLIC\")\n .loggingRole(iamForTransfer.arn())\n .protocols(\"SFTP\")\n .structuredLogDestinations(transfer.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n transfer:\n type: aws:cloudwatch:LogGroup\n properties:\n namePrefix: transfer_test_\n iamForTransfer:\n type: aws:iam:Role\n name: iam_for_transfer\n properties:\n namePrefix: iam_for_transfer_\n assumeRolePolicy: ${transferAssumeRole.json}\n managedPolicyArns:\n - arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess\n transferServer:\n type: aws:transfer:Server\n name: transfer\n properties:\n endpointType: PUBLIC\n loggingRole: ${iamForTransfer.arn}\n protocols:\n - SFTP\n structuredLogDestinations:\n - ${transfer.arn}:*\nvariables:\n transferAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transfer.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transfer Servers using the server `id`. For example:\n\n```sh\n$ pulumi import aws:transfer/server:Server example s-12345678\n```\nCertain resource arguments, such as `host_key`, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource.\n\n", "properties": { "arn": { "type": "string", @@ -339883,7 +339883,7 @@ } }, "aws:transfer/sshKey:SshKey": { - "description": "Provides a AWS Transfer User SSH Key resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleServer = new aws.transfer.Server(\"example\", {\n identityProviderType: \"SERVICE_MANAGED\",\n tags: {\n NAME: \"tf-acc-test-transfer-server\",\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transfer.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"tf-test-transfer-user-iam-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleUser = new aws.transfer.User(\"example\", {\n serverId: exampleServer.id,\n userName: \"tftestuser\",\n role: exampleRole.arn,\n tags: {\n NAME: \"tftestuser\",\n },\n});\nconst exampleSshKey = new aws.transfer.SshKey(\"example\", {\n serverId: exampleServer.id,\n userName: exampleUser.userName,\n body: \"... SSH key ...\",\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowFullAccesstoS3\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"tf-test-transfer-user-iam-policy\",\n role: exampleRole.id,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_server = aws.transfer.Server(\"example\",\n identity_provider_type=\"SERVICE_MANAGED\",\n tags={\n \"NAME\": \"tf-acc-test-transfer-server\",\n })\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transfer.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"tf-test-transfer-user-iam-role\",\n assume_role_policy=assume_role.json)\nexample_user = aws.transfer.User(\"example\",\n server_id=example_server.id,\n user_name=\"tftestuser\",\n role=example_role.arn,\n tags={\n \"NAME\": \"tftestuser\",\n })\nexample_ssh_key = aws.transfer.SshKey(\"example\",\n server_id=example_server.id,\n user_name=example_user.user_name,\n body=\"... SSH key ...\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowFullAccesstoS3\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"tf-test-transfer-user-iam-policy\",\n role=example_role.id,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleServer = new Aws.Transfer.Server(\"example\", new()\n {\n IdentityProviderType = \"SERVICE_MANAGED\",\n Tags = \n {\n { \"NAME\", \"tf-acc-test-transfer-server\" },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transfer.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"tf-test-transfer-user-iam-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleUser = new Aws.Transfer.User(\"example\", new()\n {\n ServerId = exampleServer.Id,\n UserName = \"tftestuser\",\n Role = exampleRole.Arn,\n Tags = \n {\n { \"NAME\", \"tftestuser\" },\n },\n });\n\n var exampleSshKey = new Aws.Transfer.SshKey(\"example\", new()\n {\n ServerId = exampleServer.Id,\n UserName = exampleUser.UserName,\n Body = \"... SSH key ...\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowFullAccesstoS3\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"tf-test-transfer-user-iam-policy\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleServer, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"SERVICE_MANAGED\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tf-acc-test-transfer-server\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transfer.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUser, err := transfer.NewUser(ctx, \"example\", \u0026transfer.UserArgs{\n\t\t\tServerId: exampleServer.ID(),\n\t\t\tUserName: pulumi.String(\"tftestuser\"),\n\t\t\tRole: exampleRole.Arn,\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tftestuser\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewSshKey(ctx, \"example\", \u0026transfer.SshKeyArgs{\n\t\t\tServerId: exampleServer.ID(),\n\t\t\tUserName: exampleUser.UserName,\n\t\t\tBody: pulumi.String(\"... SSH key ...\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowFullAccesstoS3\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-policy\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.transfer.User;\nimport com.pulumi.aws.transfer.UserArgs;\nimport com.pulumi.aws.transfer.SshKey;\nimport com.pulumi.aws.transfer.SshKeyArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleServer = new Server(\"exampleServer\", ServerArgs.builder() \n .identityProviderType(\"SERVICE_MANAGED\")\n .tags(Map.of(\"NAME\", \"tf-acc-test-transfer-server\"))\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transfer.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"tf-test-transfer-user-iam-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleUser = new User(\"exampleUser\", UserArgs.builder() \n .serverId(exampleServer.id())\n .userName(\"tftestuser\")\n .role(exampleRole.arn())\n .tags(Map.of(\"NAME\", \"tftestuser\"))\n .build());\n\n var exampleSshKey = new SshKey(\"exampleSshKey\", SshKeyArgs.builder() \n .serverId(exampleServer.id())\n .userName(exampleUser.userName())\n .body(\"... SSH key ...\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowFullAccesstoS3\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"tf-test-transfer-user-iam-policy\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSshKey:\n type: aws:transfer:SshKey\n name: example\n properties:\n serverId: ${exampleServer.id}\n userName: ${exampleUser.userName}\n body: '... SSH key ...'\n exampleServer:\n type: aws:transfer:Server\n name: example\n properties:\n identityProviderType: SERVICE_MANAGED\n tags:\n NAME: tf-acc-test-transfer-server\n exampleUser:\n type: aws:transfer:User\n name: example\n properties:\n serverId: ${exampleServer.id}\n userName: tftestuser\n role: ${exampleRole.arn}\n tags:\n NAME: tftestuser\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: tf-test-transfer-user-iam-role\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: tf-test-transfer-user-iam-policy\n role: ${exampleRole.id}\n policy: ${example.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transfer.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowFullAccesstoS3\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transfer SSH Public Key using the `server_id` and `user_name` and `ssh_public_key_id` separated by `/`. For example:\n\n```sh\n$ pulumi import aws:transfer/sshKey:SshKey bar s-12345678/test-username/key-12345\n```\n", + "description": "Provides a AWS Transfer User SSH Key resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleServer = new aws.transfer.Server(\"example\", {\n identityProviderType: \"SERVICE_MANAGED\",\n tags: {\n NAME: \"tf-acc-test-transfer-server\",\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transfer.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"example\", {\n name: \"tf-test-transfer-user-iam-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst exampleUser = new aws.transfer.User(\"example\", {\n serverId: exampleServer.id,\n userName: \"tftestuser\",\n role: exampleRole.arn,\n tags: {\n NAME: \"tftestuser\",\n },\n});\nconst exampleSshKey = new aws.transfer.SshKey(\"example\", {\n serverId: exampleServer.id,\n userName: exampleUser.userName,\n body: \"... SSH key ...\",\n});\nconst example = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowFullAccesstoS3\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"example\", {\n name: \"tf-test-transfer-user-iam-policy\",\n role: exampleRole.id,\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_server = aws.transfer.Server(\"example\",\n identity_provider_type=\"SERVICE_MANAGED\",\n tags={\n \"NAME\": \"tf-acc-test-transfer-server\",\n })\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transfer.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"example\",\n name=\"tf-test-transfer-user-iam-role\",\n assume_role_policy=assume_role.json)\nexample_user = aws.transfer.User(\"example\",\n server_id=example_server.id,\n user_name=\"tftestuser\",\n role=example_role.arn,\n tags={\n \"NAME\": \"tftestuser\",\n })\nexample_ssh_key = aws.transfer.SshKey(\"example\",\n server_id=example_server.id,\n user_name=example_user.user_name,\n body=\"... SSH key ...\")\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowFullAccesstoS3\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\nexample_role_policy = aws.iam.RolePolicy(\"example\",\n name=\"tf-test-transfer-user-iam-policy\",\n role=example_role.id,\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleServer = new Aws.Transfer.Server(\"example\", new()\n {\n IdentityProviderType = \"SERVICE_MANAGED\",\n Tags = \n {\n { \"NAME\", \"tf-acc-test-transfer-server\" },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transfer.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"tf-test-transfer-user-iam-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleUser = new Aws.Transfer.User(\"example\", new()\n {\n ServerId = exampleServer.Id,\n UserName = \"tftestuser\",\n Role = exampleRole.Arn,\n Tags = \n {\n { \"NAME\", \"tftestuser\" },\n },\n });\n\n var exampleSshKey = new Aws.Transfer.SshKey(\"example\", new()\n {\n ServerId = exampleServer.Id,\n UserName = exampleUser.UserName,\n Body = \"... SSH key ...\",\n });\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowFullAccesstoS3\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"example\", new()\n {\n Name = \"tf-test-transfer-user-iam-policy\",\n Role = exampleRole.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleServer, err := transfer.NewServer(ctx, \"example\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"SERVICE_MANAGED\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tf-acc-test-transfer-server\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transfer.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUser, err := transfer.NewUser(ctx, \"example\", \u0026transfer.UserArgs{\n\t\t\tServerId: exampleServer.ID(),\n\t\t\tUserName: pulumi.String(\"tftestuser\"),\n\t\t\tRole: exampleRole.Arn,\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tftestuser\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewSshKey(ctx, \"example\", \u0026transfer.SshKeyArgs{\n\t\t\tServerId: exampleServer.ID(),\n\t\t\tUserName: exampleUser.UserName,\n\t\t\tBody: pulumi.String(\"... SSH key ...\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowFullAccesstoS3\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"example\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-policy\"),\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.transfer.User;\nimport com.pulumi.aws.transfer.UserArgs;\nimport com.pulumi.aws.transfer.SshKey;\nimport com.pulumi.aws.transfer.SshKeyArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleServer = new Server(\"exampleServer\", ServerArgs.builder() \n .identityProviderType(\"SERVICE_MANAGED\")\n .tags(Map.of(\"NAME\", \"tf-acc-test-transfer-server\"))\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transfer.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .name(\"tf-test-transfer-user-iam-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleUser = new User(\"exampleUser\", UserArgs.builder() \n .serverId(exampleServer.id())\n .userName(\"tftestuser\")\n .role(exampleRole.arn())\n .tags(Map.of(\"NAME\", \"tftestuser\"))\n .build());\n\n var exampleSshKey = new SshKey(\"exampleSshKey\", SshKeyArgs.builder() \n .serverId(exampleServer.id())\n .userName(exampleUser.userName())\n .body(\"... SSH key ...\")\n .build());\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowFullAccesstoS3\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleRolePolicy = new RolePolicy(\"exampleRolePolicy\", RolePolicyArgs.builder() \n .name(\"tf-test-transfer-user-iam-policy\")\n .role(exampleRole.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSshKey:\n type: aws:transfer:SshKey\n name: example\n properties:\n serverId: ${exampleServer.id}\n userName: ${exampleUser.userName}\n body: '... SSH key ...'\n exampleServer:\n type: aws:transfer:Server\n name: example\n properties:\n identityProviderType: SERVICE_MANAGED\n tags:\n NAME: tf-acc-test-transfer-server\n exampleUser:\n type: aws:transfer:User\n name: example\n properties:\n serverId: ${exampleServer.id}\n userName: tftestuser\n role: ${exampleRole.arn}\n tags:\n NAME: tftestuser\n exampleRole:\n type: aws:iam:Role\n name: example\n properties:\n name: tf-test-transfer-user-iam-role\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicy:\n type: aws:iam:RolePolicy\n name: example\n properties:\n name: tf-test-transfer-user-iam-policy\n role: ${exampleRole.id}\n policy: ${example.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transfer.amazonaws.com\n actions:\n - sts:AssumeRole\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowFullAccesstoS3\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transfer SSH Public Key using the `server_id` and `user_name` and `ssh_public_key_id` separated by `/`. For example:\n\n```sh\n$ pulumi import aws:transfer/sshKey:SshKey bar s-12345678/test-username/key-12345\n```\n", "properties": { "body": { "type": "string", @@ -340011,7 +340011,7 @@ } }, "aws:transfer/user:User": { - "description": "Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the `aws.transfer.SshKey` resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooServer = new aws.transfer.Server(\"foo\", {\n identityProviderType: \"SERVICE_MANAGED\",\n tags: {\n NAME: \"tf-acc-test-transfer-server\",\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transfer.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst fooRole = new aws.iam.Role(\"foo\", {\n name: \"tf-test-transfer-user-iam-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst foo = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowFullAccesstoS3\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst fooRolePolicy = new aws.iam.RolePolicy(\"foo\", {\n name: \"tf-test-transfer-user-iam-policy\",\n role: fooRole.id,\n policy: foo.then(foo =\u003e foo.json),\n});\nconst fooUser = new aws.transfer.User(\"foo\", {\n serverId: fooServer.id,\n userName: \"tftestuser\",\n role: fooRole.arn,\n homeDirectoryType: \"LOGICAL\",\n homeDirectoryMappings: [{\n entry: \"/test.pdf\",\n target: \"/bucket3/test-path/tftestuser.pdf\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_server = aws.transfer.Server(\"foo\",\n identity_provider_type=\"SERVICE_MANAGED\",\n tags={\n \"NAME\": \"tf-acc-test-transfer-server\",\n })\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transfer.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfoo_role = aws.iam.Role(\"foo\",\n name=\"tf-test-transfer-user-iam-role\",\n assume_role_policy=assume_role.json)\nfoo = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowFullAccesstoS3\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\nfoo_role_policy = aws.iam.RolePolicy(\"foo\",\n name=\"tf-test-transfer-user-iam-policy\",\n role=foo_role.id,\n policy=foo.json)\nfoo_user = aws.transfer.User(\"foo\",\n server_id=foo_server.id,\n user_name=\"tftestuser\",\n role=foo_role.arn,\n home_directory_type=\"LOGICAL\",\n home_directory_mappings=[aws.transfer.UserHomeDirectoryMappingArgs(\n entry=\"/test.pdf\",\n target=\"/bucket3/test-path/tftestuser.pdf\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooServer = new Aws.Transfer.Server(\"foo\", new()\n {\n IdentityProviderType = \"SERVICE_MANAGED\",\n Tags = \n {\n { \"NAME\", \"tf-acc-test-transfer-server\" },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transfer.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var fooRole = new Aws.Iam.Role(\"foo\", new()\n {\n Name = \"tf-test-transfer-user-iam-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowFullAccesstoS3\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var fooRolePolicy = new Aws.Iam.RolePolicy(\"foo\", new()\n {\n Name = \"tf-test-transfer-user-iam-policy\",\n Role = fooRole.Id,\n Policy = foo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fooUser = new Aws.Transfer.User(\"foo\", new()\n {\n ServerId = fooServer.Id,\n UserName = \"tftestuser\",\n Role = fooRole.Arn,\n HomeDirectoryType = \"LOGICAL\",\n HomeDirectoryMappings = new[]\n {\n new Aws.Transfer.Inputs.UserHomeDirectoryMappingArgs\n {\n Entry = \"/test.pdf\",\n Target = \"/bucket3/test-path/tftestuser.pdf\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooServer, err := transfer.NewServer(ctx, \"foo\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"SERVICE_MANAGED\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tf-acc-test-transfer-server\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transfer.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooRole, err := iam.NewRole(ctx, \"foo\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-role\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowFullAccesstoS3\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"foo\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-policy\"),\n\t\t\tRole: fooRole.ID(),\n\t\t\tPolicy: *pulumi.String(foo.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewUser(ctx, \"foo\", \u0026transfer.UserArgs{\n\t\t\tServerId: fooServer.ID(),\n\t\t\tUserName: pulumi.String(\"tftestuser\"),\n\t\t\tRole: fooRole.Arn,\n\t\t\tHomeDirectoryType: pulumi.String(\"LOGICAL\"),\n\t\t\tHomeDirectoryMappings: transfer.UserHomeDirectoryMappingArray{\n\t\t\t\t\u0026transfer.UserHomeDirectoryMappingArgs{\n\t\t\t\t\tEntry: pulumi.String(\"/test.pdf\"),\n\t\t\t\t\tTarget: pulumi.String(\"/bucket3/test-path/tftestuser.pdf\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.transfer.User;\nimport com.pulumi.aws.transfer.UserArgs;\nimport com.pulumi.aws.transfer.inputs.UserHomeDirectoryMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooServer = new Server(\"fooServer\", ServerArgs.builder() \n .identityProviderType(\"SERVICE_MANAGED\")\n .tags(Map.of(\"NAME\", \"tf-acc-test-transfer-server\"))\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transfer.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var fooRole = new Role(\"fooRole\", RoleArgs.builder() \n .name(\"tf-test-transfer-user-iam-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var foo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowFullAccesstoS3\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var fooRolePolicy = new RolePolicy(\"fooRolePolicy\", RolePolicyArgs.builder() \n .name(\"tf-test-transfer-user-iam-policy\")\n .role(fooRole.id())\n .policy(foo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fooUser = new User(\"fooUser\", UserArgs.builder() \n .serverId(fooServer.id())\n .userName(\"tftestuser\")\n .role(fooRole.arn())\n .homeDirectoryType(\"LOGICAL\")\n .homeDirectoryMappings(UserHomeDirectoryMappingArgs.builder()\n .entry(\"/test.pdf\")\n .target(\"/bucket3/test-path/tftestuser.pdf\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooServer:\n type: aws:transfer:Server\n name: foo\n properties:\n identityProviderType: SERVICE_MANAGED\n tags:\n NAME: tf-acc-test-transfer-server\n fooRole:\n type: aws:iam:Role\n name: foo\n properties:\n name: tf-test-transfer-user-iam-role\n assumeRolePolicy: ${assumeRole.json}\n fooRolePolicy:\n type: aws:iam:RolePolicy\n name: foo\n properties:\n name: tf-test-transfer-user-iam-policy\n role: ${fooRole.id}\n policy: ${foo.json}\n fooUser:\n type: aws:transfer:User\n name: foo\n properties:\n serverId: ${fooServer.id}\n userName: tftestuser\n role: ${fooRole.arn}\n homeDirectoryType: LOGICAL\n homeDirectoryMappings:\n - entry: /test.pdf\n target: /bucket3/test-path/tftestuser.pdf\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transfer.amazonaws.com\n actions:\n - sts:AssumeRole\n foo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowFullAccesstoS3\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transfer Users using the `server_id` and `user_name` separated by `/`. For example:\n\n```sh\n$ pulumi import aws:transfer/user:User bar s-12345678/test-username\n```\n", + "description": "Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the `aws.transfer.SshKey` resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooServer = new aws.transfer.Server(\"foo\", {\n identityProviderType: \"SERVICE_MANAGED\",\n tags: {\n NAME: \"tf-acc-test-transfer-server\",\n },\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"transfer.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst fooRole = new aws.iam.Role(\"foo\", {\n name: \"tf-test-transfer-user-iam-role\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst foo = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"AllowFullAccesstoS3\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst fooRolePolicy = new aws.iam.RolePolicy(\"foo\", {\n name: \"tf-test-transfer-user-iam-policy\",\n role: fooRole.id,\n policy: foo.then(foo =\u003e foo.json),\n});\nconst fooUser = new aws.transfer.User(\"foo\", {\n serverId: fooServer.id,\n userName: \"tftestuser\",\n role: fooRole.arn,\n homeDirectoryType: \"LOGICAL\",\n homeDirectoryMappings: [{\n entry: \"/test.pdf\",\n target: \"/bucket3/test-path/tftestuser.pdf\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_server = aws.transfer.Server(\"foo\",\n identity_provider_type=\"SERVICE_MANAGED\",\n tags={\n \"NAME\": \"tf-acc-test-transfer-server\",\n })\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"transfer.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nfoo_role = aws.iam.Role(\"foo\",\n name=\"tf-test-transfer-user-iam-role\",\n assume_role_policy=assume_role.json)\nfoo = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"AllowFullAccesstoS3\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\nfoo_role_policy = aws.iam.RolePolicy(\"foo\",\n name=\"tf-test-transfer-user-iam-policy\",\n role=foo_role.id,\n policy=foo.json)\nfoo_user = aws.transfer.User(\"foo\",\n server_id=foo_server.id,\n user_name=\"tftestuser\",\n role=foo_role.arn,\n home_directory_type=\"LOGICAL\",\n home_directory_mappings=[aws.transfer.UserHomeDirectoryMappingArgs(\n entry=\"/test.pdf\",\n target=\"/bucket3/test-path/tftestuser.pdf\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooServer = new Aws.Transfer.Server(\"foo\", new()\n {\n IdentityProviderType = \"SERVICE_MANAGED\",\n Tags = \n {\n { \"NAME\", \"tf-acc-test-transfer-server\" },\n },\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"transfer.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var fooRole = new Aws.Iam.Role(\"foo\", new()\n {\n Name = \"tf-test-transfer-user-iam-role\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AllowFullAccesstoS3\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var fooRolePolicy = new Aws.Iam.RolePolicy(\"foo\", new()\n {\n Name = \"tf-test-transfer-user-iam-policy\",\n Role = fooRole.Id,\n Policy = foo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var fooUser = new Aws.Transfer.User(\"foo\", new()\n {\n ServerId = fooServer.Id,\n UserName = \"tftestuser\",\n Role = fooRole.Arn,\n HomeDirectoryType = \"LOGICAL\",\n HomeDirectoryMappings = new[]\n {\n new Aws.Transfer.Inputs.UserHomeDirectoryMappingArgs\n {\n Entry = \"/test.pdf\",\n Target = \"/bucket3/test-path/tftestuser.pdf\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooServer, err := transfer.NewServer(ctx, \"foo\", \u0026transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"SERVICE_MANAGED\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tf-acc-test-transfer-server\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"transfer.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooRole, err := iam.NewRole(ctx, \"foo\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"AllowFullAccesstoS3\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"foo\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"tf-test-transfer-user-iam-policy\"),\n\t\t\tRole: fooRole.ID(),\n\t\t\tPolicy: pulumi.String(foo.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewUser(ctx, \"foo\", \u0026transfer.UserArgs{\n\t\t\tServerId: fooServer.ID(),\n\t\t\tUserName: pulumi.String(\"tftestuser\"),\n\t\t\tRole: fooRole.Arn,\n\t\t\tHomeDirectoryType: pulumi.String(\"LOGICAL\"),\n\t\t\tHomeDirectoryMappings: transfer.UserHomeDirectoryMappingArray{\n\t\t\t\t\u0026transfer.UserHomeDirectoryMappingArgs{\n\t\t\t\t\tEntry: pulumi.String(\"/test.pdf\"),\n\t\t\t\t\tTarget: pulumi.String(\"/bucket3/test-path/tftestuser.pdf\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.transfer.Server;\nimport com.pulumi.aws.transfer.ServerArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.transfer.User;\nimport com.pulumi.aws.transfer.UserArgs;\nimport com.pulumi.aws.transfer.inputs.UserHomeDirectoryMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooServer = new Server(\"fooServer\", ServerArgs.builder() \n .identityProviderType(\"SERVICE_MANAGED\")\n .tags(Map.of(\"NAME\", \"tf-acc-test-transfer-server\"))\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"transfer.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var fooRole = new Role(\"fooRole\", RoleArgs.builder() \n .name(\"tf-test-transfer-user-iam-role\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var foo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"AllowFullAccesstoS3\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var fooRolePolicy = new RolePolicy(\"fooRolePolicy\", RolePolicyArgs.builder() \n .name(\"tf-test-transfer-user-iam-policy\")\n .role(fooRole.id())\n .policy(foo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var fooUser = new User(\"fooUser\", UserArgs.builder() \n .serverId(fooServer.id())\n .userName(\"tftestuser\")\n .role(fooRole.arn())\n .homeDirectoryType(\"LOGICAL\")\n .homeDirectoryMappings(UserHomeDirectoryMappingArgs.builder()\n .entry(\"/test.pdf\")\n .target(\"/bucket3/test-path/tftestuser.pdf\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooServer:\n type: aws:transfer:Server\n name: foo\n properties:\n identityProviderType: SERVICE_MANAGED\n tags:\n NAME: tf-acc-test-transfer-server\n fooRole:\n type: aws:iam:Role\n name: foo\n properties:\n name: tf-test-transfer-user-iam-role\n assumeRolePolicy: ${assumeRole.json}\n fooRolePolicy:\n type: aws:iam:RolePolicy\n name: foo\n properties:\n name: tf-test-transfer-user-iam-policy\n role: ${fooRole.id}\n policy: ${foo.json}\n fooUser:\n type: aws:transfer:User\n name: foo\n properties:\n serverId: ${fooServer.id}\n userName: tftestuser\n role: ${fooRole.arn}\n homeDirectoryType: LOGICAL\n homeDirectoryMappings:\n - entry: /test.pdf\n target: /bucket3/test-path/tftestuser.pdf\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - transfer.amazonaws.com\n actions:\n - sts:AssumeRole\n foo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: AllowFullAccesstoS3\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Transfer Users using the `server_id` and `user_name` separated by `/`. For example:\n\n```sh\n$ pulumi import aws:transfer/user:User bar s-12345678/test-username\n```\n", "properties": { "arn": { "type": "string", @@ -344726,7 +344726,7 @@ } }, "aws:wafregional/webAclAssociation:WebAclAssociation": { - "description": "Manages an association with WAF Regional Web ACL.\n\n\u003e **Note:** An Application Load Balancer can only be associated with one WAF Regional WebACL.\n\n## Example Usage\n\n### Application Load Balancer Association\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {\n name: \"tfIPSet\",\n ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n }],\n});\nconst foo = new aws.wafregional.Rule(\"foo\", {\n name: \"tfWAFRule\",\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst fooWebAcl = new aws.wafregional.WebAcl(\"foo\", {\n name: \"foo\",\n metricName: \"foo\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: foo.id,\n }],\n});\nconst fooVpc = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.1.0.0/16\"});\nconst available = aws.getAvailabilityZones({});\nconst fooSubnet = new aws.ec2.Subnet(\"foo\", {\n vpcId: fooVpc.id,\n cidrBlock: \"10.1.1.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst bar = new aws.ec2.Subnet(\"bar\", {\n vpcId: fooVpc.id,\n cidrBlock: \"10.1.2.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[1]),\n});\nconst fooLoadBalancer = new aws.alb.LoadBalancer(\"foo\", {\n internal: true,\n subnets: [\n fooSubnet.id,\n bar.id,\n ],\n});\nconst fooWebAclAssociation = new aws.wafregional.WebAclAssociation(\"foo\", {\n resourceArn: fooLoadBalancer.arn,\n webAclId: fooWebAcl.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\",\n name=\"tfIPSet\",\n ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n )])\nfoo = aws.wafregional.Rule(\"foo\",\n name=\"tfWAFRule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nfoo_web_acl = aws.wafregional.WebAcl(\"foo\",\n name=\"foo\",\n metric_name=\"foo\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=foo.id,\n )])\nfoo_vpc = aws.ec2.Vpc(\"foo\", cidr_block=\"10.1.0.0/16\")\navailable = aws.get_availability_zones()\nfoo_subnet = aws.ec2.Subnet(\"foo\",\n vpc_id=foo_vpc.id,\n cidr_block=\"10.1.1.0/24\",\n availability_zone=available.names[0])\nbar = aws.ec2.Subnet(\"bar\",\n vpc_id=foo_vpc.id,\n cidr_block=\"10.1.2.0/24\",\n availability_zone=available.names[1])\nfoo_load_balancer = aws.alb.LoadBalancer(\"foo\",\n internal=True,\n subnets=[\n foo_subnet.id,\n bar.id,\n ])\nfoo_web_acl_association = aws.wafregional.WebAclAssociation(\"foo\",\n resource_arn=foo_load_balancer.arn,\n web_acl_id=foo_web_acl.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new()\n {\n Name = \"tfIPSet\",\n IpSetDescriptors = new[]\n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n\n var foo = new Aws.WafRegional.Rule(\"foo\", new()\n {\n Name = \"tfWAFRule\",\n MetricName = \"tfWAFRule\",\n Predicates = new[]\n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n\n var fooWebAcl = new Aws.WafRegional.WebAcl(\"foo\", new()\n {\n Name = \"foo\",\n MetricName = \"foo\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = foo.Id,\n },\n },\n });\n\n var fooVpc = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var available = Aws.GetAvailabilityZones.Invoke();\n\n var fooSubnet = new Aws.Ec2.Subnet(\"foo\", new()\n {\n VpcId = fooVpc.Id,\n CidrBlock = \"10.1.1.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var bar = new Aws.Ec2.Subnet(\"bar\", new()\n {\n VpcId = fooVpc.Id,\n CidrBlock = \"10.1.2.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n });\n\n var fooLoadBalancer = new Aws.Alb.LoadBalancer(\"foo\", new()\n {\n Internal = true,\n Subnets = new[]\n {\n fooSubnet.Id,\n bar.Id,\n },\n });\n\n var fooWebAclAssociation = new Aws.WafRegional.WebAclAssociation(\"foo\", new()\n {\n ResourceArn = fooLoadBalancer.Arn,\n WebAclId = fooWebAcl.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/alb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", \u0026wafregional.IpSetArgs{\n\t\t\tName: pulumi.String(\"tfIPSet\"),\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t\u0026wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := wafregional.NewRule(ctx, \"foo\", \u0026wafregional.RuleArgs{\n\t\t\tName: pulumi.String(\"tfWAFRule\"),\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t\u0026wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooWebAcl, err := wafregional.NewWebAcl(ctx, \"foo\", \u0026wafregional.WebAclArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tMetricName: pulumi.String(\"foo\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: foo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooSubnet, err := ec2.NewSubnet(ctx, \"foo\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewSubnet(ctx, \"bar\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooLoadBalancer, err := alb.NewLoadBalancer(ctx, \"foo\", \u0026alb.LoadBalancerArgs{\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tfooSubnet.ID(),\n\t\t\t\tbar.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAclAssociation(ctx, \"foo\", \u0026wafregional.WebAclAssociationArgs{\n\t\t\tResourceArn: fooLoadBalancer.Arn,\n\t\t\tWebAclId: fooWebAcl.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.IpSet;\nimport com.pulumi.aws.wafregional.IpSetArgs;\nimport com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;\nimport com.pulumi.aws.wafregional.Rule;\nimport com.pulumi.aws.wafregional.RuleArgs;\nimport com.pulumi.aws.wafregional.inputs.RulePredicateArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.alb.LoadBalancer;\nimport com.pulumi.aws.alb.LoadBalancerArgs;\nimport com.pulumi.aws.wafregional.WebAclAssociation;\nimport com.pulumi.aws.wafregional.WebAclAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipset = new IpSet(\"ipset\", IpSetArgs.builder() \n .name(\"tfIPSet\")\n .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()\n .type(\"IPV4\")\n .value(\"192.0.7.0/24\")\n .build())\n .build());\n\n var foo = new Rule(\"foo\", RuleArgs.builder() \n .name(\"tfWAFRule\")\n .metricName(\"tfWAFRule\")\n .predicates(RulePredicateArgs.builder()\n .dataId(ipset.id())\n .negated(false)\n .type(\"IPMatch\")\n .build())\n .build());\n\n var fooWebAcl = new WebAcl(\"fooWebAcl\", WebAclArgs.builder() \n .name(\"foo\")\n .metricName(\"foo\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .action(WebAclRuleActionArgs.builder()\n .type(\"BLOCK\")\n .build())\n .priority(1)\n .ruleId(foo.id())\n .build())\n .build());\n\n var fooVpc = new Vpc(\"fooVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n final var available = AwsFunctions.getAvailabilityZones();\n\n var fooSubnet = new Subnet(\"fooSubnet\", SubnetArgs.builder() \n .vpcId(fooVpc.id())\n .cidrBlock(\"10.1.1.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var bar = new Subnet(\"bar\", SubnetArgs.builder() \n .vpcId(fooVpc.id())\n .cidrBlock(\"10.1.2.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .build());\n\n var fooLoadBalancer = new LoadBalancer(\"fooLoadBalancer\", LoadBalancerArgs.builder() \n .internal(true)\n .subnets( \n fooSubnet.id(),\n bar.id())\n .build());\n\n var fooWebAclAssociation = new WebAclAssociation(\"fooWebAclAssociation\", WebAclAssociationArgs.builder() \n .resourceArn(fooLoadBalancer.arn())\n .webAclId(fooWebAcl.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipset:\n type: aws:wafregional:IpSet\n properties:\n name: tfIPSet\n ipSetDescriptors:\n - type: IPV4\n value: 192.0.7.0/24\n foo:\n type: aws:wafregional:Rule\n properties:\n name: tfWAFRule\n metricName: tfWAFRule\n predicates:\n - dataId: ${ipset.id}\n negated: false\n type: IPMatch\n fooWebAcl:\n type: aws:wafregional:WebAcl\n name: foo\n properties:\n name: foo\n metricName: foo\n defaultAction:\n type: ALLOW\n rules:\n - action:\n type: BLOCK\n priority: 1\n ruleId: ${foo.id}\n fooVpc:\n type: aws:ec2:Vpc\n name: foo\n properties:\n cidrBlock: 10.1.0.0/16\n fooSubnet:\n type: aws:ec2:Subnet\n name: foo\n properties:\n vpcId: ${fooVpc.id}\n cidrBlock: 10.1.1.0/24\n availabilityZone: ${available.names[0]}\n bar:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${fooVpc.id}\n cidrBlock: 10.1.2.0/24\n availabilityZone: ${available.names[1]}\n fooLoadBalancer:\n type: aws:alb:LoadBalancer\n name: foo\n properties:\n internal: true\n subnets:\n - ${fooSubnet.id}\n - ${bar.id}\n fooWebAclAssociation:\n type: aws:wafregional:WebAclAssociation\n name: foo\n properties:\n resourceArn: ${fooLoadBalancer.arn}\n webAclId: ${fooWebAcl.id}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### API Gateway Association\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {\n name: \"tfIPSet\",\n ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n }],\n});\nconst foo = new aws.wafregional.Rule(\"foo\", {\n name: \"tfWAFRule\",\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst fooWebAcl = new aws.wafregional.WebAcl(\"foo\", {\n name: \"foo\",\n metricName: \"foo\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: foo.id,\n }],\n});\nconst example = new aws.apigateway.RestApi(\"example\", {\n body: JSON.stringify({\n openapi: \"3.0.1\",\n info: {\n title: \"example\",\n version: \"1.0\",\n },\n paths: {\n \"/path1\": {\n get: {\n \"x-amazon-apigateway-integration\": {\n httpMethod: \"GET\",\n payloadFormatVersion: \"1.0\",\n type: \"HTTP_PROXY\",\n uri: \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name: \"example\",\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: example.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify(example.body),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: example.id,\n stageName: \"example\",\n});\nconst association = new aws.wafregional.WebAclAssociation(\"association\", {\n resourceArn: exampleStage.arn,\n webAclId: fooWebAcl.id,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nipset = aws.wafregional.IpSet(\"ipset\",\n name=\"tfIPSet\",\n ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n )])\nfoo = aws.wafregional.Rule(\"foo\",\n name=\"tfWAFRule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nfoo_web_acl = aws.wafregional.WebAcl(\"foo\",\n name=\"foo\",\n metric_name=\"foo\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=foo.id,\n )])\nexample = aws.apigateway.RestApi(\"example\",\n body=json.dumps({\n \"openapi\": \"3.0.1\",\n \"info\": {\n \"title\": \"example\",\n \"version\": \"1.0\",\n },\n \"paths\": {\n \"/path1\": {\n \"get\": {\n \"x-amazon-apigateway-integration\": {\n \"httpMethod\": \"GET\",\n \"payloadFormatVersion\": \"1.0\",\n \"type\": \"HTTP_PROXY\",\n \"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name=\"example\")\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps(example.body)).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example.id,\n stage_name=\"example\")\nassociation = aws.wafregional.WebAclAssociation(\"association\",\n resource_arn=example_stage.arn,\n web_acl_id=foo_web_acl.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new()\n {\n Name = \"tfIPSet\",\n IpSetDescriptors = new[]\n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n\n var foo = new Aws.WafRegional.Rule(\"foo\", new()\n {\n Name = \"tfWAFRule\",\n MetricName = \"tfWAFRule\",\n Predicates = new[]\n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n\n var fooWebAcl = new Aws.WafRegional.WebAcl(\"foo\", new()\n {\n Name = \"foo\",\n MetricName = \"foo\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = foo.Id,\n },\n },\n });\n\n var example = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Body = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"openapi\"] = \"3.0.1\",\n [\"info\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"title\"] = \"example\",\n [\"version\"] = \"1.0\",\n },\n [\"paths\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"/path1\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"get\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"x-amazon-apigateway-integration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"httpMethod\"] = \"GET\",\n [\"payloadFormatVersion\"] = \"1.0\",\n [\"type\"] = \"HTTP_PROXY\",\n [\"uri\"] = \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n Name = \"example\",\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = example.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(example.Body)),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = example.Id,\n StageName = \"example\",\n });\n\n var association = new Aws.WafRegional.WebAclAssociation(\"association\", new()\n {\n ResourceArn = exampleStage.Arn,\n WebAclId = fooWebAcl.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", \u0026wafregional.IpSetArgs{\n\t\t\tName: pulumi.String(\"tfIPSet\"),\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t\u0026wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := wafregional.NewRule(ctx, \"foo\", \u0026wafregional.RuleArgs{\n\t\t\tName: pulumi.String(\"tfWAFRule\"),\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t\u0026wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooWebAcl, err := wafregional.NewWebAcl(ctx, \"foo\", \u0026wafregional.WebAclArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tMetricName: pulumi.String(\"foo\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: foo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"openapi\": \"3.0.1\",\n\t\t\t\"info\": map[string]interface{}{\n\t\t\t\t\"title\": \"example\",\n\t\t\t\t\"version\": \"1.0\",\n\t\t\t},\n\t\t\t\"paths\": map[string]interface{}{\n\t\t\t\t\"/path1\": map[string]interface{}{\n\t\t\t\t\t\"get\": map[string]interface{}{\n\t\t\t\t\t\t\"x-amazon-apigateway-integration\": map[string]interface{}{\n\t\t\t\t\t\t\t\"httpMethod\": \"GET\",\n\t\t\t\t\t\t\t\"payloadFormatVersion\": \"1.0\",\n\t\t\t\t\t\t\t\"type\": \"HTTP_PROXY\",\n\t\t\t\t\t\t\t\"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tBody: pulumi.String(json0),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: example.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: example.Body.ApplyT(func(body *string) (pulumi.String, error) {\n\t\t\t\t\t\tvar _zero pulumi.String\n\t\t\t\t\t\ttmpJSON1, err := json.Marshal(body)\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson1 := string(tmpJSON1)\n\t\t\t\t\t\treturn pulumi.String(json1), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStage, err := apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAclAssociation(ctx, \"association\", \u0026wafregional.WebAclAssociationArgs{\n\t\t\tResourceArn: exampleStage.Arn,\n\t\t\tWebAclId: fooWebAcl.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.IpSet;\nimport com.pulumi.aws.wafregional.IpSetArgs;\nimport com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;\nimport com.pulumi.aws.wafregional.Rule;\nimport com.pulumi.aws.wafregional.RuleArgs;\nimport com.pulumi.aws.wafregional.inputs.RulePredicateArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport com.pulumi.aws.wafregional.WebAclAssociation;\nimport com.pulumi.aws.wafregional.WebAclAssociationArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipset = new IpSet(\"ipset\", IpSetArgs.builder() \n .name(\"tfIPSet\")\n .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()\n .type(\"IPV4\")\n .value(\"192.0.7.0/24\")\n .build())\n .build());\n\n var foo = new Rule(\"foo\", RuleArgs.builder() \n .name(\"tfWAFRule\")\n .metricName(\"tfWAFRule\")\n .predicates(RulePredicateArgs.builder()\n .dataId(ipset.id())\n .negated(false)\n .type(\"IPMatch\")\n .build())\n .build());\n\n var fooWebAcl = new WebAcl(\"fooWebAcl\", WebAclArgs.builder() \n .name(\"foo\")\n .metricName(\"foo\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .action(WebAclRuleActionArgs.builder()\n .type(\"BLOCK\")\n .build())\n .priority(1)\n .ruleId(foo.id())\n .build())\n .build());\n\n var example = new RestApi(\"example\", RestApiArgs.builder() \n .body(serializeJson(\n jsonObject(\n jsonProperty(\"openapi\", \"3.0.1\"),\n jsonProperty(\"info\", jsonObject(\n jsonProperty(\"title\", \"example\"),\n jsonProperty(\"version\", \"1.0\")\n )),\n jsonProperty(\"paths\", jsonObject(\n jsonProperty(\"/path1\", jsonObject(\n jsonProperty(\"get\", jsonObject(\n jsonProperty(\"x-amazon-apigateway-integration\", jsonObject(\n jsonProperty(\"httpMethod\", \"GET\"),\n jsonProperty(\"payloadFormatVersion\", \"1.0\"),\n jsonProperty(\"type\", \"HTTP_PROXY\"),\n jsonProperty(\"uri\", \"https://ip-ranges.amazonaws.com/ip-ranges.json\")\n ))\n ))\n ))\n ))\n )))\n .name(\"example\")\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(example.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(example.id())\n .stageName(\"example\")\n .build());\n\n var association = new WebAclAssociation(\"association\", WebAclAssociationArgs.builder() \n .resourceArn(exampleStage.arn())\n .webAclId(fooWebAcl.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipset:\n type: aws:wafregional:IpSet\n properties:\n name: tfIPSet\n ipSetDescriptors:\n - type: IPV4\n value: 192.0.7.0/24\n foo:\n type: aws:wafregional:Rule\n properties:\n name: tfWAFRule\n metricName: tfWAFRule\n predicates:\n - dataId: ${ipset.id}\n negated: false\n type: IPMatch\n fooWebAcl:\n type: aws:wafregional:WebAcl\n name: foo\n properties:\n name: foo\n metricName: foo\n defaultAction:\n type: ALLOW\n rules:\n - action:\n type: BLOCK\n priority: 1\n ruleId: ${foo.id}\n example:\n type: aws:apigateway:RestApi\n properties:\n body:\n fn::toJSON:\n openapi: 3.0.1\n info:\n title: example\n version: '1.0'\n paths:\n /path1:\n get:\n x-amazon-apigateway-integration:\n httpMethod: GET\n payloadFormatVersion: '1.0'\n type: HTTP_PROXY\n uri: https://ip-ranges.amazonaws.com/ip-ranges.json\n name: example\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${example.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON: ${example.body}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${example.id}\n stageName: example\n association:\n type: aws:wafregional:WebAclAssociation\n properties:\n resourceArn: ${exampleStage.arn}\n webAclId: ${fooWebAcl.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import WAF Regional Web ACL Association using their `web_acl_id:resource_arn`. For example:\n\n```sh\n$ pulumi import aws:wafregional/webAclAssociation:WebAclAssociation foo web_acl_id:resource_arn\n```\n", + "description": "Manages an association with WAF Regional Web ACL.\n\n\u003e **Note:** An Application Load Balancer can only be associated with one WAF Regional WebACL.\n\n## Example Usage\n\n### Application Load Balancer Association\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {\n name: \"tfIPSet\",\n ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n }],\n});\nconst foo = new aws.wafregional.Rule(\"foo\", {\n name: \"tfWAFRule\",\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst fooWebAcl = new aws.wafregional.WebAcl(\"foo\", {\n name: \"foo\",\n metricName: \"foo\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: foo.id,\n }],\n});\nconst fooVpc = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.1.0.0/16\"});\nconst available = aws.getAvailabilityZones({});\nconst fooSubnet = new aws.ec2.Subnet(\"foo\", {\n vpcId: fooVpc.id,\n cidrBlock: \"10.1.1.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[0]),\n});\nconst bar = new aws.ec2.Subnet(\"bar\", {\n vpcId: fooVpc.id,\n cidrBlock: \"10.1.2.0/24\",\n availabilityZone: available.then(available =\u003e available.names?.[1]),\n});\nconst fooLoadBalancer = new aws.alb.LoadBalancer(\"foo\", {\n internal: true,\n subnets: [\n fooSubnet.id,\n bar.id,\n ],\n});\nconst fooWebAclAssociation = new aws.wafregional.WebAclAssociation(\"foo\", {\n resourceArn: fooLoadBalancer.arn,\n webAclId: fooWebAcl.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\",\n name=\"tfIPSet\",\n ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n )])\nfoo = aws.wafregional.Rule(\"foo\",\n name=\"tfWAFRule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nfoo_web_acl = aws.wafregional.WebAcl(\"foo\",\n name=\"foo\",\n metric_name=\"foo\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=foo.id,\n )])\nfoo_vpc = aws.ec2.Vpc(\"foo\", cidr_block=\"10.1.0.0/16\")\navailable = aws.get_availability_zones()\nfoo_subnet = aws.ec2.Subnet(\"foo\",\n vpc_id=foo_vpc.id,\n cidr_block=\"10.1.1.0/24\",\n availability_zone=available.names[0])\nbar = aws.ec2.Subnet(\"bar\",\n vpc_id=foo_vpc.id,\n cidr_block=\"10.1.2.0/24\",\n availability_zone=available.names[1])\nfoo_load_balancer = aws.alb.LoadBalancer(\"foo\",\n internal=True,\n subnets=[\n foo_subnet.id,\n bar.id,\n ])\nfoo_web_acl_association = aws.wafregional.WebAclAssociation(\"foo\",\n resource_arn=foo_load_balancer.arn,\n web_acl_id=foo_web_acl.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new()\n {\n Name = \"tfIPSet\",\n IpSetDescriptors = new[]\n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n\n var foo = new Aws.WafRegional.Rule(\"foo\", new()\n {\n Name = \"tfWAFRule\",\n MetricName = \"tfWAFRule\",\n Predicates = new[]\n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n\n var fooWebAcl = new Aws.WafRegional.WebAcl(\"foo\", new()\n {\n Name = \"foo\",\n MetricName = \"foo\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = foo.Id,\n },\n },\n });\n\n var fooVpc = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var available = Aws.GetAvailabilityZones.Invoke();\n\n var fooSubnet = new Aws.Ec2.Subnet(\"foo\", new()\n {\n VpcId = fooVpc.Id,\n CidrBlock = \"10.1.1.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var bar = new Aws.Ec2.Subnet(\"bar\", new()\n {\n VpcId = fooVpc.Id,\n CidrBlock = \"10.1.2.0/24\",\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n });\n\n var fooLoadBalancer = new Aws.Alb.LoadBalancer(\"foo\", new()\n {\n Internal = true,\n Subnets = new[]\n {\n fooSubnet.Id,\n bar.Id,\n },\n });\n\n var fooWebAclAssociation = new Aws.WafRegional.WebAclAssociation(\"foo\", new()\n {\n ResourceArn = fooLoadBalancer.Arn,\n WebAclId = fooWebAcl.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/alb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", \u0026wafregional.IpSetArgs{\n\t\t\tName: pulumi.String(\"tfIPSet\"),\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t\u0026wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := wafregional.NewRule(ctx, \"foo\", \u0026wafregional.RuleArgs{\n\t\t\tName: pulumi.String(\"tfWAFRule\"),\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t\u0026wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooWebAcl, err := wafregional.NewWebAcl(ctx, \"foo\", \u0026wafregional.WebAclArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tMetricName: pulumi.String(\"foo\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: foo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooSubnet, err := ec2.NewSubnet(ctx, \"foo\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewSubnet(ctx, \"bar\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooLoadBalancer, err := alb.NewLoadBalancer(ctx, \"foo\", \u0026alb.LoadBalancerArgs{\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tfooSubnet.ID(),\n\t\t\t\tbar.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAclAssociation(ctx, \"foo\", \u0026wafregional.WebAclAssociationArgs{\n\t\t\tResourceArn: fooLoadBalancer.Arn,\n\t\t\tWebAclId: fooWebAcl.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.IpSet;\nimport com.pulumi.aws.wafregional.IpSetArgs;\nimport com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;\nimport com.pulumi.aws.wafregional.Rule;\nimport com.pulumi.aws.wafregional.RuleArgs;\nimport com.pulumi.aws.wafregional.inputs.RulePredicateArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.alb.LoadBalancer;\nimport com.pulumi.aws.alb.LoadBalancerArgs;\nimport com.pulumi.aws.wafregional.WebAclAssociation;\nimport com.pulumi.aws.wafregional.WebAclAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipset = new IpSet(\"ipset\", IpSetArgs.builder() \n .name(\"tfIPSet\")\n .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()\n .type(\"IPV4\")\n .value(\"192.0.7.0/24\")\n .build())\n .build());\n\n var foo = new Rule(\"foo\", RuleArgs.builder() \n .name(\"tfWAFRule\")\n .metricName(\"tfWAFRule\")\n .predicates(RulePredicateArgs.builder()\n .dataId(ipset.id())\n .negated(false)\n .type(\"IPMatch\")\n .build())\n .build());\n\n var fooWebAcl = new WebAcl(\"fooWebAcl\", WebAclArgs.builder() \n .name(\"foo\")\n .metricName(\"foo\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .action(WebAclRuleActionArgs.builder()\n .type(\"BLOCK\")\n .build())\n .priority(1)\n .ruleId(foo.id())\n .build())\n .build());\n\n var fooVpc = new Vpc(\"fooVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n final var available = AwsFunctions.getAvailabilityZones();\n\n var fooSubnet = new Subnet(\"fooSubnet\", SubnetArgs.builder() \n .vpcId(fooVpc.id())\n .cidrBlock(\"10.1.1.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var bar = new Subnet(\"bar\", SubnetArgs.builder() \n .vpcId(fooVpc.id())\n .cidrBlock(\"10.1.2.0/24\")\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .build());\n\n var fooLoadBalancer = new LoadBalancer(\"fooLoadBalancer\", LoadBalancerArgs.builder() \n .internal(true)\n .subnets( \n fooSubnet.id(),\n bar.id())\n .build());\n\n var fooWebAclAssociation = new WebAclAssociation(\"fooWebAclAssociation\", WebAclAssociationArgs.builder() \n .resourceArn(fooLoadBalancer.arn())\n .webAclId(fooWebAcl.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipset:\n type: aws:wafregional:IpSet\n properties:\n name: tfIPSet\n ipSetDescriptors:\n - type: IPV4\n value: 192.0.7.0/24\n foo:\n type: aws:wafregional:Rule\n properties:\n name: tfWAFRule\n metricName: tfWAFRule\n predicates:\n - dataId: ${ipset.id}\n negated: false\n type: IPMatch\n fooWebAcl:\n type: aws:wafregional:WebAcl\n name: foo\n properties:\n name: foo\n metricName: foo\n defaultAction:\n type: ALLOW\n rules:\n - action:\n type: BLOCK\n priority: 1\n ruleId: ${foo.id}\n fooVpc:\n type: aws:ec2:Vpc\n name: foo\n properties:\n cidrBlock: 10.1.0.0/16\n fooSubnet:\n type: aws:ec2:Subnet\n name: foo\n properties:\n vpcId: ${fooVpc.id}\n cidrBlock: 10.1.1.0/24\n availabilityZone: ${available.names[0]}\n bar:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${fooVpc.id}\n cidrBlock: 10.1.2.0/24\n availabilityZone: ${available.names[1]}\n fooLoadBalancer:\n type: aws:alb:LoadBalancer\n name: foo\n properties:\n internal: true\n subnets:\n - ${fooSubnet.id}\n - ${bar.id}\n fooWebAclAssociation:\n type: aws:wafregional:WebAclAssociation\n name: foo\n properties:\n resourceArn: ${fooLoadBalancer.arn}\n webAclId: ${fooWebAcl.id}\nvariables:\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### API Gateway Association\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {\n name: \"tfIPSet\",\n ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n }],\n});\nconst foo = new aws.wafregional.Rule(\"foo\", {\n name: \"tfWAFRule\",\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst fooWebAcl = new aws.wafregional.WebAcl(\"foo\", {\n name: \"foo\",\n metricName: \"foo\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: foo.id,\n }],\n});\nconst example = new aws.apigateway.RestApi(\"example\", {\n body: JSON.stringify({\n openapi: \"3.0.1\",\n info: {\n title: \"example\",\n version: \"1.0\",\n },\n paths: {\n \"/path1\": {\n get: {\n \"x-amazon-apigateway-integration\": {\n httpMethod: \"GET\",\n payloadFormatVersion: \"1.0\",\n type: \"HTTP_PROXY\",\n uri: \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name: \"example\",\n});\nconst exampleDeployment = new aws.apigateway.Deployment(\"example\", {\n restApi: example.id,\n triggers: {\n redeployment: std.sha1Output({\n input: pulumi.jsonStringify(example.body),\n }).apply(invoke =\u003e invoke.result),\n },\n});\nconst exampleStage = new aws.apigateway.Stage(\"example\", {\n deployment: exampleDeployment.id,\n restApi: example.id,\n stageName: \"example\",\n});\nconst association = new aws.wafregional.WebAclAssociation(\"association\", {\n resourceArn: exampleStage.arn,\n webAclId: fooWebAcl.id,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nipset = aws.wafregional.IpSet(\"ipset\",\n name=\"tfIPSet\",\n ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n )])\nfoo = aws.wafregional.Rule(\"foo\",\n name=\"tfWAFRule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nfoo_web_acl = aws.wafregional.WebAcl(\"foo\",\n name=\"foo\",\n metric_name=\"foo\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=foo.id,\n )])\nexample = aws.apigateway.RestApi(\"example\",\n body=json.dumps({\n \"openapi\": \"3.0.1\",\n \"info\": {\n \"title\": \"example\",\n \"version\": \"1.0\",\n },\n \"paths\": {\n \"/path1\": {\n \"get\": {\n \"x-amazon-apigateway-integration\": {\n \"httpMethod\": \"GET\",\n \"payloadFormatVersion\": \"1.0\",\n \"type\": \"HTTP_PROXY\",\n \"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n name=\"example\")\nexample_deployment = aws.apigateway.Deployment(\"example\",\n rest_api=example.id,\n triggers={\n \"redeployment\": std.sha1_output(input=pulumi.Output.json_dumps(example.body)).apply(lambda invoke: invoke.result),\n })\nexample_stage = aws.apigateway.Stage(\"example\",\n deployment=example_deployment.id,\n rest_api=example.id,\n stage_name=\"example\")\nassociation = aws.wafregional.WebAclAssociation(\"association\",\n resource_arn=example_stage.arn,\n web_acl_id=foo_web_acl.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new()\n {\n Name = \"tfIPSet\",\n IpSetDescriptors = new[]\n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n\n var foo = new Aws.WafRegional.Rule(\"foo\", new()\n {\n Name = \"tfWAFRule\",\n MetricName = \"tfWAFRule\",\n Predicates = new[]\n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n\n var fooWebAcl = new Aws.WafRegional.WebAcl(\"foo\", new()\n {\n Name = \"foo\",\n MetricName = \"foo\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = foo.Id,\n },\n },\n });\n\n var example = new Aws.ApiGateway.RestApi(\"example\", new()\n {\n Body = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"openapi\"] = \"3.0.1\",\n [\"info\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"title\"] = \"example\",\n [\"version\"] = \"1.0\",\n },\n [\"paths\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"/path1\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"get\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"x-amazon-apigateway-integration\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"httpMethod\"] = \"GET\",\n [\"payloadFormatVersion\"] = \"1.0\",\n [\"type\"] = \"HTTP_PROXY\",\n [\"uri\"] = \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n },\n },\n },\n },\n }),\n Name = \"example\",\n });\n\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"example\", new()\n {\n RestApi = example.Id,\n Triggers = \n {\n { \"redeployment\", Std.Sha1.Invoke(new()\n {\n Input = Output.JsonSerialize(Output.Create(example.Body)),\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleStage = new Aws.ApiGateway.Stage(\"example\", new()\n {\n Deployment = exampleDeployment.Id,\n RestApi = example.Id,\n StageName = \"example\",\n });\n\n var association = new Aws.WafRegional.WebAclAssociation(\"association\", new()\n {\n ResourceArn = exampleStage.Arn,\n WebAclId = fooWebAcl.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", \u0026wafregional.IpSetArgs{\n\t\t\tName: pulumi.String(\"tfIPSet\"),\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t\u0026wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := wafregional.NewRule(ctx, \"foo\", \u0026wafregional.RuleArgs{\n\t\t\tName: pulumi.String(\"tfWAFRule\"),\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t\u0026wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooWebAcl, err := wafregional.NewWebAcl(ctx, \"foo\", \u0026wafregional.WebAclArgs{\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t\tMetricName: pulumi.String(\"foo\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: foo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"openapi\": \"3.0.1\",\n\t\t\t\"info\": map[string]interface{}{\n\t\t\t\t\"title\": \"example\",\n\t\t\t\t\"version\": \"1.0\",\n\t\t\t},\n\t\t\t\"paths\": map[string]interface{}{\n\t\t\t\t\"/path1\": map[string]interface{}{\n\t\t\t\t\t\"get\": map[string]interface{}{\n\t\t\t\t\t\t\"x-amazon-apigateway-integration\": map[string]interface{}{\n\t\t\t\t\t\t\t\"httpMethod\": \"GET\",\n\t\t\t\t\t\t\t\"payloadFormatVersion\": \"1.0\",\n\t\t\t\t\t\t\t\"type\": \"HTTP_PROXY\",\n\t\t\t\t\t\t\t\"uri\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := apigateway.NewRestApi(ctx, \"example\", \u0026apigateway.RestApiArgs{\n\t\t\tBody: pulumi.String(json0),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"example\", \u0026apigateway.DeploymentArgs{\n\t\t\tRestApi: example.ID(),\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"redeployment\": std.Sha1Output(ctx, std.Sha1OutputArgs{\n\t\t\t\t\tInput: example.Body.ApplyT(func(body *string) (pulumi.String, error) {\n\t\t\t\t\t\tvar _zero pulumi.String\n\t\t\t\t\t\ttmpJSON1, err := json.Marshal(body)\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t\t}\n\t\t\t\t\t\tjson1 := string(tmpJSON1)\n\t\t\t\t\t\treturn pulumi.String(json1), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t}, nil).ApplyT(func(invoke std.Sha1Result) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStage, err := apigateway.NewStage(ctx, \"example\", \u0026apigateway.StageArgs{\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t\tRestApi: example.ID(),\n\t\t\tStageName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAclAssociation(ctx, \"association\", \u0026wafregional.WebAclAssociationArgs{\n\t\t\tResourceArn: exampleStage.Arn,\n\t\t\tWebAclId: fooWebAcl.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.IpSet;\nimport com.pulumi.aws.wafregional.IpSetArgs;\nimport com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;\nimport com.pulumi.aws.wafregional.Rule;\nimport com.pulumi.aws.wafregional.RuleArgs;\nimport com.pulumi.aws.wafregional.inputs.RulePredicateArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Deployment;\nimport com.pulumi.aws.apigateway.DeploymentArgs;\nimport com.pulumi.aws.apigateway.Stage;\nimport com.pulumi.aws.apigateway.StageArgs;\nimport com.pulumi.aws.wafregional.WebAclAssociation;\nimport com.pulumi.aws.wafregional.WebAclAssociationArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipset = new IpSet(\"ipset\", IpSetArgs.builder() \n .name(\"tfIPSet\")\n .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()\n .type(\"IPV4\")\n .value(\"192.0.7.0/24\")\n .build())\n .build());\n\n var foo = new Rule(\"foo\", RuleArgs.builder() \n .name(\"tfWAFRule\")\n .metricName(\"tfWAFRule\")\n .predicates(RulePredicateArgs.builder()\n .dataId(ipset.id())\n .negated(false)\n .type(\"IPMatch\")\n .build())\n .build());\n\n var fooWebAcl = new WebAcl(\"fooWebAcl\", WebAclArgs.builder() \n .name(\"foo\")\n .metricName(\"foo\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .action(WebAclRuleActionArgs.builder()\n .type(\"BLOCK\")\n .build())\n .priority(1)\n .ruleId(foo.id())\n .build())\n .build());\n\n var example = new RestApi(\"example\", RestApiArgs.builder() \n .body(serializeJson(\n jsonObject(\n jsonProperty(\"openapi\", \"3.0.1\"),\n jsonProperty(\"info\", jsonObject(\n jsonProperty(\"title\", \"example\"),\n jsonProperty(\"version\", \"1.0\")\n )),\n jsonProperty(\"paths\", jsonObject(\n jsonProperty(\"/path1\", jsonObject(\n jsonProperty(\"get\", jsonObject(\n jsonProperty(\"x-amazon-apigateway-integration\", jsonObject(\n jsonProperty(\"httpMethod\", \"GET\"),\n jsonProperty(\"payloadFormatVersion\", \"1.0\"),\n jsonProperty(\"type\", \"HTTP_PROXY\"),\n jsonProperty(\"uri\", \"https://ip-ranges.amazonaws.com/ip-ranges.json\")\n ))\n ))\n ))\n ))\n )))\n .name(\"example\")\n .build());\n\n var exampleDeployment = new Deployment(\"exampleDeployment\", DeploymentArgs.builder() \n .restApi(example.id())\n .triggers(Map.of(\"redeployment\", StdFunctions.sha1().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n var exampleStage = new Stage(\"exampleStage\", StageArgs.builder() \n .deployment(exampleDeployment.id())\n .restApi(example.id())\n .stageName(\"example\")\n .build());\n\n var association = new WebAclAssociation(\"association\", WebAclAssociationArgs.builder() \n .resourceArn(exampleStage.arn())\n .webAclId(fooWebAcl.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipset:\n type: aws:wafregional:IpSet\n properties:\n name: tfIPSet\n ipSetDescriptors:\n - type: IPV4\n value: 192.0.7.0/24\n foo:\n type: aws:wafregional:Rule\n properties:\n name: tfWAFRule\n metricName: tfWAFRule\n predicates:\n - dataId: ${ipset.id}\n negated: false\n type: IPMatch\n fooWebAcl:\n type: aws:wafregional:WebAcl\n name: foo\n properties:\n name: foo\n metricName: foo\n defaultAction:\n type: ALLOW\n rules:\n - action:\n type: BLOCK\n priority: 1\n ruleId: ${foo.id}\n example:\n type: aws:apigateway:RestApi\n properties:\n body:\n fn::toJSON:\n openapi: 3.0.1\n info:\n title: example\n version: '1.0'\n paths:\n /path1:\n get:\n x-amazon-apigateway-integration:\n httpMethod: GET\n payloadFormatVersion: '1.0'\n type: HTTP_PROXY\n uri: https://ip-ranges.amazonaws.com/ip-ranges.json\n name: example\n exampleDeployment:\n type: aws:apigateway:Deployment\n name: example\n properties:\n restApi: ${example.id}\n triggers:\n redeployment:\n fn::invoke:\n Function: std:sha1\n Arguments:\n input:\n fn::toJSON: ${example.body}\n Return: result\n exampleStage:\n type: aws:apigateway:Stage\n name: example\n properties:\n deployment: ${exampleDeployment.id}\n restApi: ${example.id}\n stageName: example\n association:\n type: aws:wafregional:WebAclAssociation\n properties:\n resourceArn: ${exampleStage.arn}\n webAclId: ${fooWebAcl.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import WAF Regional Web ACL Association using their `web_acl_id:resource_arn`. For example:\n\n```sh\n$ pulumi import aws:wafregional/webAclAssociation:WebAclAssociation foo web_acl_id:resource_arn\n```\n", "properties": { "resourceArn": { "type": "string", @@ -346013,7 +346013,7 @@ } }, "aws:workspaces/directory:Directory": { - "description": "Provides a WorkSpaces directory in AWS WorkSpaces Service.\n\n\u003e **NOTE:** AWS WorkSpaces service requires [`workspaces_DefaultRole`](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html#create-default-role) IAM role to operate normally.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleA = new aws.ec2.Subnet(\"example_a\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1a\",\n cidrBlock: \"10.0.0.0/24\",\n});\nconst exampleB = new aws.ec2.Subnet(\"example_b\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1b\",\n cidrBlock: \"10.0.1.0/24\",\n});\nconst exampleDirectory = new aws.directoryservice.Directory(\"example\", {\n name: \"corp.example.com\",\n password: \"#S1ncerely\",\n size: \"Small\",\n vpcSettings: {\n vpcId: exampleVpc.id,\n subnetIds: [\n exampleA.id,\n exampleB.id,\n ],\n },\n});\nconst exampleC = new aws.ec2.Subnet(\"example_c\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1c\",\n cidrBlock: \"10.0.2.0/24\",\n});\nconst exampleD = new aws.ec2.Subnet(\"example_d\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1d\",\n cidrBlock: \"10.0.3.0/24\",\n});\nconst example = new aws.workspaces.Directory(\"example\", {\n directoryId: exampleDirectory.id,\n subnetIds: [\n exampleC.id,\n exampleD.id,\n ],\n tags: {\n Example: \"true\",\n },\n selfServicePermissions: {\n changeComputeType: true,\n increaseVolumeSize: true,\n rebuildWorkspace: true,\n restartWorkspace: true,\n switchRunningMode: true,\n },\n workspaceAccessProperties: {\n deviceTypeAndroid: \"ALLOW\",\n deviceTypeChromeos: \"ALLOW\",\n deviceTypeIos: \"ALLOW\",\n deviceTypeLinux: \"DENY\",\n deviceTypeOsx: \"ALLOW\",\n deviceTypeWeb: \"DENY\",\n deviceTypeWindows: \"DENY\",\n deviceTypeZeroclient: \"DENY\",\n },\n workspaceCreationProperties: {\n customSecurityGroupId: exampleAwsSecurityGroup.id,\n defaultOu: \"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n enableInternetAccess: true,\n enableMaintenanceMode: true,\n userEnabledAsLocalAdministrator: true,\n },\n});\nconst workspaces = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"workspaces.amazonaws.com\"],\n }],\n }],\n});\nconst workspacesDefault = new aws.iam.Role(\"workspaces_default\", {\n name: \"workspaces_DefaultRole\",\n assumeRolePolicy: workspaces.then(workspaces =\u003e workspaces.json),\n});\nconst workspacesDefaultServiceAccess = new aws.iam.RolePolicyAttachment(\"workspaces_default_service_access\", {\n role: workspacesDefault.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\",\n});\nconst workspacesDefaultSelfServiceAccess = new aws.iam.RolePolicyAttachment(\"workspaces_default_self_service_access\", {\n role: workspacesDefault.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vpc = aws.ec2.Vpc(\"example\", cidr_block=\"10.0.0.0/16\")\nexample_a = aws.ec2.Subnet(\"example_a\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1a\",\n cidr_block=\"10.0.0.0/24\")\nexample_b = aws.ec2.Subnet(\"example_b\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1b\",\n cidr_block=\"10.0.1.0/24\")\nexample_directory = aws.directoryservice.Directory(\"example\",\n name=\"corp.example.com\",\n password=\"#S1ncerely\",\n size=\"Small\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=example_vpc.id,\n subnet_ids=[\n example_a.id,\n example_b.id,\n ],\n ))\nexample_c = aws.ec2.Subnet(\"example_c\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1c\",\n cidr_block=\"10.0.2.0/24\")\nexample_d = aws.ec2.Subnet(\"example_d\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1d\",\n cidr_block=\"10.0.3.0/24\")\nexample = aws.workspaces.Directory(\"example\",\n directory_id=example_directory.id,\n subnet_ids=[\n example_c.id,\n example_d.id,\n ],\n tags={\n \"Example\": \"true\",\n },\n self_service_permissions=aws.workspaces.DirectorySelfServicePermissionsArgs(\n change_compute_type=True,\n increase_volume_size=True,\n rebuild_workspace=True,\n restart_workspace=True,\n switch_running_mode=True,\n ),\n workspace_access_properties=aws.workspaces.DirectoryWorkspaceAccessPropertiesArgs(\n device_type_android=\"ALLOW\",\n device_type_chromeos=\"ALLOW\",\n device_type_ios=\"ALLOW\",\n device_type_linux=\"DENY\",\n device_type_osx=\"ALLOW\",\n device_type_web=\"DENY\",\n device_type_windows=\"DENY\",\n device_type_zeroclient=\"DENY\",\n ),\n workspace_creation_properties=aws.workspaces.DirectoryWorkspaceCreationPropertiesArgs(\n custom_security_group_id=example_aws_security_group[\"id\"],\n default_ou=\"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n enable_internet_access=True,\n enable_maintenance_mode=True,\n user_enabled_as_local_administrator=True,\n ))\nworkspaces = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"workspaces.amazonaws.com\"],\n )],\n)])\nworkspaces_default = aws.iam.Role(\"workspaces_default\",\n name=\"workspaces_DefaultRole\",\n assume_role_policy=workspaces.json)\nworkspaces_default_service_access = aws.iam.RolePolicyAttachment(\"workspaces_default_service_access\",\n role=workspaces_default.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\")\nworkspaces_default_self_service_access = aws.iam.RolePolicyAttachment(\"workspaces_default_self_service_access\",\n role=workspaces_default.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var exampleA = new Aws.Ec2.Subnet(\"example_a\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1a\",\n CidrBlock = \"10.0.0.0/24\",\n });\n\n var exampleB = new Aws.Ec2.Subnet(\"example_b\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1b\",\n CidrBlock = \"10.0.1.0/24\",\n });\n\n var exampleDirectory = new Aws.DirectoryService.Directory(\"example\", new()\n {\n Name = \"corp.example.com\",\n Password = \"#S1ncerely\",\n Size = \"Small\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = exampleVpc.Id,\n SubnetIds = new[]\n {\n exampleA.Id,\n exampleB.Id,\n },\n },\n });\n\n var exampleC = new Aws.Ec2.Subnet(\"example_c\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1c\",\n CidrBlock = \"10.0.2.0/24\",\n });\n\n var exampleD = new Aws.Ec2.Subnet(\"example_d\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1d\",\n CidrBlock = \"10.0.3.0/24\",\n });\n\n var example = new Aws.Workspaces.Directory(\"example\", new()\n {\n DirectoryId = exampleDirectory.Id,\n SubnetIds = new[]\n {\n exampleC.Id,\n exampleD.Id,\n },\n Tags = \n {\n { \"Example\", \"true\" },\n },\n SelfServicePermissions = new Aws.Workspaces.Inputs.DirectorySelfServicePermissionsArgs\n {\n ChangeComputeType = true,\n IncreaseVolumeSize = true,\n RebuildWorkspace = true,\n RestartWorkspace = true,\n SwitchRunningMode = true,\n },\n WorkspaceAccessProperties = new Aws.Workspaces.Inputs.DirectoryWorkspaceAccessPropertiesArgs\n {\n DeviceTypeAndroid = \"ALLOW\",\n DeviceTypeChromeos = \"ALLOW\",\n DeviceTypeIos = \"ALLOW\",\n DeviceTypeLinux = \"DENY\",\n DeviceTypeOsx = \"ALLOW\",\n DeviceTypeWeb = \"DENY\",\n DeviceTypeWindows = \"DENY\",\n DeviceTypeZeroclient = \"DENY\",\n },\n WorkspaceCreationProperties = new Aws.Workspaces.Inputs.DirectoryWorkspaceCreationPropertiesArgs\n {\n CustomSecurityGroupId = exampleAwsSecurityGroup.Id,\n DefaultOu = \"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n EnableInternetAccess = true,\n EnableMaintenanceMode = true,\n UserEnabledAsLocalAdministrator = true,\n },\n });\n\n var workspaces = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"workspaces.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var workspacesDefault = new Aws.Iam.Role(\"workspaces_default\", new()\n {\n Name = \"workspaces_DefaultRole\",\n AssumeRolePolicy = workspaces.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var workspacesDefaultServiceAccess = new Aws.Iam.RolePolicyAttachment(\"workspaces_default_service_access\", new()\n {\n Role = workspacesDefault.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\",\n });\n\n var workspacesDefaultSelfServiceAccess = new Aws.Iam.RolePolicyAttachment(\"workspaces_default_self_service_access\", new()\n {\n Role = workspacesDefault.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleA, err := ec2.NewSubnet(ctx, \"example_a\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1a\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleB, err := ec2.NewSubnet(ctx, \"example_b\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectory, err := directoryservice.NewDirectory(ctx, \"example\", \u0026directoryservice.DirectoryArgs{\n\t\t\tName: pulumi.String(\"corp.example.com\"),\n\t\t\tPassword: pulumi.String(\"#S1ncerely\"),\n\t\t\tSize: pulumi.String(\"Small\"),\n\t\t\tVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\n\t\t\t\tVpcId: exampleVpc.ID(),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleA.ID(),\n\t\t\t\t\texampleB.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleC, err := ec2.NewSubnet(ctx, \"example_c\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1c\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleD, err := ec2.NewSubnet(ctx, \"example_d\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1d\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.3.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewDirectory(ctx, \"example\", \u0026workspaces.DirectoryArgs{\n\t\t\tDirectoryId: exampleDirectory.ID(),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleC.ID(),\n\t\t\t\texampleD.ID(),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Example\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tSelfServicePermissions: \u0026workspaces.DirectorySelfServicePermissionsArgs{\n\t\t\t\tChangeComputeType: pulumi.Bool(true),\n\t\t\t\tIncreaseVolumeSize: pulumi.Bool(true),\n\t\t\t\tRebuildWorkspace: pulumi.Bool(true),\n\t\t\t\tRestartWorkspace: pulumi.Bool(true),\n\t\t\t\tSwitchRunningMode: pulumi.Bool(true),\n\t\t\t},\n\t\t\tWorkspaceAccessProperties: \u0026workspaces.DirectoryWorkspaceAccessPropertiesArgs{\n\t\t\t\tDeviceTypeAndroid: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeChromeos: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeIos: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeLinux: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeOsx: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeWeb: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeWindows: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeZeroclient: pulumi.String(\"DENY\"),\n\t\t\t},\n\t\t\tWorkspaceCreationProperties: \u0026workspaces.DirectoryWorkspaceCreationPropertiesArgs{\n\t\t\t\tCustomSecurityGroupId: pulumi.Any(exampleAwsSecurityGroup.Id),\n\t\t\t\tDefaultOu: pulumi.String(\"OU=AWS,DC=Workgroup,DC=Example,DC=com\"),\n\t\t\t\tEnableInternetAccess: pulumi.Bool(true),\n\t\t\t\tEnableMaintenanceMode: pulumi.Bool(true),\n\t\t\t\tUserEnabledAsLocalAdministrator: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspaces, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"workspaces.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspacesDefault, err := iam.NewRole(ctx, \"workspaces_default\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"workspaces_DefaultRole\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(workspaces.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"workspaces_default_service_access\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: workspacesDefault.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"workspaces_default_self_service_access\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: workspacesDefault.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.workspaces.Directory;\nimport com.pulumi.aws.workspaces.DirectoryArgs;\nimport com.pulumi.aws.workspaces.inputs.DirectorySelfServicePermissionsArgs;\nimport com.pulumi.aws.workspaces.inputs.DirectoryWorkspaceAccessPropertiesArgs;\nimport com.pulumi.aws.workspaces.inputs.DirectoryWorkspaceCreationPropertiesArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var exampleA = new Subnet(\"exampleA\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1a\")\n .cidrBlock(\"10.0.0.0/24\")\n .build());\n\n var exampleB = new Subnet(\"exampleB\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1b\")\n .cidrBlock(\"10.0.1.0/24\")\n .build());\n\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder() \n .name(\"corp.example.com\")\n .password(\"#S1ncerely\")\n .size(\"Small\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(exampleVpc.id())\n .subnetIds( \n exampleA.id(),\n exampleB.id())\n .build())\n .build());\n\n var exampleC = new Subnet(\"exampleC\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1c\")\n .cidrBlock(\"10.0.2.0/24\")\n .build());\n\n var exampleD = new Subnet(\"exampleD\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1d\")\n .cidrBlock(\"10.0.3.0/24\")\n .build());\n\n var example = new Directory(\"example\", DirectoryArgs.builder() \n .directoryId(exampleDirectory.id())\n .subnetIds( \n exampleC.id(),\n exampleD.id())\n .tags(Map.of(\"Example\", true))\n .selfServicePermissions(DirectorySelfServicePermissionsArgs.builder()\n .changeComputeType(true)\n .increaseVolumeSize(true)\n .rebuildWorkspace(true)\n .restartWorkspace(true)\n .switchRunningMode(true)\n .build())\n .workspaceAccessProperties(DirectoryWorkspaceAccessPropertiesArgs.builder()\n .deviceTypeAndroid(\"ALLOW\")\n .deviceTypeChromeos(\"ALLOW\")\n .deviceTypeIos(\"ALLOW\")\n .deviceTypeLinux(\"DENY\")\n .deviceTypeOsx(\"ALLOW\")\n .deviceTypeWeb(\"DENY\")\n .deviceTypeWindows(\"DENY\")\n .deviceTypeZeroclient(\"DENY\")\n .build())\n .workspaceCreationProperties(DirectoryWorkspaceCreationPropertiesArgs.builder()\n .customSecurityGroupId(exampleAwsSecurityGroup.id())\n .defaultOu(\"OU=AWS,DC=Workgroup,DC=Example,DC=com\")\n .enableInternetAccess(true)\n .enableMaintenanceMode(true)\n .userEnabledAsLocalAdministrator(true)\n .build())\n .build());\n\n final var workspaces = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"workspaces.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var workspacesDefault = new Role(\"workspacesDefault\", RoleArgs.builder() \n .name(\"workspaces_DefaultRole\")\n .assumeRolePolicy(workspaces.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var workspacesDefaultServiceAccess = new RolePolicyAttachment(\"workspacesDefaultServiceAccess\", RolePolicyAttachmentArgs.builder() \n .role(workspacesDefault.name())\n .policyArn(\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\")\n .build());\n\n var workspacesDefaultSelfServiceAccess = new RolePolicyAttachment(\"workspacesDefaultSelfServiceAccess\", RolePolicyAttachmentArgs.builder() \n .role(workspacesDefault.name())\n .policyArn(\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:workspaces:Directory\n properties:\n directoryId: ${exampleDirectory.id}\n subnetIds:\n - ${exampleC.id}\n - ${exampleD.id}\n tags:\n Example: true\n selfServicePermissions:\n changeComputeType: true\n increaseVolumeSize: true\n rebuildWorkspace: true\n restartWorkspace: true\n switchRunningMode: true\n workspaceAccessProperties:\n deviceTypeAndroid: ALLOW\n deviceTypeChromeos: ALLOW\n deviceTypeIos: ALLOW\n deviceTypeLinux: DENY\n deviceTypeOsx: ALLOW\n deviceTypeWeb: DENY\n deviceTypeWindows: DENY\n deviceTypeZeroclient: DENY\n workspaceCreationProperties:\n customSecurityGroupId: ${exampleAwsSecurityGroup.id}\n defaultOu: OU=AWS,DC=Workgroup,DC=Example,DC=com\n enableInternetAccess: true\n enableMaintenanceMode: true\n userEnabledAsLocalAdministrator: true\n exampleDirectory:\n type: aws:directoryservice:Directory\n name: example\n properties:\n name: corp.example.com\n password: '#S1ncerely'\n size: Small\n vpcSettings:\n vpcId: ${exampleVpc.id}\n subnetIds:\n - ${exampleA.id}\n - ${exampleB.id}\n workspacesDefault:\n type: aws:iam:Role\n name: workspaces_default\n properties:\n name: workspaces_DefaultRole\n assumeRolePolicy: ${workspaces.json}\n workspacesDefaultServiceAccess:\n type: aws:iam:RolePolicyAttachment\n name: workspaces_default_service_access\n properties:\n role: ${workspacesDefault.name}\n policyArn: arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\n workspacesDefaultSelfServiceAccess:\n type: aws:iam:RolePolicyAttachment\n name: workspaces_default_self_service_access\n properties:\n role: ${workspacesDefault.name}\n policyArn: arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\n exampleVpc:\n type: aws:ec2:Vpc\n name: example\n properties:\n cidrBlock: 10.0.0.0/16\n exampleA:\n type: aws:ec2:Subnet\n name: example_a\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1a\n cidrBlock: 10.0.0.0/24\n exampleB:\n type: aws:ec2:Subnet\n name: example_b\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1b\n cidrBlock: 10.0.1.0/24\n exampleC:\n type: aws:ec2:Subnet\n name: example_c\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1c\n cidrBlock: 10.0.2.0/24\n exampleD:\n type: aws:ec2:Subnet\n name: example_d\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1d\n cidrBlock: 10.0.3.0/24\nvariables:\n workspaces:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - workspaces.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### IP Groups\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleIpGroup = new aws.workspaces.IpGroup(\"example\", {name: \"example\"});\nconst example = new aws.workspaces.Directory(\"example\", {\n directoryId: exampleAwsDirectoryServiceDirectory.id,\n ipGroupIds: [exampleIpGroup.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_ip_group = aws.workspaces.IpGroup(\"example\", name=\"example\")\nexample = aws.workspaces.Directory(\"example\",\n directory_id=example_aws_directory_service_directory[\"id\"],\n ip_group_ids=[example_ip_group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleIpGroup = new Aws.Workspaces.IpGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = new Aws.Workspaces.Directory(\"example\", new()\n {\n DirectoryId = exampleAwsDirectoryServiceDirectory.Id,\n IpGroupIds = new[]\n {\n exampleIpGroup.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleIpGroup, err := workspaces.NewIpGroup(ctx, \"example\", \u0026workspaces.IpGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewDirectory(ctx, \"example\", \u0026workspaces.DirectoryArgs{\n\t\t\tDirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),\n\t\t\tIpGroupIds: pulumi.StringArray{\n\t\t\t\texampleIpGroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.workspaces.IpGroup;\nimport com.pulumi.aws.workspaces.IpGroupArgs;\nimport com.pulumi.aws.workspaces.Directory;\nimport com.pulumi.aws.workspaces.DirectoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleIpGroup = new IpGroup(\"exampleIpGroup\", IpGroupArgs.builder() \n .name(\"example\")\n .build());\n\n var example = new Directory(\"example\", DirectoryArgs.builder() \n .directoryId(exampleAwsDirectoryServiceDirectory.id())\n .ipGroupIds(exampleIpGroup.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:workspaces:Directory\n properties:\n directoryId: ${exampleAwsDirectoryServiceDirectory.id}\n ipGroupIds:\n - ${exampleIpGroup.id}\n exampleIpGroup:\n type: aws:workspaces:IpGroup\n name: example\n properties:\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Workspaces directory using the directory ID. For example:\n\n```sh\n$ pulumi import aws:workspaces/directory:Directory main d-4444444444\n```\n", + "description": "Provides a WorkSpaces directory in AWS WorkSpaces Service.\n\n\u003e **NOTE:** AWS WorkSpaces service requires [`workspaces_DefaultRole`](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html#create-default-role) IAM role to operate normally.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleA = new aws.ec2.Subnet(\"example_a\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1a\",\n cidrBlock: \"10.0.0.0/24\",\n});\nconst exampleB = new aws.ec2.Subnet(\"example_b\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1b\",\n cidrBlock: \"10.0.1.0/24\",\n});\nconst exampleDirectory = new aws.directoryservice.Directory(\"example\", {\n name: \"corp.example.com\",\n password: \"#S1ncerely\",\n size: \"Small\",\n vpcSettings: {\n vpcId: exampleVpc.id,\n subnetIds: [\n exampleA.id,\n exampleB.id,\n ],\n },\n});\nconst exampleC = new aws.ec2.Subnet(\"example_c\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1c\",\n cidrBlock: \"10.0.2.0/24\",\n});\nconst exampleD = new aws.ec2.Subnet(\"example_d\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1d\",\n cidrBlock: \"10.0.3.0/24\",\n});\nconst example = new aws.workspaces.Directory(\"example\", {\n directoryId: exampleDirectory.id,\n subnetIds: [\n exampleC.id,\n exampleD.id,\n ],\n tags: {\n Example: \"true\",\n },\n selfServicePermissions: {\n changeComputeType: true,\n increaseVolumeSize: true,\n rebuildWorkspace: true,\n restartWorkspace: true,\n switchRunningMode: true,\n },\n workspaceAccessProperties: {\n deviceTypeAndroid: \"ALLOW\",\n deviceTypeChromeos: \"ALLOW\",\n deviceTypeIos: \"ALLOW\",\n deviceTypeLinux: \"DENY\",\n deviceTypeOsx: \"ALLOW\",\n deviceTypeWeb: \"DENY\",\n deviceTypeWindows: \"DENY\",\n deviceTypeZeroclient: \"DENY\",\n },\n workspaceCreationProperties: {\n customSecurityGroupId: exampleAwsSecurityGroup.id,\n defaultOu: \"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n enableInternetAccess: true,\n enableMaintenanceMode: true,\n userEnabledAsLocalAdministrator: true,\n },\n});\nconst workspaces = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"workspaces.amazonaws.com\"],\n }],\n }],\n});\nconst workspacesDefault = new aws.iam.Role(\"workspaces_default\", {\n name: \"workspaces_DefaultRole\",\n assumeRolePolicy: workspaces.then(workspaces =\u003e workspaces.json),\n});\nconst workspacesDefaultServiceAccess = new aws.iam.RolePolicyAttachment(\"workspaces_default_service_access\", {\n role: workspacesDefault.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\",\n});\nconst workspacesDefaultSelfServiceAccess = new aws.iam.RolePolicyAttachment(\"workspaces_default_self_service_access\", {\n role: workspacesDefault.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vpc = aws.ec2.Vpc(\"example\", cidr_block=\"10.0.0.0/16\")\nexample_a = aws.ec2.Subnet(\"example_a\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1a\",\n cidr_block=\"10.0.0.0/24\")\nexample_b = aws.ec2.Subnet(\"example_b\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1b\",\n cidr_block=\"10.0.1.0/24\")\nexample_directory = aws.directoryservice.Directory(\"example\",\n name=\"corp.example.com\",\n password=\"#S1ncerely\",\n size=\"Small\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=example_vpc.id,\n subnet_ids=[\n example_a.id,\n example_b.id,\n ],\n ))\nexample_c = aws.ec2.Subnet(\"example_c\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1c\",\n cidr_block=\"10.0.2.0/24\")\nexample_d = aws.ec2.Subnet(\"example_d\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1d\",\n cidr_block=\"10.0.3.0/24\")\nexample = aws.workspaces.Directory(\"example\",\n directory_id=example_directory.id,\n subnet_ids=[\n example_c.id,\n example_d.id,\n ],\n tags={\n \"Example\": \"true\",\n },\n self_service_permissions=aws.workspaces.DirectorySelfServicePermissionsArgs(\n change_compute_type=True,\n increase_volume_size=True,\n rebuild_workspace=True,\n restart_workspace=True,\n switch_running_mode=True,\n ),\n workspace_access_properties=aws.workspaces.DirectoryWorkspaceAccessPropertiesArgs(\n device_type_android=\"ALLOW\",\n device_type_chromeos=\"ALLOW\",\n device_type_ios=\"ALLOW\",\n device_type_linux=\"DENY\",\n device_type_osx=\"ALLOW\",\n device_type_web=\"DENY\",\n device_type_windows=\"DENY\",\n device_type_zeroclient=\"DENY\",\n ),\n workspace_creation_properties=aws.workspaces.DirectoryWorkspaceCreationPropertiesArgs(\n custom_security_group_id=example_aws_security_group[\"id\"],\n default_ou=\"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n enable_internet_access=True,\n enable_maintenance_mode=True,\n user_enabled_as_local_administrator=True,\n ))\nworkspaces = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"workspaces.amazonaws.com\"],\n )],\n)])\nworkspaces_default = aws.iam.Role(\"workspaces_default\",\n name=\"workspaces_DefaultRole\",\n assume_role_policy=workspaces.json)\nworkspaces_default_service_access = aws.iam.RolePolicyAttachment(\"workspaces_default_service_access\",\n role=workspaces_default.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\")\nworkspaces_default_self_service_access = aws.iam.RolePolicyAttachment(\"workspaces_default_self_service_access\",\n role=workspaces_default.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var exampleA = new Aws.Ec2.Subnet(\"example_a\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1a\",\n CidrBlock = \"10.0.0.0/24\",\n });\n\n var exampleB = new Aws.Ec2.Subnet(\"example_b\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1b\",\n CidrBlock = \"10.0.1.0/24\",\n });\n\n var exampleDirectory = new Aws.DirectoryService.Directory(\"example\", new()\n {\n Name = \"corp.example.com\",\n Password = \"#S1ncerely\",\n Size = \"Small\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = exampleVpc.Id,\n SubnetIds = new[]\n {\n exampleA.Id,\n exampleB.Id,\n },\n },\n });\n\n var exampleC = new Aws.Ec2.Subnet(\"example_c\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1c\",\n CidrBlock = \"10.0.2.0/24\",\n });\n\n var exampleD = new Aws.Ec2.Subnet(\"example_d\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1d\",\n CidrBlock = \"10.0.3.0/24\",\n });\n\n var example = new Aws.Workspaces.Directory(\"example\", new()\n {\n DirectoryId = exampleDirectory.Id,\n SubnetIds = new[]\n {\n exampleC.Id,\n exampleD.Id,\n },\n Tags = \n {\n { \"Example\", \"true\" },\n },\n SelfServicePermissions = new Aws.Workspaces.Inputs.DirectorySelfServicePermissionsArgs\n {\n ChangeComputeType = true,\n IncreaseVolumeSize = true,\n RebuildWorkspace = true,\n RestartWorkspace = true,\n SwitchRunningMode = true,\n },\n WorkspaceAccessProperties = new Aws.Workspaces.Inputs.DirectoryWorkspaceAccessPropertiesArgs\n {\n DeviceTypeAndroid = \"ALLOW\",\n DeviceTypeChromeos = \"ALLOW\",\n DeviceTypeIos = \"ALLOW\",\n DeviceTypeLinux = \"DENY\",\n DeviceTypeOsx = \"ALLOW\",\n DeviceTypeWeb = \"DENY\",\n DeviceTypeWindows = \"DENY\",\n DeviceTypeZeroclient = \"DENY\",\n },\n WorkspaceCreationProperties = new Aws.Workspaces.Inputs.DirectoryWorkspaceCreationPropertiesArgs\n {\n CustomSecurityGroupId = exampleAwsSecurityGroup.Id,\n DefaultOu = \"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n EnableInternetAccess = true,\n EnableMaintenanceMode = true,\n UserEnabledAsLocalAdministrator = true,\n },\n });\n\n var workspaces = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"workspaces.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var workspacesDefault = new Aws.Iam.Role(\"workspaces_default\", new()\n {\n Name = \"workspaces_DefaultRole\",\n AssumeRolePolicy = workspaces.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var workspacesDefaultServiceAccess = new Aws.Iam.RolePolicyAttachment(\"workspaces_default_service_access\", new()\n {\n Role = workspacesDefault.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\",\n });\n\n var workspacesDefaultSelfServiceAccess = new Aws.Iam.RolePolicyAttachment(\"workspaces_default_self_service_access\", new()\n {\n Role = workspacesDefault.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleA, err := ec2.NewSubnet(ctx, \"example_a\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1a\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleB, err := ec2.NewSubnet(ctx, \"example_b\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectory, err := directoryservice.NewDirectory(ctx, \"example\", \u0026directoryservice.DirectoryArgs{\n\t\t\tName: pulumi.String(\"corp.example.com\"),\n\t\t\tPassword: pulumi.String(\"#S1ncerely\"),\n\t\t\tSize: pulumi.String(\"Small\"),\n\t\t\tVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\n\t\t\t\tVpcId: exampleVpc.ID(),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleA.ID(),\n\t\t\t\t\texampleB.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleC, err := ec2.NewSubnet(ctx, \"example_c\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1c\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleD, err := ec2.NewSubnet(ctx, \"example_d\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1d\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.3.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewDirectory(ctx, \"example\", \u0026workspaces.DirectoryArgs{\n\t\t\tDirectoryId: exampleDirectory.ID(),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleC.ID(),\n\t\t\t\texampleD.ID(),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Example\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tSelfServicePermissions: \u0026workspaces.DirectorySelfServicePermissionsArgs{\n\t\t\t\tChangeComputeType: pulumi.Bool(true),\n\t\t\t\tIncreaseVolumeSize: pulumi.Bool(true),\n\t\t\t\tRebuildWorkspace: pulumi.Bool(true),\n\t\t\t\tRestartWorkspace: pulumi.Bool(true),\n\t\t\t\tSwitchRunningMode: pulumi.Bool(true),\n\t\t\t},\n\t\t\tWorkspaceAccessProperties: \u0026workspaces.DirectoryWorkspaceAccessPropertiesArgs{\n\t\t\t\tDeviceTypeAndroid: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeChromeos: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeIos: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeLinux: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeOsx: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeWeb: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeWindows: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeZeroclient: pulumi.String(\"DENY\"),\n\t\t\t},\n\t\t\tWorkspaceCreationProperties: \u0026workspaces.DirectoryWorkspaceCreationPropertiesArgs{\n\t\t\t\tCustomSecurityGroupId: pulumi.Any(exampleAwsSecurityGroup.Id),\n\t\t\t\tDefaultOu: pulumi.String(\"OU=AWS,DC=Workgroup,DC=Example,DC=com\"),\n\t\t\t\tEnableInternetAccess: pulumi.Bool(true),\n\t\t\t\tEnableMaintenanceMode: pulumi.Bool(true),\n\t\t\t\tUserEnabledAsLocalAdministrator: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspaces, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"workspaces.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspacesDefault, err := iam.NewRole(ctx, \"workspaces_default\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"workspaces_DefaultRole\"),\n\t\t\tAssumeRolePolicy: pulumi.String(workspaces.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"workspaces_default_service_access\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: workspacesDefault.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"workspaces_default_self_service_access\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: workspacesDefault.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.workspaces.Directory;\nimport com.pulumi.aws.workspaces.DirectoryArgs;\nimport com.pulumi.aws.workspaces.inputs.DirectorySelfServicePermissionsArgs;\nimport com.pulumi.aws.workspaces.inputs.DirectoryWorkspaceAccessPropertiesArgs;\nimport com.pulumi.aws.workspaces.inputs.DirectoryWorkspaceCreationPropertiesArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var exampleA = new Subnet(\"exampleA\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1a\")\n .cidrBlock(\"10.0.0.0/24\")\n .build());\n\n var exampleB = new Subnet(\"exampleB\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1b\")\n .cidrBlock(\"10.0.1.0/24\")\n .build());\n\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder() \n .name(\"corp.example.com\")\n .password(\"#S1ncerely\")\n .size(\"Small\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(exampleVpc.id())\n .subnetIds( \n exampleA.id(),\n exampleB.id())\n .build())\n .build());\n\n var exampleC = new Subnet(\"exampleC\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1c\")\n .cidrBlock(\"10.0.2.0/24\")\n .build());\n\n var exampleD = new Subnet(\"exampleD\", SubnetArgs.builder() \n .vpcId(exampleVpc.id())\n .availabilityZone(\"us-east-1d\")\n .cidrBlock(\"10.0.3.0/24\")\n .build());\n\n var example = new Directory(\"example\", DirectoryArgs.builder() \n .directoryId(exampleDirectory.id())\n .subnetIds( \n exampleC.id(),\n exampleD.id())\n .tags(Map.of(\"Example\", true))\n .selfServicePermissions(DirectorySelfServicePermissionsArgs.builder()\n .changeComputeType(true)\n .increaseVolumeSize(true)\n .rebuildWorkspace(true)\n .restartWorkspace(true)\n .switchRunningMode(true)\n .build())\n .workspaceAccessProperties(DirectoryWorkspaceAccessPropertiesArgs.builder()\n .deviceTypeAndroid(\"ALLOW\")\n .deviceTypeChromeos(\"ALLOW\")\n .deviceTypeIos(\"ALLOW\")\n .deviceTypeLinux(\"DENY\")\n .deviceTypeOsx(\"ALLOW\")\n .deviceTypeWeb(\"DENY\")\n .deviceTypeWindows(\"DENY\")\n .deviceTypeZeroclient(\"DENY\")\n .build())\n .workspaceCreationProperties(DirectoryWorkspaceCreationPropertiesArgs.builder()\n .customSecurityGroupId(exampleAwsSecurityGroup.id())\n .defaultOu(\"OU=AWS,DC=Workgroup,DC=Example,DC=com\")\n .enableInternetAccess(true)\n .enableMaintenanceMode(true)\n .userEnabledAsLocalAdministrator(true)\n .build())\n .build());\n\n final var workspaces = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"workspaces.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var workspacesDefault = new Role(\"workspacesDefault\", RoleArgs.builder() \n .name(\"workspaces_DefaultRole\")\n .assumeRolePolicy(workspaces.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var workspacesDefaultServiceAccess = new RolePolicyAttachment(\"workspacesDefaultServiceAccess\", RolePolicyAttachmentArgs.builder() \n .role(workspacesDefault.name())\n .policyArn(\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\")\n .build());\n\n var workspacesDefaultSelfServiceAccess = new RolePolicyAttachment(\"workspacesDefaultSelfServiceAccess\", RolePolicyAttachmentArgs.builder() \n .role(workspacesDefault.name())\n .policyArn(\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:workspaces:Directory\n properties:\n directoryId: ${exampleDirectory.id}\n subnetIds:\n - ${exampleC.id}\n - ${exampleD.id}\n tags:\n Example: true\n selfServicePermissions:\n changeComputeType: true\n increaseVolumeSize: true\n rebuildWorkspace: true\n restartWorkspace: true\n switchRunningMode: true\n workspaceAccessProperties:\n deviceTypeAndroid: ALLOW\n deviceTypeChromeos: ALLOW\n deviceTypeIos: ALLOW\n deviceTypeLinux: DENY\n deviceTypeOsx: ALLOW\n deviceTypeWeb: DENY\n deviceTypeWindows: DENY\n deviceTypeZeroclient: DENY\n workspaceCreationProperties:\n customSecurityGroupId: ${exampleAwsSecurityGroup.id}\n defaultOu: OU=AWS,DC=Workgroup,DC=Example,DC=com\n enableInternetAccess: true\n enableMaintenanceMode: true\n userEnabledAsLocalAdministrator: true\n exampleDirectory:\n type: aws:directoryservice:Directory\n name: example\n properties:\n name: corp.example.com\n password: '#S1ncerely'\n size: Small\n vpcSettings:\n vpcId: ${exampleVpc.id}\n subnetIds:\n - ${exampleA.id}\n - ${exampleB.id}\n workspacesDefault:\n type: aws:iam:Role\n name: workspaces_default\n properties:\n name: workspaces_DefaultRole\n assumeRolePolicy: ${workspaces.json}\n workspacesDefaultServiceAccess:\n type: aws:iam:RolePolicyAttachment\n name: workspaces_default_service_access\n properties:\n role: ${workspacesDefault.name}\n policyArn: arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\n workspacesDefaultSelfServiceAccess:\n type: aws:iam:RolePolicyAttachment\n name: workspaces_default_self_service_access\n properties:\n role: ${workspacesDefault.name}\n policyArn: arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\n exampleVpc:\n type: aws:ec2:Vpc\n name: example\n properties:\n cidrBlock: 10.0.0.0/16\n exampleA:\n type: aws:ec2:Subnet\n name: example_a\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1a\n cidrBlock: 10.0.0.0/24\n exampleB:\n type: aws:ec2:Subnet\n name: example_b\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1b\n cidrBlock: 10.0.1.0/24\n exampleC:\n type: aws:ec2:Subnet\n name: example_c\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1c\n cidrBlock: 10.0.2.0/24\n exampleD:\n type: aws:ec2:Subnet\n name: example_d\n properties:\n vpcId: ${exampleVpc.id}\n availabilityZone: us-east-1d\n cidrBlock: 10.0.3.0/24\nvariables:\n workspaces:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - workspaces.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### IP Groups\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleIpGroup = new aws.workspaces.IpGroup(\"example\", {name: \"example\"});\nconst example = new aws.workspaces.Directory(\"example\", {\n directoryId: exampleAwsDirectoryServiceDirectory.id,\n ipGroupIds: [exampleIpGroup.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_ip_group = aws.workspaces.IpGroup(\"example\", name=\"example\")\nexample = aws.workspaces.Directory(\"example\",\n directory_id=example_aws_directory_service_directory[\"id\"],\n ip_group_ids=[example_ip_group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleIpGroup = new Aws.Workspaces.IpGroup(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = new Aws.Workspaces.Directory(\"example\", new()\n {\n DirectoryId = exampleAwsDirectoryServiceDirectory.Id,\n IpGroupIds = new[]\n {\n exampleIpGroup.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleIpGroup, err := workspaces.NewIpGroup(ctx, \"example\", \u0026workspaces.IpGroupArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewDirectory(ctx, \"example\", \u0026workspaces.DirectoryArgs{\n\t\t\tDirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),\n\t\t\tIpGroupIds: pulumi.StringArray{\n\t\t\t\texampleIpGroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.workspaces.IpGroup;\nimport com.pulumi.aws.workspaces.IpGroupArgs;\nimport com.pulumi.aws.workspaces.Directory;\nimport com.pulumi.aws.workspaces.DirectoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleIpGroup = new IpGroup(\"exampleIpGroup\", IpGroupArgs.builder() \n .name(\"example\")\n .build());\n\n var example = new Directory(\"example\", DirectoryArgs.builder() \n .directoryId(exampleAwsDirectoryServiceDirectory.id())\n .ipGroupIds(exampleIpGroup.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:workspaces:Directory\n properties:\n directoryId: ${exampleAwsDirectoryServiceDirectory.id}\n ipGroupIds:\n - ${exampleIpGroup.id}\n exampleIpGroup:\n type: aws:workspaces:IpGroup\n name: example\n properties:\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Workspaces directory using the directory ID. For example:\n\n```sh\n$ pulumi import aws:workspaces/directory:Directory main d-4444444444\n```\n", "properties": { "alias": { "type": "string", @@ -346350,7 +346350,7 @@ } }, "aws:workspaces/workspace:Workspace": { - "description": "Provides a workspace in [AWS Workspaces](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces.html) Service\n\n\u003e **NOTE:** AWS WorkSpaces service requires [`workspaces_DefaultRole`](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html#create-default-role) IAM role to operate normally.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst valueWindows10 = aws.workspaces.getBundle({\n bundleId: \"wsb-bh8rsxt14\",\n});\nconst workspaces = aws.kms.getKey({\n keyId: \"alias/aws/workspaces\",\n});\nconst example = new aws.workspaces.Workspace(\"example\", {\n directoryId: exampleAwsWorkspacesDirectory.id,\n bundleId: valueWindows10.then(valueWindows10 =\u003e valueWindows10.id),\n userName: \"john.doe\",\n rootVolumeEncryptionEnabled: true,\n userVolumeEncryptionEnabled: true,\n volumeEncryptionKey: workspaces.then(workspaces =\u003e workspaces.arn),\n workspaceProperties: {\n computeTypeName: \"VALUE\",\n userVolumeSizeGib: 10,\n rootVolumeSizeGib: 80,\n runningMode: \"AUTO_STOP\",\n runningModeAutoStopTimeoutInMinutes: 60,\n },\n tags: {\n Department: \"IT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvalue_windows10 = aws.workspaces.get_bundle(bundle_id=\"wsb-bh8rsxt14\")\nworkspaces = aws.kms.get_key(key_id=\"alias/aws/workspaces\")\nexample = aws.workspaces.Workspace(\"example\",\n directory_id=example_aws_workspaces_directory[\"id\"],\n bundle_id=value_windows10.id,\n user_name=\"john.doe\",\n root_volume_encryption_enabled=True,\n user_volume_encryption_enabled=True,\n volume_encryption_key=workspaces.arn,\n workspace_properties=aws.workspaces.WorkspaceWorkspacePropertiesArgs(\n compute_type_name=\"VALUE\",\n user_volume_size_gib=10,\n root_volume_size_gib=80,\n running_mode=\"AUTO_STOP\",\n running_mode_auto_stop_timeout_in_minutes=60,\n ),\n tags={\n \"Department\": \"IT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var valueWindows10 = Aws.Workspaces.GetBundle.Invoke(new()\n {\n BundleId = \"wsb-bh8rsxt14\",\n });\n\n var workspaces = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"alias/aws/workspaces\",\n });\n\n var example = new Aws.Workspaces.Workspace(\"example\", new()\n {\n DirectoryId = exampleAwsWorkspacesDirectory.Id,\n BundleId = valueWindows10.Apply(getBundleResult =\u003e getBundleResult.Id),\n UserName = \"john.doe\",\n RootVolumeEncryptionEnabled = true,\n UserVolumeEncryptionEnabled = true,\n VolumeEncryptionKey = workspaces.Apply(getKeyResult =\u003e getKeyResult.Arn),\n WorkspaceProperties = new Aws.Workspaces.Inputs.WorkspaceWorkspacePropertiesArgs\n {\n ComputeTypeName = \"VALUE\",\n UserVolumeSizeGib = 10,\n RootVolumeSizeGib = 80,\n RunningMode = \"AUTO_STOP\",\n RunningModeAutoStopTimeoutInMinutes = 60,\n },\n Tags = \n {\n { \"Department\", \"IT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvalueWindows10, err := workspaces.GetBundle(ctx, \u0026workspaces.GetBundleArgs{\n\t\t\tBundleId: pulumi.StringRef(\"wsb-bh8rsxt14\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspaces, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"alias/aws/workspaces\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewWorkspace(ctx, \"example\", \u0026workspaces.WorkspaceArgs{\n\t\t\tDirectoryId: pulumi.Any(exampleAwsWorkspacesDirectory.Id),\n\t\t\tBundleId: *pulumi.String(valueWindows10.Id),\n\t\t\tUserName: pulumi.String(\"john.doe\"),\n\t\t\tRootVolumeEncryptionEnabled: pulumi.Bool(true),\n\t\t\tUserVolumeEncryptionEnabled: pulumi.Bool(true),\n\t\t\tVolumeEncryptionKey: *pulumi.String(workspaces.Arn),\n\t\t\tWorkspaceProperties: \u0026workspaces.WorkspaceWorkspacePropertiesArgs{\n\t\t\t\tComputeTypeName: pulumi.String(\"VALUE\"),\n\t\t\t\tUserVolumeSizeGib: pulumi.Int(10),\n\t\t\t\tRootVolumeSizeGib: pulumi.Int(80),\n\t\t\t\tRunningMode: pulumi.String(\"AUTO_STOP\"),\n\t\t\t\tRunningModeAutoStopTimeoutInMinutes: pulumi.Int(60),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Department\": pulumi.String(\"IT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.workspaces.WorkspacesFunctions;\nimport com.pulumi.aws.workspaces.inputs.GetBundleArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.workspaces.Workspace;\nimport com.pulumi.aws.workspaces.WorkspaceArgs;\nimport com.pulumi.aws.workspaces.inputs.WorkspaceWorkspacePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var valueWindows10 = WorkspacesFunctions.getBundle(GetBundleArgs.builder()\n .bundleId(\"wsb-bh8rsxt14\")\n .build());\n\n final var workspaces = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"alias/aws/workspaces\")\n .build());\n\n var example = new Workspace(\"example\", WorkspaceArgs.builder() \n .directoryId(exampleAwsWorkspacesDirectory.id())\n .bundleId(valueWindows10.applyValue(getBundleResult -\u003e getBundleResult.id()))\n .userName(\"john.doe\")\n .rootVolumeEncryptionEnabled(true)\n .userVolumeEncryptionEnabled(true)\n .volumeEncryptionKey(workspaces.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .workspaceProperties(WorkspaceWorkspacePropertiesArgs.builder()\n .computeTypeName(\"VALUE\")\n .userVolumeSizeGib(10)\n .rootVolumeSizeGib(80)\n .runningMode(\"AUTO_STOP\")\n .runningModeAutoStopTimeoutInMinutes(60)\n .build())\n .tags(Map.of(\"Department\", \"IT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:workspaces:Workspace\n properties:\n directoryId: ${exampleAwsWorkspacesDirectory.id}\n bundleId: ${valueWindows10.id}\n userName: john.doe\n rootVolumeEncryptionEnabled: true\n userVolumeEncryptionEnabled: true\n volumeEncryptionKey: ${workspaces.arn}\n workspaceProperties:\n computeTypeName: VALUE\n userVolumeSizeGib: 10\n rootVolumeSizeGib: 80\n runningMode: AUTO_STOP\n runningModeAutoStopTimeoutInMinutes: 60\n tags:\n Department: IT\nvariables:\n valueWindows10:\n fn::invoke:\n Function: aws:workspaces:getBundle\n Arguments:\n bundleId: wsb-bh8rsxt14\n workspaces:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: alias/aws/workspaces\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Workspaces using their ID. For example:\n\n```sh\n$ pulumi import aws:workspaces/workspace:Workspace example ws-9z9zmbkhv\n```\n", + "description": "Provides a workspace in [AWS Workspaces](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces.html) Service\n\n\u003e **NOTE:** AWS WorkSpaces service requires [`workspaces_DefaultRole`](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html#create-default-role) IAM role to operate normally.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst valueWindows10 = aws.workspaces.getBundle({\n bundleId: \"wsb-bh8rsxt14\",\n});\nconst workspaces = aws.kms.getKey({\n keyId: \"alias/aws/workspaces\",\n});\nconst example = new aws.workspaces.Workspace(\"example\", {\n directoryId: exampleAwsWorkspacesDirectory.id,\n bundleId: valueWindows10.then(valueWindows10 =\u003e valueWindows10.id),\n userName: \"john.doe\",\n rootVolumeEncryptionEnabled: true,\n userVolumeEncryptionEnabled: true,\n volumeEncryptionKey: workspaces.then(workspaces =\u003e workspaces.arn),\n workspaceProperties: {\n computeTypeName: \"VALUE\",\n userVolumeSizeGib: 10,\n rootVolumeSizeGib: 80,\n runningMode: \"AUTO_STOP\",\n runningModeAutoStopTimeoutInMinutes: 60,\n },\n tags: {\n Department: \"IT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvalue_windows10 = aws.workspaces.get_bundle(bundle_id=\"wsb-bh8rsxt14\")\nworkspaces = aws.kms.get_key(key_id=\"alias/aws/workspaces\")\nexample = aws.workspaces.Workspace(\"example\",\n directory_id=example_aws_workspaces_directory[\"id\"],\n bundle_id=value_windows10.id,\n user_name=\"john.doe\",\n root_volume_encryption_enabled=True,\n user_volume_encryption_enabled=True,\n volume_encryption_key=workspaces.arn,\n workspace_properties=aws.workspaces.WorkspaceWorkspacePropertiesArgs(\n compute_type_name=\"VALUE\",\n user_volume_size_gib=10,\n root_volume_size_gib=80,\n running_mode=\"AUTO_STOP\",\n running_mode_auto_stop_timeout_in_minutes=60,\n ),\n tags={\n \"Department\": \"IT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var valueWindows10 = Aws.Workspaces.GetBundle.Invoke(new()\n {\n BundleId = \"wsb-bh8rsxt14\",\n });\n\n var workspaces = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"alias/aws/workspaces\",\n });\n\n var example = new Aws.Workspaces.Workspace(\"example\", new()\n {\n DirectoryId = exampleAwsWorkspacesDirectory.Id,\n BundleId = valueWindows10.Apply(getBundleResult =\u003e getBundleResult.Id),\n UserName = \"john.doe\",\n RootVolumeEncryptionEnabled = true,\n UserVolumeEncryptionEnabled = true,\n VolumeEncryptionKey = workspaces.Apply(getKeyResult =\u003e getKeyResult.Arn),\n WorkspaceProperties = new Aws.Workspaces.Inputs.WorkspaceWorkspacePropertiesArgs\n {\n ComputeTypeName = \"VALUE\",\n UserVolumeSizeGib = 10,\n RootVolumeSizeGib = 80,\n RunningMode = \"AUTO_STOP\",\n RunningModeAutoStopTimeoutInMinutes = 60,\n },\n Tags = \n {\n { \"Department\", \"IT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvalueWindows10, err := workspaces.GetBundle(ctx, \u0026workspaces.GetBundleArgs{\n\t\t\tBundleId: pulumi.StringRef(\"wsb-bh8rsxt14\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspaces, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"alias/aws/workspaces\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewWorkspace(ctx, \"example\", \u0026workspaces.WorkspaceArgs{\n\t\t\tDirectoryId: pulumi.Any(exampleAwsWorkspacesDirectory.Id),\n\t\t\tBundleId: pulumi.String(valueWindows10.Id),\n\t\t\tUserName: pulumi.String(\"john.doe\"),\n\t\t\tRootVolumeEncryptionEnabled: pulumi.Bool(true),\n\t\t\tUserVolumeEncryptionEnabled: pulumi.Bool(true),\n\t\t\tVolumeEncryptionKey: pulumi.String(workspaces.Arn),\n\t\t\tWorkspaceProperties: \u0026workspaces.WorkspaceWorkspacePropertiesArgs{\n\t\t\t\tComputeTypeName: pulumi.String(\"VALUE\"),\n\t\t\t\tUserVolumeSizeGib: pulumi.Int(10),\n\t\t\t\tRootVolumeSizeGib: pulumi.Int(80),\n\t\t\t\tRunningMode: pulumi.String(\"AUTO_STOP\"),\n\t\t\t\tRunningModeAutoStopTimeoutInMinutes: pulumi.Int(60),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Department\": pulumi.String(\"IT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.workspaces.WorkspacesFunctions;\nimport com.pulumi.aws.workspaces.inputs.GetBundleArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.workspaces.Workspace;\nimport com.pulumi.aws.workspaces.WorkspaceArgs;\nimport com.pulumi.aws.workspaces.inputs.WorkspaceWorkspacePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var valueWindows10 = WorkspacesFunctions.getBundle(GetBundleArgs.builder()\n .bundleId(\"wsb-bh8rsxt14\")\n .build());\n\n final var workspaces = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"alias/aws/workspaces\")\n .build());\n\n var example = new Workspace(\"example\", WorkspaceArgs.builder() \n .directoryId(exampleAwsWorkspacesDirectory.id())\n .bundleId(valueWindows10.applyValue(getBundleResult -\u003e getBundleResult.id()))\n .userName(\"john.doe\")\n .rootVolumeEncryptionEnabled(true)\n .userVolumeEncryptionEnabled(true)\n .volumeEncryptionKey(workspaces.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .workspaceProperties(WorkspaceWorkspacePropertiesArgs.builder()\n .computeTypeName(\"VALUE\")\n .userVolumeSizeGib(10)\n .rootVolumeSizeGib(80)\n .runningMode(\"AUTO_STOP\")\n .runningModeAutoStopTimeoutInMinutes(60)\n .build())\n .tags(Map.of(\"Department\", \"IT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:workspaces:Workspace\n properties:\n directoryId: ${exampleAwsWorkspacesDirectory.id}\n bundleId: ${valueWindows10.id}\n userName: john.doe\n rootVolumeEncryptionEnabled: true\n userVolumeEncryptionEnabled: true\n volumeEncryptionKey: ${workspaces.arn}\n workspaceProperties:\n computeTypeName: VALUE\n userVolumeSizeGib: 10\n rootVolumeSizeGib: 80\n runningMode: AUTO_STOP\n runningModeAutoStopTimeoutInMinutes: 60\n tags:\n Department: IT\nvariables:\n valueWindows10:\n fn::invoke:\n Function: aws:workspaces:getBundle\n Arguments:\n bundleId: wsb-bh8rsxt14\n workspaces:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: alias/aws/workspaces\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Workspaces using their ID. For example:\n\n```sh\n$ pulumi import aws:workspaces/workspace:Workspace example ws-9z9zmbkhv\n```\n", "properties": { "bundleId": { "type": "string", @@ -346535,7 +346535,7 @@ } }, "aws:xray/encryptionConfig:EncryptionConfig": { - "description": "Creates and manages an AWS XRay Encryption Config.\n\n\u003e **NOTE:** Removing this resource from the provider has no effect to the encryption configuration within X-Ray.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.xray.EncryptionConfig(\"example\", {type: \"NONE\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.xray.EncryptionConfig(\"example\", type=\"NONE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Xray.EncryptionConfig(\"example\", new()\n {\n Type = \"NONE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := xray.NewEncryptionConfig(ctx, \"example\", \u0026xray.EncryptionConfigArgs{\n\t\t\tType: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.xray.EncryptionConfig;\nimport com.pulumi.aws.xray.EncryptionConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EncryptionConfig(\"example\", EncryptionConfigArgs.builder() \n .type(\"NONE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:xray:EncryptionConfig\n properties:\n type: NONE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### With KMS Key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"Enable IAM User Permissions\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current.accountId}:root`],\n }],\n actions: [\"kms:*\"],\n resources: [\"*\"],\n }],\n}));\nconst exampleKey = new aws.kms.Key(\"example\", {\n description: \"Some Key\",\n deletionWindowInDays: 7,\n policy: example.then(example =\u003e example.json),\n});\nconst exampleEncryptionConfig = new aws.xray.EncryptionConfig(\"example\", {\n type: \"KMS\",\n keyId: exampleKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Enable IAM User Permissions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n actions=[\"kms:*\"],\n resources=[\"*\"],\n)])\nexample_key = aws.kms.Key(\"example\",\n description=\"Some Key\",\n deletion_window_in_days=7,\n policy=example.json)\nexample_encryption_config = aws.xray.EncryptionConfig(\"example\",\n type=\"KMS\",\n key_id=example_key.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Enable IAM User Permissions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleKey = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Some Key\",\n DeletionWindowInDays = 7,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleEncryptionConfig = new Aws.Xray.EncryptionConfig(\"example\", new()\n {\n Type = \"KMS\",\n KeyId = exampleKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Enable IAM User Permissions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Some Key\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = xray.NewEncryptionConfig(ctx, \"example\", \u0026xray.EncryptionConfigArgs{\n\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\tKeyId: exampleKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.xray.EncryptionConfig;\nimport com.pulumi.aws.xray.EncryptionConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"Enable IAM User Permissions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .actions(\"kms:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"Some Key\")\n .deletionWindowInDays(7)\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleEncryptionConfig = new EncryptionConfig(\"exampleEncryptionConfig\", EncryptionConfigArgs.builder() \n .type(\"KMS\")\n .keyId(exampleKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleKey:\n type: aws:kms:Key\n name: example\n properties:\n description: Some Key\n deletionWindowInDays: 7\n policy: ${example.json}\n exampleEncryptionConfig:\n type: aws:xray:EncryptionConfig\n name: example\n properties:\n type: KMS\n keyId: ${exampleKey.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Enable IAM User Permissions\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n actions:\n - kms:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import XRay Encryption Config using the region name. For example:\n\n```sh\n$ pulumi import aws:xray/encryptionConfig:EncryptionConfig example us-west-2\n```\n", + "description": "Creates and manages an AWS XRay Encryption Config.\n\n\u003e **NOTE:** Removing this resource from the provider has no effect to the encryption configuration within X-Ray.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.xray.EncryptionConfig(\"example\", {type: \"NONE\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.xray.EncryptionConfig(\"example\", type=\"NONE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Xray.EncryptionConfig(\"example\", new()\n {\n Type = \"NONE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := xray.NewEncryptionConfig(ctx, \"example\", \u0026xray.EncryptionConfigArgs{\n\t\t\tType: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.xray.EncryptionConfig;\nimport com.pulumi.aws.xray.EncryptionConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EncryptionConfig(\"example\", EncryptionConfigArgs.builder() \n .type(\"NONE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:xray:EncryptionConfig\n properties:\n type: NONE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### With KMS Key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst example = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [{\n sid: \"Enable IAM User Permissions\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current.accountId}:root`],\n }],\n actions: [\"kms:*\"],\n resources: [\"*\"],\n }],\n}));\nconst exampleKey = new aws.kms.Key(\"example\", {\n description: \"Some Key\",\n deletionWindowInDays: 7,\n policy: example.then(example =\u003e example.json),\n});\nconst exampleEncryptionConfig = new aws.xray.EncryptionConfig(\"example\", {\n type: \"KMS\",\n keyId: exampleKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Enable IAM User Permissions\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current.account_id}:root\"],\n )],\n actions=[\"kms:*\"],\n resources=[\"*\"],\n)])\nexample_key = aws.kms.Key(\"example\",\n description=\"Some Key\",\n deletion_window_in_days=7,\n policy=example.json)\nexample_encryption_config = aws.xray.EncryptionConfig(\"example\",\n type=\"KMS\",\n key_id=example_key.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"Enable IAM User Permissions\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var exampleKey = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Some Key\",\n DeletionWindowInDays = 7,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleEncryptionConfig = new Aws.Xray.EncryptionConfig(\"example\", new()\n {\n Type = \"KMS\",\n KeyId = exampleKey.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Enable IAM User Permissions\"),\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Some Key\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = xray.NewEncryptionConfig(ctx, \"example\", \u0026xray.EncryptionConfigArgs{\n\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\tKeyId: exampleKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.xray.EncryptionConfig;\nimport com.pulumi.aws.xray.EncryptionConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"Enable IAM User Permissions\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .actions(\"kms:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"Some Key\")\n .deletionWindowInDays(7)\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleEncryptionConfig = new EncryptionConfig(\"exampleEncryptionConfig\", EncryptionConfigArgs.builder() \n .type(\"KMS\")\n .keyId(exampleKey.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleKey:\n type: aws:kms:Key\n name: example\n properties:\n description: Some Key\n deletionWindowInDays: 7\n policy: ${example.json}\n exampleEncryptionConfig:\n type: aws:xray:EncryptionConfig\n name: example\n properties:\n type: KMS\n keyId: ${exampleKey.arn}\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: Enable IAM User Permissions\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n actions:\n - kms:*\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import XRay Encryption Config using the region name. For example:\n\n```sh\n$ pulumi import aws:xray/encryptionConfig:EncryptionConfig example us-west-2\n```\n", "properties": { "keyId": { "type": "string", @@ -349784,7 +349784,7 @@ } }, "aws:auditmanager/getControl:getControl": { - "description": "Data source for managing an AWS Audit Manager Control.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.auditmanager.getControl({\n name: \"1. Risk Management\",\n type: \"Standard\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.auditmanager.get_control(name=\"1. Risk Management\",\n type=\"Standard\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Auditmanager.GetControl.Invoke(new()\n {\n Name = \"1. Risk Management\",\n Type = \"Standard\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/auditmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := auditmanager.LookupControl(ctx, \u0026auditmanager.LookupControlArgs{\n\t\t\tName: \"1. Risk Management\",\n\t\t\tType: \"Standard\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.auditmanager.AuditmanagerFunctions;\nimport com.pulumi.aws.auditmanager.inputs.GetControlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AuditmanagerFunctions.getControl(GetControlArgs.builder()\n .name(\"1. Risk Management\")\n .type(\"Standard\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:auditmanager:getControl\n Arguments:\n name: 1. Risk Management\n type: Standard\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Framework Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.auditmanager.getControl({\n name: \"1. Risk Management\",\n type: \"Standard\",\n});\nconst example2 = aws.auditmanager.getControl({\n name: \"2. Personnel\",\n type: \"Standard\",\n});\nconst exampleFramework = new aws.auditmanager.Framework(\"example\", {\n name: \"example\",\n controlSets: [\n {\n name: \"example\",\n controls: [{\n id: example.then(example =\u003e example.id),\n }],\n },\n {\n name: \"example2\",\n controls: [{\n id: example2.then(example2 =\u003e example2.id),\n }],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.auditmanager.get_control(name=\"1. Risk Management\",\n type=\"Standard\")\nexample2 = aws.auditmanager.get_control(name=\"2. Personnel\",\n type=\"Standard\")\nexample_framework = aws.auditmanager.Framework(\"example\",\n name=\"example\",\n control_sets=[\n aws.auditmanager.FrameworkControlSetArgs(\n name=\"example\",\n controls=[aws.auditmanager.FrameworkControlSetControlArgs(\n id=example.id,\n )],\n ),\n aws.auditmanager.FrameworkControlSetArgs(\n name=\"example2\",\n controls=[aws.auditmanager.FrameworkControlSetControlArgs(\n id=example2.id,\n )],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Auditmanager.GetControl.Invoke(new()\n {\n Name = \"1. Risk Management\",\n Type = \"Standard\",\n });\n\n var example2 = Aws.Auditmanager.GetControl.Invoke(new()\n {\n Name = \"2. Personnel\",\n Type = \"Standard\",\n });\n\n var exampleFramework = new Aws.Auditmanager.Framework(\"example\", new()\n {\n Name = \"example\",\n ControlSets = new[]\n {\n new Aws.Auditmanager.Inputs.FrameworkControlSetArgs\n {\n Name = \"example\",\n Controls = new[]\n {\n new Aws.Auditmanager.Inputs.FrameworkControlSetControlArgs\n {\n Id = example.Apply(getControlResult =\u003e getControlResult.Id),\n },\n },\n },\n new Aws.Auditmanager.Inputs.FrameworkControlSetArgs\n {\n Name = \"example2\",\n Controls = new[]\n {\n new Aws.Auditmanager.Inputs.FrameworkControlSetControlArgs\n {\n Id = example2.Apply(getControlResult =\u003e getControlResult.Id),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/auditmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := auditmanager.LookupControl(ctx, \u0026auditmanager.LookupControlArgs{\n\t\t\tName: \"1. Risk Management\",\n\t\t\tType: \"Standard\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample2, err := auditmanager.LookupControl(ctx, \u0026auditmanager.LookupControlArgs{\n\t\t\tName: \"2. Personnel\",\n\t\t\tType: \"Standard\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = auditmanager.NewFramework(ctx, \"example\", \u0026auditmanager.FrameworkArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tControlSets: auditmanager.FrameworkControlSetArray{\n\t\t\t\t\u0026auditmanager.FrameworkControlSetArgs{\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t\tControls: auditmanager.FrameworkControlSetControlArray{\n\t\t\t\t\t\t\u0026auditmanager.FrameworkControlSetControlArgs{\n\t\t\t\t\t\t\tId: *pulumi.String(example.Id),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026auditmanager.FrameworkControlSetArgs{\n\t\t\t\t\tName: pulumi.String(\"example2\"),\n\t\t\t\t\tControls: auditmanager.FrameworkControlSetControlArray{\n\t\t\t\t\t\t\u0026auditmanager.FrameworkControlSetControlArgs{\n\t\t\t\t\t\t\tId: *pulumi.String(example2.Id),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.auditmanager.AuditmanagerFunctions;\nimport com.pulumi.aws.auditmanager.inputs.GetControlArgs;\nimport com.pulumi.aws.auditmanager.Framework;\nimport com.pulumi.aws.auditmanager.FrameworkArgs;\nimport com.pulumi.aws.auditmanager.inputs.FrameworkControlSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AuditmanagerFunctions.getControl(GetControlArgs.builder()\n .name(\"1. Risk Management\")\n .type(\"Standard\")\n .build());\n\n final var example2 = AuditmanagerFunctions.getControl(GetControlArgs.builder()\n .name(\"2. Personnel\")\n .type(\"Standard\")\n .build());\n\n var exampleFramework = new Framework(\"exampleFramework\", FrameworkArgs.builder() \n .name(\"example\")\n .controlSets( \n FrameworkControlSetArgs.builder()\n .name(\"example\")\n .controls(FrameworkControlSetControlArgs.builder()\n .id(example.applyValue(getControlResult -\u003e getControlResult.id()))\n .build())\n .build(),\n FrameworkControlSetArgs.builder()\n .name(\"example2\")\n .controls(FrameworkControlSetControlArgs.builder()\n .id(example2.applyValue(getControlResult -\u003e getControlResult.id()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleFramework:\n type: aws:auditmanager:Framework\n name: example\n properties:\n name: example\n controlSets:\n - name: example\n controls:\n - id: ${example.id}\n - name: example2\n controls:\n - id: ${example2.id}\nvariables:\n example:\n fn::invoke:\n Function: aws:auditmanager:getControl\n Arguments:\n name: 1. Risk Management\n type: Standard\n example2:\n fn::invoke:\n Function: aws:auditmanager:getControl\n Arguments:\n name: 2. Personnel\n type: Standard\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Data source for managing an AWS Audit Manager Control.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.auditmanager.getControl({\n name: \"1. Risk Management\",\n type: \"Standard\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.auditmanager.get_control(name=\"1. Risk Management\",\n type=\"Standard\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Auditmanager.GetControl.Invoke(new()\n {\n Name = \"1. Risk Management\",\n Type = \"Standard\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/auditmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := auditmanager.LookupControl(ctx, \u0026auditmanager.LookupControlArgs{\n\t\t\tName: \"1. Risk Management\",\n\t\t\tType: \"Standard\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.auditmanager.AuditmanagerFunctions;\nimport com.pulumi.aws.auditmanager.inputs.GetControlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AuditmanagerFunctions.getControl(GetControlArgs.builder()\n .name(\"1. Risk Management\")\n .type(\"Standard\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:auditmanager:getControl\n Arguments:\n name: 1. Risk Management\n type: Standard\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With Framework Resource\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.auditmanager.getControl({\n name: \"1. Risk Management\",\n type: \"Standard\",\n});\nconst example2 = aws.auditmanager.getControl({\n name: \"2. Personnel\",\n type: \"Standard\",\n});\nconst exampleFramework = new aws.auditmanager.Framework(\"example\", {\n name: \"example\",\n controlSets: [\n {\n name: \"example\",\n controls: [{\n id: example.then(example =\u003e example.id),\n }],\n },\n {\n name: \"example2\",\n controls: [{\n id: example2.then(example2 =\u003e example2.id),\n }],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.auditmanager.get_control(name=\"1. Risk Management\",\n type=\"Standard\")\nexample2 = aws.auditmanager.get_control(name=\"2. Personnel\",\n type=\"Standard\")\nexample_framework = aws.auditmanager.Framework(\"example\",\n name=\"example\",\n control_sets=[\n aws.auditmanager.FrameworkControlSetArgs(\n name=\"example\",\n controls=[aws.auditmanager.FrameworkControlSetControlArgs(\n id=example.id,\n )],\n ),\n aws.auditmanager.FrameworkControlSetArgs(\n name=\"example2\",\n controls=[aws.auditmanager.FrameworkControlSetControlArgs(\n id=example2.id,\n )],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Auditmanager.GetControl.Invoke(new()\n {\n Name = \"1. Risk Management\",\n Type = \"Standard\",\n });\n\n var example2 = Aws.Auditmanager.GetControl.Invoke(new()\n {\n Name = \"2. Personnel\",\n Type = \"Standard\",\n });\n\n var exampleFramework = new Aws.Auditmanager.Framework(\"example\", new()\n {\n Name = \"example\",\n ControlSets = new[]\n {\n new Aws.Auditmanager.Inputs.FrameworkControlSetArgs\n {\n Name = \"example\",\n Controls = new[]\n {\n new Aws.Auditmanager.Inputs.FrameworkControlSetControlArgs\n {\n Id = example.Apply(getControlResult =\u003e getControlResult.Id),\n },\n },\n },\n new Aws.Auditmanager.Inputs.FrameworkControlSetArgs\n {\n Name = \"example2\",\n Controls = new[]\n {\n new Aws.Auditmanager.Inputs.FrameworkControlSetControlArgs\n {\n Id = example2.Apply(getControlResult =\u003e getControlResult.Id),\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/auditmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := auditmanager.LookupControl(ctx, \u0026auditmanager.LookupControlArgs{\n\t\t\tName: \"1. Risk Management\",\n\t\t\tType: \"Standard\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample2, err := auditmanager.LookupControl(ctx, \u0026auditmanager.LookupControlArgs{\n\t\t\tName: \"2. Personnel\",\n\t\t\tType: \"Standard\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = auditmanager.NewFramework(ctx, \"example\", \u0026auditmanager.FrameworkArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tControlSets: auditmanager.FrameworkControlSetArray{\n\t\t\t\t\u0026auditmanager.FrameworkControlSetArgs{\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t\tControls: auditmanager.FrameworkControlSetControlArray{\n\t\t\t\t\t\t\u0026auditmanager.FrameworkControlSetControlArgs{\n\t\t\t\t\t\t\tId: pulumi.String(example.Id),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026auditmanager.FrameworkControlSetArgs{\n\t\t\t\t\tName: pulumi.String(\"example2\"),\n\t\t\t\t\tControls: auditmanager.FrameworkControlSetControlArray{\n\t\t\t\t\t\t\u0026auditmanager.FrameworkControlSetControlArgs{\n\t\t\t\t\t\t\tId: pulumi.String(example2.Id),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.auditmanager.AuditmanagerFunctions;\nimport com.pulumi.aws.auditmanager.inputs.GetControlArgs;\nimport com.pulumi.aws.auditmanager.Framework;\nimport com.pulumi.aws.auditmanager.FrameworkArgs;\nimport com.pulumi.aws.auditmanager.inputs.FrameworkControlSetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AuditmanagerFunctions.getControl(GetControlArgs.builder()\n .name(\"1. Risk Management\")\n .type(\"Standard\")\n .build());\n\n final var example2 = AuditmanagerFunctions.getControl(GetControlArgs.builder()\n .name(\"2. Personnel\")\n .type(\"Standard\")\n .build());\n\n var exampleFramework = new Framework(\"exampleFramework\", FrameworkArgs.builder() \n .name(\"example\")\n .controlSets( \n FrameworkControlSetArgs.builder()\n .name(\"example\")\n .controls(FrameworkControlSetControlArgs.builder()\n .id(example.applyValue(getControlResult -\u003e getControlResult.id()))\n .build())\n .build(),\n FrameworkControlSetArgs.builder()\n .name(\"example2\")\n .controls(FrameworkControlSetControlArgs.builder()\n .id(example2.applyValue(getControlResult -\u003e getControlResult.id()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleFramework:\n type: aws:auditmanager:Framework\n name: example\n properties:\n name: example\n controlSets:\n - name: example\n controls:\n - id: ${example.id}\n - name: example2\n controls:\n - id: ${example2.id}\nvariables:\n example:\n fn::invoke:\n Function: aws:auditmanager:getControl\n Arguments:\n name: 1. Risk Management\n type: Standard\n example2:\n fn::invoke:\n Function: aws:auditmanager:getControl\n Arguments:\n name: 2. Personnel\n type: Standard\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getControl.\n", "properties": { @@ -351509,7 +351509,7 @@ } }, "aws:cloudformation/getExport:getExport": { - "description": "The CloudFormation Export data source allows access to stack\nexports specified in the [Output](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html) section of the Cloudformation Template using the optional Export Property.\n\n \u003e Note: If you are trying to use a value from a Cloudformation Stack in the same deployment please use normal interpolation or Cloudformation Outputs.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst subnetId = aws.cloudformation.getExport({\n name: \"mySubnetIdExportName\",\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-abb07bcb\",\n instanceType: \"t2.micro\",\n subnetId: subnetId.then(subnetId =\u003e subnetId.value),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsubnet_id = aws.cloudformation.get_export(name=\"mySubnetIdExportName\")\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-abb07bcb\",\n instance_type=\"t2.micro\",\n subnet_id=subnet_id.value)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var subnetId = Aws.CloudFormation.GetExport.Invoke(new()\n {\n Name = \"mySubnetIdExportName\",\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-abb07bcb\",\n InstanceType = \"t2.micro\",\n SubnetId = subnetId.Apply(getExportResult =\u003e getExportResult.Value),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsubnetId, err := cloudformation.GetExport(ctx, \u0026cloudformation.GetExportArgs{\n\t\t\tName: \"mySubnetIdExportName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-abb07bcb\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tSubnetId: *pulumi.String(subnetId.Value),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.CloudformationFunctions;\nimport com.pulumi.aws.cloudformation.inputs.GetExportArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var subnetId = CloudformationFunctions.getExport(GetExportArgs.builder()\n .name(\"mySubnetIdExportName\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-abb07bcb\")\n .instanceType(\"t2.micro\")\n .subnetId(subnetId.applyValue(getExportResult -\u003e getExportResult.value()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-abb07bcb\n instanceType: t2.micro\n subnetId: ${subnetId.value}\nvariables:\n subnetId:\n fn::invoke:\n Function: aws:cloudformation:getExport\n Arguments:\n name: mySubnetIdExportName\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The CloudFormation Export data source allows access to stack\nexports specified in the [Output](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html) section of the Cloudformation Template using the optional Export Property.\n\n \u003e Note: If you are trying to use a value from a Cloudformation Stack in the same deployment please use normal interpolation or Cloudformation Outputs.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst subnetId = aws.cloudformation.getExport({\n name: \"mySubnetIdExportName\",\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-abb07bcb\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n subnetId: subnetId.then(subnetId =\u003e subnetId.value),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsubnet_id = aws.cloudformation.get_export(name=\"mySubnetIdExportName\")\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-abb07bcb\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n subnet_id=subnet_id.value)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var subnetId = Aws.CloudFormation.GetExport.Invoke(new()\n {\n Name = \"mySubnetIdExportName\",\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-abb07bcb\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n SubnetId = subnetId.Apply(getExportResult =\u003e getExportResult.Value),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsubnetId, err := cloudformation.GetExport(ctx, \u0026cloudformation.GetExportArgs{\n\t\t\tName: \"mySubnetIdExportName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-abb07bcb\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tSubnetId: pulumi.String(subnetId.Value),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.CloudformationFunctions;\nimport com.pulumi.aws.cloudformation.inputs.GetExportArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var subnetId = CloudformationFunctions.getExport(GetExportArgs.builder()\n .name(\"mySubnetIdExportName\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-abb07bcb\")\n .instanceType(\"t2.micro\")\n .subnetId(subnetId.applyValue(getExportResult -\u003e getExportResult.value()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-abb07bcb\n instanceType: t2.micro\n subnetId: ${subnetId.value}\nvariables:\n subnetId:\n fn::invoke:\n Function: aws:cloudformation:getExport\n Arguments:\n name: mySubnetIdExportName\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getExport.\n", "properties": { @@ -351552,7 +351552,7 @@ } }, "aws:cloudformation/getStack:getStack": { - "description": "The CloudFormation Stack data source allows access to stack\noutputs and other useful data including the template body.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst network = aws.cloudformation.getStack({\n name: \"my-network-stack\",\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-abb07bcb\",\n instanceType: \"t2.micro\",\n subnetId: network.then(network =\u003e network.outputs?.SubnetId),\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnetwork = aws.cloudformation.get_stack(name=\"my-network-stack\")\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-abb07bcb\",\n instance_type=\"t2.micro\",\n subnet_id=network.outputs[\"SubnetId\"],\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = Aws.CloudFormation.GetStack.Invoke(new()\n {\n Name = \"my-network-stack\",\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-abb07bcb\",\n InstanceType = \"t2.micro\",\n SubnetId = network.Apply(getStackResult =\u003e getStackResult.Outputs?.SubnetId),\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := cloudformation.LookupStack(ctx, \u0026cloudformation.LookupStackArgs{\n\t\t\tName: \"my-network-stack\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-abb07bcb\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tSubnetId: *pulumi.String(network.Outputs.SubnetId),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.CloudformationFunctions;\nimport com.pulumi.aws.cloudformation.inputs.GetStackArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var network = CloudformationFunctions.getStack(GetStackArgs.builder()\n .name(\"my-network-stack\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-abb07bcb\")\n .instanceType(\"t2.micro\")\n .subnetId(network.applyValue(getStackResult -\u003e getStackResult.outputs().SubnetId()))\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-abb07bcb\n instanceType: t2.micro\n subnetId: ${network.outputs.SubnetId}\n tags:\n Name: HelloWorld\nvariables:\n network:\n fn::invoke:\n Function: aws:cloudformation:getStack\n Arguments:\n name: my-network-stack\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The CloudFormation Stack data source allows access to stack\noutputs and other useful data including the template body.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst network = aws.cloudformation.getStack({\n name: \"my-network-stack\",\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-abb07bcb\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n subnetId: network.then(network =\u003e network.outputs?.SubnetId),\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnetwork = aws.cloudformation.get_stack(name=\"my-network-stack\")\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-abb07bcb\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n subnet_id=network.outputs[\"SubnetId\"],\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = Aws.CloudFormation.GetStack.Invoke(new()\n {\n Name = \"my-network-stack\",\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = \"ami-abb07bcb\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n SubnetId = network.Apply(getStackResult =\u003e getStackResult.Outputs?.SubnetId),\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := cloudformation.LookupStack(ctx, \u0026cloudformation.LookupStackArgs{\n\t\t\tName: \"my-network-stack\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-abb07bcb\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tSubnetId: pulumi.String(network.Outputs.SubnetId),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudformation.CloudformationFunctions;\nimport com.pulumi.aws.cloudformation.inputs.GetStackArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var network = CloudformationFunctions.getStack(GetStackArgs.builder()\n .name(\"my-network-stack\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder() \n .ami(\"ami-abb07bcb\")\n .instanceType(\"t2.micro\")\n .subnetId(network.applyValue(getStackResult -\u003e getStackResult.outputs().SubnetId()))\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ami-abb07bcb\n instanceType: t2.micro\n subnetId: ${network.outputs.SubnetId}\n tags:\n Name: HelloWorld\nvariables:\n network:\n fn::invoke:\n Function: aws:cloudformation:getStack\n Arguments:\n name: my-network-stack\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getStack.\n", "properties": { @@ -351891,7 +351891,7 @@ } }, "aws:cloudfront/getLogDeliveryCanonicalUserId:getLogDeliveryCanonicalUserId": { - "description": "The CloudFront Log Delivery Canonical User ID data source allows access to the [canonical user ID](http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html) of the AWS `awslogsdelivery` account for CloudFront bucket logging.\nSee the [Amazon CloudFront Developer Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) for more information.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.cloudfront.getLogDeliveryCanonicalUserId({});\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n accessControlPolicy: {\n grants: [{\n grantee: {\n id: example.then(example =\u003e example.id),\n type: \"CanonicalUser\",\n },\n permission: \"FULL_CONTROL\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.get_log_delivery_canonical_user_id()\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n access_control_policy=aws.s3.BucketAclV2AccessControlPolicyArgs(\n grants=[aws.s3.BucketAclV2AccessControlPolicyGrantArgs(\n grantee=aws.s3.BucketAclV2AccessControlPolicyGrantGranteeArgs(\n id=example.id,\n type=\"CanonicalUser\",\n ),\n permission=\"FULL_CONTROL\",\n )],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.CloudFront.GetLogDeliveryCanonicalUserId.Invoke();\n\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n AccessControlPolicy = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyArgs\n {\n Grants = new[]\n {\n new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantArgs\n {\n Grantee = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantGranteeArgs\n {\n Id = example.Apply(getLogDeliveryCanonicalUserIdResult =\u003e getLogDeliveryCanonicalUserIdResult.Id),\n Type = \"CanonicalUser\",\n },\n Permission = \"FULL_CONTROL\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudfront.GetLogDeliveryCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tAccessControlPolicy: \u0026s3.BucketAclV2AccessControlPolicyArgs{\n\t\t\t\tGrants: s3.BucketAclV2AccessControlPolicyGrantArray{\n\t\t\t\t\t\u0026s3.BucketAclV2AccessControlPolicyGrantArgs{\n\t\t\t\t\t\tGrantee: \u0026s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{\n\t\t\t\t\t\t\tId: *pulumi.String(example.Id),\n\t\t\t\t\t\t\tType: pulumi.String(\"CanonicalUser\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermission: pulumi.String(\"FULL_CONTROL\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.CloudfrontFunctions;\nimport com.pulumi.aws.cloudfront.inputs.GetLogDeliveryCanonicalUserIdArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = CloudfrontFunctions.getLogDeliveryCanonicalUserId();\n\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()\n .grants(BucketAclV2AccessControlPolicyGrantArgs.builder()\n .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()\n .id(example.applyValue(getLogDeliveryCanonicalUserIdResult -\u003e getLogDeliveryCanonicalUserIdResult.id()))\n .type(\"CanonicalUser\")\n .build())\n .permission(\"FULL_CONTROL\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n accessControlPolicy:\n grants:\n - grantee:\n id: ${example.id}\n type: CanonicalUser\n permission: FULL_CONTROL\nvariables:\n example:\n fn::invoke:\n Function: aws:cloudfront:getLogDeliveryCanonicalUserId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The CloudFront Log Delivery Canonical User ID data source allows access to the [canonical user ID](http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html) of the AWS `awslogsdelivery` account for CloudFront bucket logging.\nSee the [Amazon CloudFront Developer Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) for more information.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.cloudfront.getLogDeliveryCanonicalUserId({});\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {bucket: \"example\"});\nconst exampleBucketAclV2 = new aws.s3.BucketAclV2(\"example\", {\n bucket: exampleBucketV2.id,\n accessControlPolicy: {\n grants: [{\n grantee: {\n id: example.then(example =\u003e example.id),\n type: \"CanonicalUser\",\n },\n permission: \"FULL_CONTROL\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.get_log_delivery_canonical_user_id()\nexample_bucket_v2 = aws.s3.BucketV2(\"example\", bucket=\"example\")\nexample_bucket_acl_v2 = aws.s3.BucketAclV2(\"example\",\n bucket=example_bucket_v2.id,\n access_control_policy=aws.s3.BucketAclV2AccessControlPolicyArgs(\n grants=[aws.s3.BucketAclV2AccessControlPolicyGrantArgs(\n grantee=aws.s3.BucketAclV2AccessControlPolicyGrantGranteeArgs(\n id=example.id,\n type=\"CanonicalUser\",\n ),\n permission=\"FULL_CONTROL\",\n )],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.CloudFront.GetLogDeliveryCanonicalUserId.Invoke();\n\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"example\",\n });\n\n var exampleBucketAclV2 = new Aws.S3.BucketAclV2(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n AccessControlPolicy = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyArgs\n {\n Grants = new[]\n {\n new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantArgs\n {\n Grantee = new Aws.S3.Inputs.BucketAclV2AccessControlPolicyGrantGranteeArgs\n {\n Id = example.Apply(getLogDeliveryCanonicalUserIdResult =\u003e getLogDeliveryCanonicalUserIdResult.Id),\n Type = \"CanonicalUser\",\n },\n Permission = \"FULL_CONTROL\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudfront.GetLogDeliveryCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"example\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tAccessControlPolicy: \u0026s3.BucketAclV2AccessControlPolicyArgs{\n\t\t\t\tGrants: s3.BucketAclV2AccessControlPolicyGrantArray{\n\t\t\t\t\t\u0026s3.BucketAclV2AccessControlPolicyGrantArgs{\n\t\t\t\t\t\tGrantee: \u0026s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{\n\t\t\t\t\t\t\tId: pulumi.String(example.Id),\n\t\t\t\t\t\t\tType: pulumi.String(\"CanonicalUser\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPermission: pulumi.String(\"FULL_CONTROL\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.CloudfrontFunctions;\nimport com.pulumi.aws.cloudfront.inputs.GetLogDeliveryCanonicalUserIdArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = CloudfrontFunctions.getLogDeliveryCanonicalUserId();\n\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder() \n .bucket(\"example\")\n .build());\n\n var exampleBucketAclV2 = new BucketAclV2(\"exampleBucketAclV2\", BucketAclV2Args.builder() \n .bucket(exampleBucketV2.id())\n .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()\n .grants(BucketAclV2AccessControlPolicyGrantArgs.builder()\n .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()\n .id(example.applyValue(getLogDeliveryCanonicalUserIdResult -\u003e getLogDeliveryCanonicalUserIdResult.id()))\n .type(\"CanonicalUser\")\n .build())\n .permission(\"FULL_CONTROL\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: example\n exampleBucketAclV2:\n type: aws:s3:BucketAclV2\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n accessControlPolicy:\n grants:\n - grantee:\n id: ${example.id}\n type: CanonicalUser\n permission: FULL_CONTROL\nvariables:\n example:\n fn::invoke:\n Function: aws:cloudfront:getLogDeliveryCanonicalUserId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLogDeliveryCanonicalUserId.\n", "properties": { @@ -352481,7 +352481,7 @@ } }, "aws:cloudwatch/getLogDataProtectionPolicyDocument:getLogDataProtectionPolicyDocument": { - "description": "Generates a CloudWatch Log Group Data Protection Policy document in JSON format for use with the `aws.cloudwatch.LogDataProtectionPolicy` resource.\n\n\u003e For more information about data protection policies, see the [Help protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.cloudwatch.getLogDataProtectionPolicyDocument({\n name: \"Example\",\n statements: [\n {\n sid: \"Audit\",\n dataIdentifiers: [\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation: {\n audit: {\n findingsDestination: {\n cloudwatchLogs: {\n logGroup: audit.name,\n },\n firehose: {\n deliveryStream: auditAwsKinesisFirehoseDeliveryStream.name,\n },\n s3: {\n bucket: auditAwsS3Bucket.bucket,\n },\n },\n },\n },\n },\n {\n sid: \"Deidentify\",\n dataIdentifiers: [\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation: {\n deidentify: {\n maskConfig: {},\n },\n },\n },\n ],\n});\nconst exampleLogDataProtectionPolicy = new aws.cloudwatch.LogDataProtectionPolicy(\"example\", {\n logGroupName: exampleAwsCloudwatchLogGroup.name,\n policyDocument: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.get_log_data_protection_policy_document(name=\"Example\",\n statements=[\n aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementArgs(\n sid=\"Audit\",\n data_identifiers=[\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationArgs(\n audit=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs(\n findings_destination=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs(\n cloudwatch_logs=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs(\n log_group=audit[\"name\"],\n ),\n firehose=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs(\n delivery_stream=audit_aws_kinesis_firehose_delivery_stream[\"name\"],\n ),\n s3=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args(\n bucket=audit_aws_s3_bucket[\"bucket\"],\n ),\n ),\n ),\n ),\n ),\n aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementArgs(\n sid=\"Deidentify\",\n data_identifiers=[\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationArgs(\n deidentify=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs(\n mask_config=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfigArgs(),\n ),\n ),\n ),\n ])\nexample_log_data_protection_policy = aws.cloudwatch.LogDataProtectionPolicy(\"example\",\n log_group_name=example_aws_cloudwatch_log_group[\"name\"],\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.CloudWatch.GetLogDataProtectionPolicyDocument.Invoke(new()\n {\n Name = \"Example\",\n Statements = new[]\n {\n new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementInputArgs\n {\n Sid = \"Audit\",\n DataIdentifiers = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n },\n Operation = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationInputArgs\n {\n Audit = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditInputArgs\n {\n FindingsDestination = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationInputArgs\n {\n CloudwatchLogs = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsInputArgs\n {\n LogGroup = audit.Name,\n },\n Firehose = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseInputArgs\n {\n DeliveryStream = auditAwsKinesisFirehoseDeliveryStream.Name,\n },\n S3 = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3InputArgs\n {\n Bucket = auditAwsS3Bucket.Bucket,\n },\n },\n },\n },\n },\n new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementInputArgs\n {\n Sid = \"Deidentify\",\n DataIdentifiers = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n },\n Operation = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationInputArgs\n {\n Deidentify = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyInputArgs\n {\n MaskConfig = null,\n },\n },\n },\n },\n });\n\n var exampleLogDataProtectionPolicy = new Aws.CloudWatch.LogDataProtectionPolicy(\"example\", new()\n {\n LogGroupName = exampleAwsCloudwatchLogGroup.Name,\n PolicyDocument = example.Apply(getLogDataProtectionPolicyDocumentResult =\u003e getLogDataProtectionPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.GetLogDataProtectionPolicyDocument(ctx, \u0026cloudwatch.GetLogDataProtectionPolicyDocumentArgs{\n\t\t\tName: \"Example\",\n\t\t\tStatements: []cloudwatch.GetLogDataProtectionPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Audit\"),\n\t\t\t\t\tDataIdentifiers: []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n\t\t\t\t\t},\n\t\t\t\t\tOperation: {\n\t\t\t\t\t\tAudit: {\n\t\t\t\t\t\t\tFindingsDestination: {\n\t\t\t\t\t\t\t\tCloudwatchLogs: {\n\t\t\t\t\t\t\t\t\tLogGroup: audit.Name,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tFirehose: {\n\t\t\t\t\t\t\t\t\tDeliveryStream: auditAwsKinesisFirehoseDeliveryStream.Name,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tS3: {\n\t\t\t\t\t\t\t\t\tBucket: auditAwsS3Bucket.Bucket,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Deidentify\"),\n\t\t\t\t\tDataIdentifiers: []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n\t\t\t\t\t},\n\t\t\t\t\tOperation: {\n\t\t\t\t\t\tDeidentify: {\n\t\t\t\t\t\t\tMaskConfig: nil,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogDataProtectionPolicy(ctx, \"example\", \u0026cloudwatch.LogDataProtectionPolicyArgs{\n\t\t\tLogGroupName: pulumi.Any(exampleAwsCloudwatchLogGroup.Name),\n\t\t\tPolicyDocument: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.CloudwatchFunctions;\nimport com.pulumi.aws.cloudwatch.inputs.GetLogDataProtectionPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogDataProtectionPolicy;\nimport com.pulumi.aws.cloudwatch.LogDataProtectionPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = CloudwatchFunctions.getLogDataProtectionPolicyDocument(GetLogDataProtectionPolicyDocumentArgs.builder()\n .name(\"Example\")\n .statements( \n GetLogDataProtectionPolicyDocumentStatementArgs.builder()\n .sid(\"Audit\")\n .dataIdentifiers( \n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\")\n .operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()\n .audit(GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs.builder()\n .findingsDestination(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs.builder()\n .cloudwatchLogs(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs.builder()\n .logGroup(audit.name())\n .build())\n .firehose(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs.builder()\n .deliveryStream(auditAwsKinesisFirehoseDeliveryStream.name())\n .build())\n .s3(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args.builder()\n .bucket(auditAwsS3Bucket.bucket())\n .build())\n .build())\n .build())\n .build())\n .build(),\n GetLogDataProtectionPolicyDocumentStatementArgs.builder()\n .sid(\"Deidentify\")\n .dataIdentifiers( \n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\")\n .operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()\n .deidentify(GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs.builder()\n .maskConfig()\n .build())\n .build())\n .build())\n .build());\n\n var exampleLogDataProtectionPolicy = new LogDataProtectionPolicy(\"exampleLogDataProtectionPolicy\", LogDataProtectionPolicyArgs.builder() \n .logGroupName(exampleAwsCloudwatchLogGroup.name())\n .policyDocument(example.applyValue(getLogDataProtectionPolicyDocumentResult -\u003e getLogDataProtectionPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogDataProtectionPolicy:\n type: aws:cloudwatch:LogDataProtectionPolicy\n name: example\n properties:\n logGroupName: ${exampleAwsCloudwatchLogGroup.name}\n policyDocument: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:cloudwatch:getLogDataProtectionPolicyDocument\n Arguments:\n name: Example\n statements:\n - sid: Audit\n dataIdentifiers:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n - arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\n operation:\n audit:\n findingsDestination:\n cloudwatchLogs:\n logGroup: ${audit.name}\n firehose:\n deliveryStream: ${auditAwsKinesisFirehoseDeliveryStream.name}\n s3:\n bucket: ${auditAwsS3Bucket.bucket}\n - sid: Deidentify\n dataIdentifiers:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n - arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\n operation:\n deidentify:\n maskConfig: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Generates a CloudWatch Log Group Data Protection Policy document in JSON format for use with the `aws.cloudwatch.LogDataProtectionPolicy` resource.\n\n\u003e For more information about data protection policies, see the [Help protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.cloudwatch.getLogDataProtectionPolicyDocument({\n name: \"Example\",\n statements: [\n {\n sid: \"Audit\",\n dataIdentifiers: [\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation: {\n audit: {\n findingsDestination: {\n cloudwatchLogs: {\n logGroup: audit.name,\n },\n firehose: {\n deliveryStream: auditAwsKinesisFirehoseDeliveryStream.name,\n },\n s3: {\n bucket: auditAwsS3Bucket.bucket,\n },\n },\n },\n },\n },\n {\n sid: \"Deidentify\",\n dataIdentifiers: [\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation: {\n deidentify: {\n maskConfig: {},\n },\n },\n },\n ],\n});\nconst exampleLogDataProtectionPolicy = new aws.cloudwatch.LogDataProtectionPolicy(\"example\", {\n logGroupName: exampleAwsCloudwatchLogGroup.name,\n policyDocument: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.get_log_data_protection_policy_document(name=\"Example\",\n statements=[\n aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementArgs(\n sid=\"Audit\",\n data_identifiers=[\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationArgs(\n audit=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs(\n findings_destination=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs(\n cloudwatch_logs=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs(\n log_group=audit[\"name\"],\n ),\n firehose=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs(\n delivery_stream=audit_aws_kinesis_firehose_delivery_stream[\"name\"],\n ),\n s3=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args(\n bucket=audit_aws_s3_bucket[\"bucket\"],\n ),\n ),\n ),\n ),\n ),\n aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementArgs(\n sid=\"Deidentify\",\n data_identifiers=[\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n ],\n operation=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationArgs(\n deidentify=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs(\n mask_config=aws.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfigArgs(),\n ),\n ),\n ),\n ])\nexample_log_data_protection_policy = aws.cloudwatch.LogDataProtectionPolicy(\"example\",\n log_group_name=example_aws_cloudwatch_log_group[\"name\"],\n policy_document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.CloudWatch.GetLogDataProtectionPolicyDocument.Invoke(new()\n {\n Name = \"Example\",\n Statements = new[]\n {\n new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementInputArgs\n {\n Sid = \"Audit\",\n DataIdentifiers = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n },\n Operation = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationInputArgs\n {\n Audit = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditInputArgs\n {\n FindingsDestination = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationInputArgs\n {\n CloudwatchLogs = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsInputArgs\n {\n LogGroup = audit.Name,\n },\n Firehose = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseInputArgs\n {\n DeliveryStream = auditAwsKinesisFirehoseDeliveryStream.Name,\n },\n S3 = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3InputArgs\n {\n Bucket = auditAwsS3Bucket.Bucket,\n },\n },\n },\n },\n },\n new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementInputArgs\n {\n Sid = \"Deidentify\",\n DataIdentifiers = new[]\n {\n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n },\n Operation = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationInputArgs\n {\n Deidentify = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyInputArgs\n {\n MaskConfig = null,\n },\n },\n },\n },\n });\n\n var exampleLogDataProtectionPolicy = new Aws.CloudWatch.LogDataProtectionPolicy(\"example\", new()\n {\n LogGroupName = exampleAwsCloudwatchLogGroup.Name,\n PolicyDocument = example.Apply(getLogDataProtectionPolicyDocumentResult =\u003e getLogDataProtectionPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.GetLogDataProtectionPolicyDocument(ctx, \u0026cloudwatch.GetLogDataProtectionPolicyDocumentArgs{\n\t\t\tName: \"Example\",\n\t\t\tStatements: []cloudwatch.GetLogDataProtectionPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Audit\"),\n\t\t\t\t\tDataIdentifiers: []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n\t\t\t\t\t},\n\t\t\t\t\tOperation: {\n\t\t\t\t\t\tAudit: {\n\t\t\t\t\t\t\tFindingsDestination: {\n\t\t\t\t\t\t\t\tCloudwatchLogs: {\n\t\t\t\t\t\t\t\t\tLogGroup: audit.Name,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tFirehose: {\n\t\t\t\t\t\t\t\t\tDeliveryStream: auditAwsKinesisFirehoseDeliveryStream.Name,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tS3: {\n\t\t\t\t\t\t\t\t\tBucket: auditAwsS3Bucket.Bucket,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tSid: pulumi.StringRef(\"Deidentify\"),\n\t\t\t\t\tDataIdentifiers: []string{\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n\t\t\t\t\t\t\"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\",\n\t\t\t\t\t},\n\t\t\t\t\tOperation: {\n\t\t\t\t\t\tDeidentify: {\n\t\t\t\t\t\t\tMaskConfig: nil,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogDataProtectionPolicy(ctx, \"example\", \u0026cloudwatch.LogDataProtectionPolicyArgs{\n\t\t\tLogGroupName: pulumi.Any(exampleAwsCloudwatchLogGroup.Name),\n\t\t\tPolicyDocument: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.CloudwatchFunctions;\nimport com.pulumi.aws.cloudwatch.inputs.GetLogDataProtectionPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogDataProtectionPolicy;\nimport com.pulumi.aws.cloudwatch.LogDataProtectionPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = CloudwatchFunctions.getLogDataProtectionPolicyDocument(GetLogDataProtectionPolicyDocumentArgs.builder()\n .name(\"Example\")\n .statements( \n GetLogDataProtectionPolicyDocumentStatementArgs.builder()\n .sid(\"Audit\")\n .dataIdentifiers( \n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\")\n .operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()\n .audit(GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs.builder()\n .findingsDestination(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs.builder()\n .cloudwatchLogs(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs.builder()\n .logGroup(audit.name())\n .build())\n .firehose(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs.builder()\n .deliveryStream(auditAwsKinesisFirehoseDeliveryStream.name())\n .build())\n .s3(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args.builder()\n .bucket(auditAwsS3Bucket.bucket())\n .build())\n .build())\n .build())\n .build())\n .build(),\n GetLogDataProtectionPolicyDocumentStatementArgs.builder()\n .sid(\"Deidentify\")\n .dataIdentifiers( \n \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\",\n \"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\")\n .operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()\n .deidentify(GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs.builder()\n .maskConfig()\n .build())\n .build())\n .build())\n .build());\n\n var exampleLogDataProtectionPolicy = new LogDataProtectionPolicy(\"exampleLogDataProtectionPolicy\", LogDataProtectionPolicyArgs.builder() \n .logGroupName(exampleAwsCloudwatchLogGroup.name())\n .policyDocument(example.applyValue(getLogDataProtectionPolicyDocumentResult -\u003e getLogDataProtectionPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogDataProtectionPolicy:\n type: aws:cloudwatch:LogDataProtectionPolicy\n name: example\n properties:\n logGroupName: ${exampleAwsCloudwatchLogGroup.name}\n policyDocument: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:cloudwatch:getLogDataProtectionPolicyDocument\n Arguments:\n name: Example\n statements:\n - sid: Audit\n dataIdentifiers:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n - arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\n operation:\n audit:\n findingsDestination:\n cloudwatchLogs:\n logGroup: ${audit.name}\n firehose:\n deliveryStream: ${auditAwsKinesisFirehoseDeliveryStream.name}\n s3:\n bucket: ${auditAwsS3Bucket.bucket}\n - sid: Deidentify\n dataIdentifiers:\n - arn:aws:dataprotection::aws:data-identifier/EmailAddress\n - arn:aws:dataprotection::aws:data-identifier/DriversLicense-US\n operation:\n deidentify:\n maskConfig: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLogDataProtectionPolicyDocument.\n", "properties": { @@ -353659,7 +353659,7 @@ } }, "aws:cognito/getUserPools:getUserPools": { - "description": "Use this data source to get a list of cognito user pools.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.apigateway.getRestApi({\n name: apiGatewayName,\n});\nconst selectedGetUserPools = aws.cognito.getUserPools({\n name: cognitoUserPoolName,\n});\nconst cognito = new aws.apigateway.Authorizer(\"cognito\", {\n name: \"cognito\",\n type: \"COGNITO_USER_POOLS\",\n restApi: selected.then(selected =\u003e selected.id),\n providerArns: selectedGetUserPools.then(selectedGetUserPools =\u003e selectedGetUserPools.arns),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.apigateway.get_rest_api(name=api_gateway_name)\nselected_get_user_pools = aws.cognito.get_user_pools(name=cognito_user_pool_name)\ncognito = aws.apigateway.Authorizer(\"cognito\",\n name=\"cognito\",\n type=\"COGNITO_USER_POOLS\",\n rest_api=selected.id,\n provider_arns=selected_get_user_pools.arns)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.ApiGateway.GetRestApi.Invoke(new()\n {\n Name = apiGatewayName,\n });\n\n var selectedGetUserPools = Aws.Cognito.GetUserPools.Invoke(new()\n {\n Name = cognitoUserPoolName,\n });\n\n var cognito = new Aws.ApiGateway.Authorizer(\"cognito\", new()\n {\n Name = \"cognito\",\n Type = \"COGNITO_USER_POOLS\",\n RestApi = selected.Apply(getRestApiResult =\u003e getRestApiResult.Id),\n ProviderArns = selectedGetUserPools.Apply(getUserPoolsResult =\u003e getUserPoolsResult.Arns),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := apigateway.LookupRestApi(ctx, \u0026apigateway.LookupRestApiArgs{\n\t\t\tName: apiGatewayName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tselectedGetUserPools, err := cognito.GetUserPools(ctx, \u0026cognito.GetUserPoolsArgs{\n\t\t\tName: cognitoUserPoolName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAuthorizer(ctx, \"cognito\", \u0026apigateway.AuthorizerArgs{\n\t\t\tName: pulumi.String(\"cognito\"),\n\t\t\tType: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tRestApi: *pulumi.String(selected.Id),\n\t\t\tProviderArns: interface{}(selectedGetUserPools.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.ApigatewayFunctions;\nimport com.pulumi.aws.apigateway.inputs.GetRestApiArgs;\nimport com.pulumi.aws.cognito.CognitoFunctions;\nimport com.pulumi.aws.cognito.inputs.GetUserPoolsArgs;\nimport com.pulumi.aws.apigateway.Authorizer;\nimport com.pulumi.aws.apigateway.AuthorizerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = ApigatewayFunctions.getRestApi(GetRestApiArgs.builder()\n .name(apiGatewayName)\n .build());\n\n final var selectedGetUserPools = CognitoFunctions.getUserPools(GetUserPoolsArgs.builder()\n .name(cognitoUserPoolName)\n .build());\n\n var cognito = new Authorizer(\"cognito\", AuthorizerArgs.builder() \n .name(\"cognito\")\n .type(\"COGNITO_USER_POOLS\")\n .restApi(selected.applyValue(getRestApiResult -\u003e getRestApiResult.id()))\n .providerArns(selectedGetUserPools.applyValue(getUserPoolsResult -\u003e getUserPoolsResult.arns()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cognito:\n type: aws:apigateway:Authorizer\n properties:\n name: cognito\n type: COGNITO_USER_POOLS\n restApi: ${selected.id}\n providerArns: ${selectedGetUserPools.arns}\nvariables:\n selected:\n fn::invoke:\n Function: aws:apigateway:getRestApi\n Arguments:\n name: ${apiGatewayName}\n selectedGetUserPools:\n fn::invoke:\n Function: aws:cognito:getUserPools\n Arguments:\n name: ${cognitoUserPoolName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get a list of cognito user pools.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.apigateway.getRestApi({\n name: apiGatewayName,\n});\nconst selectedGetUserPools = aws.cognito.getUserPools({\n name: cognitoUserPoolName,\n});\nconst cognito = new aws.apigateway.Authorizer(\"cognito\", {\n name: \"cognito\",\n type: \"COGNITO_USER_POOLS\",\n restApi: selected.then(selected =\u003e selected.id),\n providerArns: selectedGetUserPools.then(selectedGetUserPools =\u003e selectedGetUserPools.arns),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.apigateway.get_rest_api(name=api_gateway_name)\nselected_get_user_pools = aws.cognito.get_user_pools(name=cognito_user_pool_name)\ncognito = aws.apigateway.Authorizer(\"cognito\",\n name=\"cognito\",\n type=\"COGNITO_USER_POOLS\",\n rest_api=selected.id,\n provider_arns=selected_get_user_pools.arns)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.ApiGateway.GetRestApi.Invoke(new()\n {\n Name = apiGatewayName,\n });\n\n var selectedGetUserPools = Aws.Cognito.GetUserPools.Invoke(new()\n {\n Name = cognitoUserPoolName,\n });\n\n var cognito = new Aws.ApiGateway.Authorizer(\"cognito\", new()\n {\n Name = \"cognito\",\n Type = \"COGNITO_USER_POOLS\",\n RestApi = selected.Apply(getRestApiResult =\u003e getRestApiResult.Id),\n ProviderArns = selectedGetUserPools.Apply(getUserPoolsResult =\u003e getUserPoolsResult.Arns),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := apigateway.LookupRestApi(ctx, \u0026apigateway.LookupRestApiArgs{\n\t\t\tName: apiGatewayName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tselectedGetUserPools, err := cognito.GetUserPools(ctx, \u0026cognito.GetUserPoolsArgs{\n\t\t\tName: cognitoUserPoolName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAuthorizer(ctx, \"cognito\", \u0026apigateway.AuthorizerArgs{\n\t\t\tName: pulumi.String(\"cognito\"),\n\t\t\tType: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tRestApi: pulumi.String(selected.Id),\n\t\t\tProviderArns: interface{}(selectedGetUserPools.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.ApigatewayFunctions;\nimport com.pulumi.aws.apigateway.inputs.GetRestApiArgs;\nimport com.pulumi.aws.cognito.CognitoFunctions;\nimport com.pulumi.aws.cognito.inputs.GetUserPoolsArgs;\nimport com.pulumi.aws.apigateway.Authorizer;\nimport com.pulumi.aws.apigateway.AuthorizerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = ApigatewayFunctions.getRestApi(GetRestApiArgs.builder()\n .name(apiGatewayName)\n .build());\n\n final var selectedGetUserPools = CognitoFunctions.getUserPools(GetUserPoolsArgs.builder()\n .name(cognitoUserPoolName)\n .build());\n\n var cognito = new Authorizer(\"cognito\", AuthorizerArgs.builder() \n .name(\"cognito\")\n .type(\"COGNITO_USER_POOLS\")\n .restApi(selected.applyValue(getRestApiResult -\u003e getRestApiResult.id()))\n .providerArns(selectedGetUserPools.applyValue(getUserPoolsResult -\u003e getUserPoolsResult.arns()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cognito:\n type: aws:apigateway:Authorizer\n properties:\n name: cognito\n type: COGNITO_USER_POOLS\n restApi: ${selected.id}\n providerArns: ${selectedGetUserPools.arns}\nvariables:\n selected:\n fn::invoke:\n Function: aws:apigateway:getRestApi\n Arguments:\n name: ${apiGatewayName}\n selectedGetUserPools:\n fn::invoke:\n Function: aws:cognito:getUserPools\n Arguments:\n name: ${cognitoUserPoolName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUserPools.\n", "properties": { @@ -356707,7 +356707,7 @@ } }, "aws:ebs/getDefaultKmsKey:getDefaultKmsKey": { - "description": "Use this data source to get the default EBS encryption KMS key in the current region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.ebs.getDefaultKmsKey({});\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n encrypted: true,\n kmsKeyId: current.then(current =\u003e current.keyArn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.ebs.get_default_kms_key()\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n encrypted=True,\n kms_key_id=current.key_arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.Ebs.GetDefaultKmsKey.Invoke();\n\n var example = new Aws.Ebs.Volume(\"example\", new()\n {\n AvailabilityZone = \"us-west-2a\",\n Encrypted = true,\n KmsKeyId = current.Apply(getDefaultKmsKeyResult =\u003e getDefaultKmsKeyResult.KeyArn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := ebs.LookupDefaultKmsKey(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ebs.NewVolume(ctx, \"example\", \u0026ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tEncrypted: pulumi.Bool(true),\n\t\t\tKmsKeyId: *pulumi.String(current.KeyArn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ebs.EbsFunctions;\nimport com.pulumi.aws.ebs.Volume;\nimport com.pulumi.aws.ebs.VolumeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = EbsFunctions.getDefaultKmsKey();\n\n var example = new Volume(\"example\", VolumeArgs.builder() \n .availabilityZone(\"us-west-2a\")\n .encrypted(true)\n .kmsKeyId(current.applyValue(getDefaultKmsKeyResult -\u003e getDefaultKmsKeyResult.keyArn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ebs:Volume\n properties:\n availabilityZone: us-west-2a\n encrypted: true\n kmsKeyId: ${current.keyArn}\nvariables:\n current:\n fn::invoke:\n Function: aws:ebs:getDefaultKmsKey\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get the default EBS encryption KMS key in the current region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.ebs.getDefaultKmsKey({});\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n encrypted: true,\n kmsKeyId: current.then(current =\u003e current.keyArn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.ebs.get_default_kms_key()\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n encrypted=True,\n kms_key_id=current.key_arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.Ebs.GetDefaultKmsKey.Invoke();\n\n var example = new Aws.Ebs.Volume(\"example\", new()\n {\n AvailabilityZone = \"us-west-2a\",\n Encrypted = true,\n KmsKeyId = current.Apply(getDefaultKmsKeyResult =\u003e getDefaultKmsKeyResult.KeyArn),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := ebs.LookupDefaultKmsKey(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ebs.NewVolume(ctx, \"example\", \u0026ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tEncrypted: pulumi.Bool(true),\n\t\t\tKmsKeyId: pulumi.String(current.KeyArn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ebs.EbsFunctions;\nimport com.pulumi.aws.ebs.Volume;\nimport com.pulumi.aws.ebs.VolumeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = EbsFunctions.getDefaultKmsKey();\n\n var example = new Volume(\"example\", VolumeArgs.builder() \n .availabilityZone(\"us-west-2a\")\n .encrypted(true)\n .kmsKeyId(current.applyValue(getDefaultKmsKeyResult -\u003e getDefaultKmsKeyResult.keyArn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ebs:Volume\n properties:\n availabilityZone: us-west-2a\n encrypted: true\n kmsKeyId: ${current.keyArn}\nvariables:\n current:\n fn::invoke:\n Function: aws:ebs:getDefaultKmsKey\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getDefaultKmsKey.\n", "properties": { @@ -357640,7 +357640,7 @@ } }, "aws:ec2/getCustomerGateway:getCustomerGateway": { - "description": "Get an existing AWS Customer Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = aws.ec2.getCustomerGateway({\n filters: [{\n name: \"tag:Name\",\n values: [\"foo-prod\"],\n }],\n});\nconst main = new aws.ec2.VpnGateway(\"main\", {\n vpcId: mainAwsVpc.id,\n amazonSideAsn: \"7224\",\n});\nconst transit = new aws.ec2.VpnConnection(\"transit\", {\n vpnGatewayId: main.id,\n customerGatewayId: foo.then(foo =\u003e foo.id),\n type: foo.then(foo =\u003e foo.type),\n staticRoutesOnly: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.get_customer_gateway(filters=[aws.ec2.GetCustomerGatewayFilterArgs(\n name=\"tag:Name\",\n values=[\"foo-prod\"],\n)])\nmain = aws.ec2.VpnGateway(\"main\",\n vpc_id=main_aws_vpc[\"id\"],\n amazon_side_asn=\"7224\")\ntransit = aws.ec2.VpnConnection(\"transit\",\n vpn_gateway_id=main.id,\n customer_gateway_id=foo.id,\n type=foo.type,\n static_routes_only=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Aws.Ec2.GetCustomerGateway.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetCustomerGatewayFilterInputArgs\n {\n Name = \"tag:Name\",\n Values = new[]\n {\n \"foo-prod\",\n },\n },\n },\n });\n\n var main = new Aws.Ec2.VpnGateway(\"main\", new()\n {\n VpcId = mainAwsVpc.Id,\n AmazonSideAsn = \"7224\",\n });\n\n var transit = new Aws.Ec2.VpnConnection(\"transit\", new()\n {\n VpnGatewayId = main.Id,\n CustomerGatewayId = foo.Apply(getCustomerGatewayResult =\u003e getCustomerGatewayResult.Id),\n Type = foo.Apply(getCustomerGatewayResult =\u003e getCustomerGatewayResult.Type),\n StaticRoutesOnly = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.LookupCustomerGateway(ctx, \u0026ec2.LookupCustomerGatewayArgs{\n\t\t\tFilters: []ec2.GetCustomerGatewayFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"foo-prod\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpnGateway(ctx, \"main\", \u0026ec2.VpnGatewayArgs{\n\t\t\tVpcId: pulumi.Any(mainAwsVpc.Id),\n\t\t\tAmazonSideAsn: pulumi.String(\"7224\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpnConnection(ctx, \"transit\", \u0026ec2.VpnConnectionArgs{\n\t\t\tVpnGatewayId: main.ID(),\n\t\t\tCustomerGatewayId: *pulumi.String(foo.Id),\n\t\t\tType: *pulumi.String(foo.Type),\n\t\t\tStaticRoutesOnly: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetCustomerGatewayArgs;\nimport com.pulumi.aws.ec2.VpnGateway;\nimport com.pulumi.aws.ec2.VpnGatewayArgs;\nimport com.pulumi.aws.ec2.VpnConnection;\nimport com.pulumi.aws.ec2.VpnConnectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = Ec2Functions.getCustomerGateway(GetCustomerGatewayArgs.builder()\n .filters(GetCustomerGatewayFilterArgs.builder()\n .name(\"tag:Name\")\n .values(\"foo-prod\")\n .build())\n .build());\n\n var main = new VpnGateway(\"main\", VpnGatewayArgs.builder() \n .vpcId(mainAwsVpc.id())\n .amazonSideAsn(7224)\n .build());\n\n var transit = new VpnConnection(\"transit\", VpnConnectionArgs.builder() \n .vpnGatewayId(main.id())\n .customerGatewayId(foo.applyValue(getCustomerGatewayResult -\u003e getCustomerGatewayResult.id()))\n .type(foo.applyValue(getCustomerGatewayResult -\u003e getCustomerGatewayResult.type()))\n .staticRoutesOnly(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:VpnGateway\n properties:\n vpcId: ${mainAwsVpc.id}\n amazonSideAsn: 7224\n transit:\n type: aws:ec2:VpnConnection\n properties:\n vpnGatewayId: ${main.id}\n customerGatewayId: ${foo.id}\n type: ${foo.type}\n staticRoutesOnly: false\nvariables:\n foo:\n fn::invoke:\n Function: aws:ec2:getCustomerGateway\n Arguments:\n filters:\n - name: tag:Name\n values:\n - foo-prod\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Get an existing AWS Customer Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = aws.ec2.getCustomerGateway({\n filters: [{\n name: \"tag:Name\",\n values: [\"foo-prod\"],\n }],\n});\nconst main = new aws.ec2.VpnGateway(\"main\", {\n vpcId: mainAwsVpc.id,\n amazonSideAsn: \"7224\",\n});\nconst transit = new aws.ec2.VpnConnection(\"transit\", {\n vpnGatewayId: main.id,\n customerGatewayId: foo.then(foo =\u003e foo.id),\n type: foo.then(foo =\u003e foo.type),\n staticRoutesOnly: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.get_customer_gateway(filters=[aws.ec2.GetCustomerGatewayFilterArgs(\n name=\"tag:Name\",\n values=[\"foo-prod\"],\n)])\nmain = aws.ec2.VpnGateway(\"main\",\n vpc_id=main_aws_vpc[\"id\"],\n amazon_side_asn=\"7224\")\ntransit = aws.ec2.VpnConnection(\"transit\",\n vpn_gateway_id=main.id,\n customer_gateway_id=foo.id,\n type=foo.type,\n static_routes_only=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = Aws.Ec2.GetCustomerGateway.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetCustomerGatewayFilterInputArgs\n {\n Name = \"tag:Name\",\n Values = new[]\n {\n \"foo-prod\",\n },\n },\n },\n });\n\n var main = new Aws.Ec2.VpnGateway(\"main\", new()\n {\n VpcId = mainAwsVpc.Id,\n AmazonSideAsn = \"7224\",\n });\n\n var transit = new Aws.Ec2.VpnConnection(\"transit\", new()\n {\n VpnGatewayId = main.Id,\n CustomerGatewayId = foo.Apply(getCustomerGatewayResult =\u003e getCustomerGatewayResult.Id),\n Type = foo.Apply(getCustomerGatewayResult =\u003e getCustomerGatewayResult.Type),\n StaticRoutesOnly = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.LookupCustomerGateway(ctx, \u0026ec2.LookupCustomerGatewayArgs{\n\t\t\tFilters: []ec2.GetCustomerGatewayFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"foo-prod\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpnGateway(ctx, \"main\", \u0026ec2.VpnGatewayArgs{\n\t\t\tVpcId: pulumi.Any(mainAwsVpc.Id),\n\t\t\tAmazonSideAsn: pulumi.String(\"7224\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpnConnection(ctx, \"transit\", \u0026ec2.VpnConnectionArgs{\n\t\t\tVpnGatewayId: main.ID(),\n\t\t\tCustomerGatewayId: pulumi.String(foo.Id),\n\t\t\tType: pulumi.String(foo.Type),\n\t\t\tStaticRoutesOnly: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetCustomerGatewayArgs;\nimport com.pulumi.aws.ec2.VpnGateway;\nimport com.pulumi.aws.ec2.VpnGatewayArgs;\nimport com.pulumi.aws.ec2.VpnConnection;\nimport com.pulumi.aws.ec2.VpnConnectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var foo = Ec2Functions.getCustomerGateway(GetCustomerGatewayArgs.builder()\n .filters(GetCustomerGatewayFilterArgs.builder()\n .name(\"tag:Name\")\n .values(\"foo-prod\")\n .build())\n .build());\n\n var main = new VpnGateway(\"main\", VpnGatewayArgs.builder() \n .vpcId(mainAwsVpc.id())\n .amazonSideAsn(7224)\n .build());\n\n var transit = new VpnConnection(\"transit\", VpnConnectionArgs.builder() \n .vpnGatewayId(main.id())\n .customerGatewayId(foo.applyValue(getCustomerGatewayResult -\u003e getCustomerGatewayResult.id()))\n .type(foo.applyValue(getCustomerGatewayResult -\u003e getCustomerGatewayResult.type()))\n .staticRoutesOnly(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n main:\n type: aws:ec2:VpnGateway\n properties:\n vpcId: ${mainAwsVpc.id}\n amazonSideAsn: 7224\n transit:\n type: aws:ec2:VpnConnection\n properties:\n vpnGatewayId: ${main.id}\n customerGatewayId: ${foo.id}\n type: ${foo.type}\n staticRoutesOnly: false\nvariables:\n foo:\n fn::invoke:\n Function: aws:ec2:getCustomerGateway\n Arguments:\n filters:\n - name: tag:Name\n values:\n - foo-prod\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCustomerGateway.\n", "properties": { @@ -358981,7 +358981,7 @@ } }, "aws:ec2/getIpamPreviewNextCidr:getIpamPreviewNextCidr": { - "description": "Previews a CIDR from an IPAM address pool. Only works for private IPv4.\n\n\u003e **NOTE:** This functionality is also encapsulated in a resource sharing the same name. The data source can be used when you need to use the cidr in a calculation of the same Root module, `count` for example. However, once a cidr range has been allocated that was previewed, the next refresh will find a **new** cidr and may force new resources downstream. Make sure to use `ignore_changes` if this is undesirable.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getIpamPreviewNextCidr({\n ipamPoolId: testAwsVpcIpamPool.id,\n netmaskLength: 28,\n});\nconst testVpcIpamPoolCidrAllocation = new aws.ec2.VpcIpamPoolCidrAllocation(\"test\", {\n ipamPoolId: testAwsVpcIpamPool.id,\n cidr: test.then(test =\u003e test.cidr),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_ipam_preview_next_cidr(ipam_pool_id=test_aws_vpc_ipam_pool[\"id\"],\n netmask_length=28)\ntest_vpc_ipam_pool_cidr_allocation = aws.ec2.VpcIpamPoolCidrAllocation(\"test\",\n ipam_pool_id=test_aws_vpc_ipam_pool[\"id\"],\n cidr=test.cidr)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetIpamPreviewNextCidr.Invoke(new()\n {\n IpamPoolId = testAwsVpcIpamPool.Id,\n NetmaskLength = 28,\n });\n\n var testVpcIpamPoolCidrAllocation = new Aws.Ec2.VpcIpamPoolCidrAllocation(\"test\", new()\n {\n IpamPoolId = testAwsVpcIpamPool.Id,\n Cidr = test.Apply(getIpamPreviewNextCidrResult =\u003e getIpamPreviewNextCidrResult.Cidr),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.GetIpamPreviewNextCidr(ctx, \u0026ec2.GetIpamPreviewNextCidrArgs{\n\t\t\tIpamPoolId: testAwsVpcIpamPool.Id,\n\t\t\tNetmaskLength: pulumi.IntRef(28),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidrAllocation(ctx, \"test\", \u0026ec2.VpcIpamPoolCidrAllocationArgs{\n\t\t\tIpamPoolId: pulumi.Any(testAwsVpcIpamPool.Id),\n\t\t\tCidr: *pulumi.String(test.Cidr),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetIpamPreviewNextCidrArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocation;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getIpamPreviewNextCidr(GetIpamPreviewNextCidrArgs.builder()\n .ipamPoolId(testAwsVpcIpamPool.id())\n .netmaskLength(28)\n .build());\n\n var testVpcIpamPoolCidrAllocation = new VpcIpamPoolCidrAllocation(\"testVpcIpamPoolCidrAllocation\", VpcIpamPoolCidrAllocationArgs.builder() \n .ipamPoolId(testAwsVpcIpamPool.id())\n .cidr(test.applyValue(getIpamPreviewNextCidrResult -\u003e getIpamPreviewNextCidrResult.cidr()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVpcIpamPoolCidrAllocation:\n type: aws:ec2:VpcIpamPoolCidrAllocation\n name: test\n properties:\n ipamPoolId: ${testAwsVpcIpamPool.id}\n cidr: ${test.cidr}\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getIpamPreviewNextCidr\n Arguments:\n ipamPoolId: ${testAwsVpcIpamPool.id}\n netmaskLength: 28\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Previews a CIDR from an IPAM address pool. Only works for private IPv4.\n\n\u003e **NOTE:** This functionality is also encapsulated in a resource sharing the same name. The data source can be used when you need to use the cidr in a calculation of the same Root module, `count` for example. However, once a cidr range has been allocated that was previewed, the next refresh will find a **new** cidr and may force new resources downstream. Make sure to use `ignore_changes` if this is undesirable.\n\n## Example Usage\n\nBasic usage:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getIpamPreviewNextCidr({\n ipamPoolId: testAwsVpcIpamPool.id,\n netmaskLength: 28,\n});\nconst testVpcIpamPoolCidrAllocation = new aws.ec2.VpcIpamPoolCidrAllocation(\"test\", {\n ipamPoolId: testAwsVpcIpamPool.id,\n cidr: test.then(test =\u003e test.cidr),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_ipam_preview_next_cidr(ipam_pool_id=test_aws_vpc_ipam_pool[\"id\"],\n netmask_length=28)\ntest_vpc_ipam_pool_cidr_allocation = aws.ec2.VpcIpamPoolCidrAllocation(\"test\",\n ipam_pool_id=test_aws_vpc_ipam_pool[\"id\"],\n cidr=test.cidr)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetIpamPreviewNextCidr.Invoke(new()\n {\n IpamPoolId = testAwsVpcIpamPool.Id,\n NetmaskLength = 28,\n });\n\n var testVpcIpamPoolCidrAllocation = new Aws.Ec2.VpcIpamPoolCidrAllocation(\"test\", new()\n {\n IpamPoolId = testAwsVpcIpamPool.Id,\n Cidr = test.Apply(getIpamPreviewNextCidrResult =\u003e getIpamPreviewNextCidrResult.Cidr),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.GetIpamPreviewNextCidr(ctx, \u0026ec2.GetIpamPreviewNextCidrArgs{\n\t\t\tIpamPoolId: testAwsVpcIpamPool.Id,\n\t\t\tNetmaskLength: pulumi.IntRef(28),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpamPoolCidrAllocation(ctx, \"test\", \u0026ec2.VpcIpamPoolCidrAllocationArgs{\n\t\t\tIpamPoolId: pulumi.Any(testAwsVpcIpamPool.Id),\n\t\t\tCidr: pulumi.String(test.Cidr),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetIpamPreviewNextCidrArgs;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocation;\nimport com.pulumi.aws.ec2.VpcIpamPoolCidrAllocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getIpamPreviewNextCidr(GetIpamPreviewNextCidrArgs.builder()\n .ipamPoolId(testAwsVpcIpamPool.id())\n .netmaskLength(28)\n .build());\n\n var testVpcIpamPoolCidrAllocation = new VpcIpamPoolCidrAllocation(\"testVpcIpamPoolCidrAllocation\", VpcIpamPoolCidrAllocationArgs.builder() \n .ipamPoolId(testAwsVpcIpamPool.id())\n .cidr(test.applyValue(getIpamPreviewNextCidrResult -\u003e getIpamPreviewNextCidrResult.cidr()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVpcIpamPoolCidrAllocation:\n type: aws:ec2:VpcIpamPoolCidrAllocation\n name: test\n properties:\n ipamPoolId: ${testAwsVpcIpamPool.id}\n cidr: ${test.cidr}\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getIpamPreviewNextCidr\n Arguments:\n ipamPoolId: ${testAwsVpcIpamPool.id}\n netmaskLength: 28\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIpamPreviewNextCidr.\n", "properties": { @@ -361193,7 +361193,7 @@ } }, "aws:ec2/getRouteTable:getRouteTable": { - "description": "`aws.ec2.RouteTable` provides details about a specific Route Table.\n\nThis resource can prove useful when a module accepts a Subnet ID as an input variable and needs to, for example, add a route in the Route Table.\n\n## Example Usage\n\nThe following example shows how one might accept a Route Table ID as a variable and use this data source to obtain the data necessary to create a route.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getRouteTable({\n subnetId: subnetId,\n});\nconst route = new aws.ec2.Route(\"route\", {\n routeTableId: selected.then(selected =\u003e selected.id),\n destinationCidrBlock: \"10.0.1.0/22\",\n vpcPeeringConnectionId: \"pcx-45ff3dc1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_route_table(subnet_id=subnet_id)\nroute = aws.ec2.Route(\"route\",\n route_table_id=selected.id,\n destination_cidr_block=\"10.0.1.0/22\",\n vpc_peering_connection_id=\"pcx-45ff3dc1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var selected = Aws.Ec2.GetRouteTable.Invoke(new()\n {\n SubnetId = subnetId,\n });\n\n var route = new Aws.Ec2.Route(\"route\", new()\n {\n RouteTableId = selected.Apply(getRouteTableResult =\u003e getRouteTableResult.Id),\n DestinationCidrBlock = \"10.0.1.0/22\",\n VpcPeeringConnectionId = \"pcx-45ff3dc1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\tselected, err := ec2.LookupRouteTable(ctx, \u0026ec2.LookupRouteTableArgs{\n\t\t\tSubnetId: pulumi.StringRef(subnetId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewRoute(ctx, \"route\", \u0026ec2.RouteArgs{\n\t\t\tRouteTableId: *pulumi.String(selected.Id),\n\t\t\tDestinationCidrBlock: pulumi.String(\"10.0.1.0/22\"),\n\t\t\tVpcPeeringConnectionId: pulumi.String(\"pcx-45ff3dc1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetRouteTableArgs;\nimport com.pulumi.aws.ec2.Route;\nimport com.pulumi.aws.ec2.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetId = config.get(\"subnetId\");\n final var selected = Ec2Functions.getRouteTable(GetRouteTableArgs.builder()\n .subnetId(subnetId)\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder() \n .routeTableId(selected.applyValue(getRouteTableResult -\u003e getRouteTableResult.id()))\n .destinationCidrBlock(\"10.0.1.0/22\")\n .vpcPeeringConnectionId(\"pcx-45ff3dc1\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n subnetId:\n type: dynamic\nresources:\n route:\n type: aws:ec2:Route\n properties:\n routeTableId: ${selected.id}\n destinationCidrBlock: 10.0.1.0/22\n vpcPeeringConnectionId: pcx-45ff3dc1\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getRouteTable\n Arguments:\n subnetId: ${subnetId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.RouteTable` provides details about a specific Route Table.\n\nThis resource can prove useful when a module accepts a Subnet ID as an input variable and needs to, for example, add a route in the Route Table.\n\n## Example Usage\n\nThe following example shows how one might accept a Route Table ID as a variable and use this data source to obtain the data necessary to create a route.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getRouteTable({\n subnetId: subnetId,\n});\nconst route = new aws.ec2.Route(\"route\", {\n routeTableId: selected.then(selected =\u003e selected.id),\n destinationCidrBlock: \"10.0.1.0/22\",\n vpcPeeringConnectionId: \"pcx-45ff3dc1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_route_table(subnet_id=subnet_id)\nroute = aws.ec2.Route(\"route\",\n route_table_id=selected.id,\n destination_cidr_block=\"10.0.1.0/22\",\n vpc_peering_connection_id=\"pcx-45ff3dc1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var selected = Aws.Ec2.GetRouteTable.Invoke(new()\n {\n SubnetId = subnetId,\n });\n\n var route = new Aws.Ec2.Route(\"route\", new()\n {\n RouteTableId = selected.Apply(getRouteTableResult =\u003e getRouteTableResult.Id),\n DestinationCidrBlock = \"10.0.1.0/22\",\n VpcPeeringConnectionId = \"pcx-45ff3dc1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\tselected, err := ec2.LookupRouteTable(ctx, \u0026ec2.LookupRouteTableArgs{\n\t\t\tSubnetId: pulumi.StringRef(subnetId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewRoute(ctx, \"route\", \u0026ec2.RouteArgs{\n\t\t\tRouteTableId: pulumi.String(selected.Id),\n\t\t\tDestinationCidrBlock: pulumi.String(\"10.0.1.0/22\"),\n\t\t\tVpcPeeringConnectionId: pulumi.String(\"pcx-45ff3dc1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetRouteTableArgs;\nimport com.pulumi.aws.ec2.Route;\nimport com.pulumi.aws.ec2.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetId = config.get(\"subnetId\");\n final var selected = Ec2Functions.getRouteTable(GetRouteTableArgs.builder()\n .subnetId(subnetId)\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder() \n .routeTableId(selected.applyValue(getRouteTableResult -\u003e getRouteTableResult.id()))\n .destinationCidrBlock(\"10.0.1.0/22\")\n .vpcPeeringConnectionId(\"pcx-45ff3dc1\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n subnetId:\n type: dynamic\nresources:\n route:\n type: aws:ec2:Route\n properties:\n routeTableId: ${selected.id}\n destinationCidrBlock: 10.0.1.0/22\n vpcPeeringConnectionId: pcx-45ff3dc1\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getRouteTable\n Arguments:\n subnetId: ${subnetId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRouteTable.\n", "properties": { @@ -361367,7 +361367,7 @@ } }, "aws:ec2/getSecurityGroup:getSecurityGroup": { - "description": "`aws.ec2.SecurityGroup` provides details about a specific Security Group.\n\nThis resource can prove useful when a module accepts a Security Group id as\nan input variable and needs to, for example, determine the id of the\nVPC that the security group belongs to.\n\n## Example Usage\n\nThe following example shows how one might accept a Security Group id as a variable\nand use this data source to obtain the data necessary to create a subnet.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst securityGroupId = config.requireObject(\"securityGroupId\");\nconst selected = aws.ec2.getSecurityGroup({\n id: securityGroupId,\n});\nconst subnet = new aws.ec2.Subnet(\"subnet\", {\n vpcId: selected.then(selected =\u003e selected.vpcId),\n cidrBlock: \"10.0.1.0/24\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsecurity_group_id = config.require_object(\"securityGroupId\")\nselected = aws.ec2.get_security_group(id=security_group_id)\nsubnet = aws.ec2.Subnet(\"subnet\",\n vpc_id=selected.vpc_id,\n cidr_block=\"10.0.1.0/24\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var securityGroupId = config.RequireObject\u003cdynamic\u003e(\"securityGroupId\");\n var selected = Aws.Ec2.GetSecurityGroup.Invoke(new()\n {\n Id = securityGroupId,\n });\n\n var subnet = new Aws.Ec2.Subnet(\"subnet\", new()\n {\n VpcId = selected.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.VpcId),\n CidrBlock = \"10.0.1.0/24\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsecurityGroupId := cfg.RequireObject(\"securityGroupId\")\n\t\tselected, err := ec2.LookupSecurityGroup(ctx, \u0026ec2.LookupSecurityGroupArgs{\n\t\t\tId: pulumi.StringRef(securityGroupId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: *pulumi.String(selected.VpcId),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var securityGroupId = config.get(\"securityGroupId\");\n final var selected = Ec2Functions.getSecurityGroup(GetSecurityGroupArgs.builder()\n .id(securityGroupId)\n .build());\n\n var subnet = new Subnet(\"subnet\", SubnetArgs.builder() \n .vpcId(selected.applyValue(getSecurityGroupResult -\u003e getSecurityGroupResult.vpcId()))\n .cidrBlock(\"10.0.1.0/24\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n securityGroupId:\n type: dynamic\nresources:\n subnet:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${selected.vpcId}\n cidrBlock: 10.0.1.0/24\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getSecurityGroup\n Arguments:\n id: ${securityGroupId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.SecurityGroup` provides details about a specific Security Group.\n\nThis resource can prove useful when a module accepts a Security Group id as\nan input variable and needs to, for example, determine the id of the\nVPC that the security group belongs to.\n\n## Example Usage\n\nThe following example shows how one might accept a Security Group id as a variable\nand use this data source to obtain the data necessary to create a subnet.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst securityGroupId = config.requireObject(\"securityGroupId\");\nconst selected = aws.ec2.getSecurityGroup({\n id: securityGroupId,\n});\nconst subnet = new aws.ec2.Subnet(\"subnet\", {\n vpcId: selected.then(selected =\u003e selected.vpcId),\n cidrBlock: \"10.0.1.0/24\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsecurity_group_id = config.require_object(\"securityGroupId\")\nselected = aws.ec2.get_security_group(id=security_group_id)\nsubnet = aws.ec2.Subnet(\"subnet\",\n vpc_id=selected.vpc_id,\n cidr_block=\"10.0.1.0/24\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var securityGroupId = config.RequireObject\u003cdynamic\u003e(\"securityGroupId\");\n var selected = Aws.Ec2.GetSecurityGroup.Invoke(new()\n {\n Id = securityGroupId,\n });\n\n var subnet = new Aws.Ec2.Subnet(\"subnet\", new()\n {\n VpcId = selected.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.VpcId),\n CidrBlock = \"10.0.1.0/24\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsecurityGroupId := cfg.RequireObject(\"securityGroupId\")\n\t\tselected, err := ec2.LookupSecurityGroup(ctx, \u0026ec2.LookupSecurityGroupArgs{\n\t\t\tId: pulumi.StringRef(securityGroupId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: pulumi.String(selected.VpcId),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var securityGroupId = config.get(\"securityGroupId\");\n final var selected = Ec2Functions.getSecurityGroup(GetSecurityGroupArgs.builder()\n .id(securityGroupId)\n .build());\n\n var subnet = new Subnet(\"subnet\", SubnetArgs.builder() \n .vpcId(selected.applyValue(getSecurityGroupResult -\u003e getSecurityGroupResult.vpcId()))\n .cidrBlock(\"10.0.1.0/24\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n securityGroupId:\n type: dynamic\nresources:\n subnet:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${selected.vpcId}\n cidrBlock: 10.0.1.0/24\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getSecurityGroup\n Arguments:\n id: ${securityGroupId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecurityGroup.\n", "properties": { @@ -361598,7 +361598,7 @@ } }, "aws:ec2/getSubnet:getSubnet": { - "description": "`aws.ec2.Subnet` provides details about a specific VPC subnet.\n\nThis resource can prove useful when a module accepts a subnet ID as an input variable and needs to, for example, determine the ID of the VPC that the subnet belongs to.\n\n## Example Usage\n\nThe following example shows how one might accept a subnet ID as a variable and use this data source to obtain the data necessary to create a security group that allows connections from hosts in that subnet.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getSubnet({\n id: subnetId,\n});\nconst subnet = new aws.ec2.SecurityGroup(\"subnet\", {\n vpcId: selected.then(selected =\u003e selected.vpcId),\n ingress: [{\n cidrBlocks: [selected.then(selected =\u003e selected.cidrBlock)],\n fromPort: 80,\n toPort: 80,\n protocol: \"tcp\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_subnet(id=subnet_id)\nsubnet = aws.ec2.SecurityGroup(\"subnet\",\n vpc_id=selected.vpc_id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n cidr_blocks=[selected.cidr_block],\n from_port=80,\n to_port=80,\n protocol=\"tcp\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var selected = Aws.Ec2.GetSubnet.Invoke(new()\n {\n Id = subnetId,\n });\n\n var subnet = new Aws.Ec2.SecurityGroup(\"subnet\", new()\n {\n VpcId = selected.Apply(getSubnetResult =\u003e getSubnetResult.VpcId),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n CidrBlocks = new[]\n {\n selected.Apply(getSubnetResult =\u003e getSubnetResult.CidrBlock),\n },\n FromPort = 80,\n ToPort = 80,\n Protocol = \"tcp\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\tselected, err := ec2.LookupSubnet(ctx, \u0026ec2.LookupSubnetArgs{\n\t\t\tId: pulumi.StringRef(subnetId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"subnet\", \u0026ec2.SecurityGroupArgs{\n\t\t\tVpcId: *pulumi.String(selected.VpcId),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t\u0026ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\t*pulumi.String(selected.CidrBlock),\n\t\t\t\t\t},\n\t\t\t\t\tFromPort: pulumi.Int(80),\n\t\t\t\t\tToPort: pulumi.Int(80),\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetId = config.get(\"subnetId\");\n final var selected = Ec2Functions.getSubnet(GetSubnetArgs.builder()\n .id(subnetId)\n .build());\n\n var subnet = new SecurityGroup(\"subnet\", SecurityGroupArgs.builder() \n .vpcId(selected.applyValue(getSubnetResult -\u003e getSubnetResult.vpcId()))\n .ingress(SecurityGroupIngressArgs.builder()\n .cidrBlocks(selected.applyValue(getSubnetResult -\u003e getSubnetResult.cidrBlock()))\n .fromPort(80)\n .toPort(80)\n .protocol(\"tcp\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n subnetId:\n type: dynamic\nresources:\n subnet:\n type: aws:ec2:SecurityGroup\n properties:\n vpcId: ${selected.vpcId}\n ingress:\n - cidrBlocks:\n - ${selected.cidrBlock}\n fromPort: 80\n toPort: 80\n protocol: tcp\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getSubnet\n Arguments:\n id: ${subnetId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Filter Example\n\nIf you want to match against tag `Name`, use:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.ec2.getSubnet({\n filters: [{\n name: \"tag:Name\",\n values: [\"yakdriver\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.ec2.get_subnet(filters=[aws.ec2.GetSubnetFilterArgs(\n name=\"tag:Name\",\n values=[\"yakdriver\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.Ec2.GetSubnet.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetFilterInputArgs\n {\n Name = \"tag:Name\",\n Values = new[]\n {\n \"yakdriver\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupSubnet(ctx, \u0026ec2.LookupSubnetArgs{\n\t\t\tFilters: []ec2.GetSubnetFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"yakdriver\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = Ec2Functions.getSubnet(GetSubnetArgs.builder()\n .filters(GetSubnetFilterArgs.builder()\n .name(\"tag:Name\")\n .values(\"yakdriver\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getSubnet\n Arguments:\n filters:\n - name: tag:Name\n values:\n - yakdriver\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.Subnet` provides details about a specific VPC subnet.\n\nThis resource can prove useful when a module accepts a subnet ID as an input variable and needs to, for example, determine the ID of the VPC that the subnet belongs to.\n\n## Example Usage\n\nThe following example shows how one might accept a subnet ID as a variable and use this data source to obtain the data necessary to create a security group that allows connections from hosts in that subnet.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getSubnet({\n id: subnetId,\n});\nconst subnet = new aws.ec2.SecurityGroup(\"subnet\", {\n vpcId: selected.then(selected =\u003e selected.vpcId),\n ingress: [{\n cidrBlocks: [selected.then(selected =\u003e selected.cidrBlock)],\n fromPort: 80,\n toPort: 80,\n protocol: \"tcp\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_subnet(id=subnet_id)\nsubnet = aws.ec2.SecurityGroup(\"subnet\",\n vpc_id=selected.vpc_id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n cidr_blocks=[selected.cidr_block],\n from_port=80,\n to_port=80,\n protocol=\"tcp\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var selected = Aws.Ec2.GetSubnet.Invoke(new()\n {\n Id = subnetId,\n });\n\n var subnet = new Aws.Ec2.SecurityGroup(\"subnet\", new()\n {\n VpcId = selected.Apply(getSubnetResult =\u003e getSubnetResult.VpcId),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n CidrBlocks = new[]\n {\n selected.Apply(getSubnetResult =\u003e getSubnetResult.CidrBlock),\n },\n FromPort = 80,\n ToPort = 80,\n Protocol = \"tcp\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\tselected, err := ec2.LookupSubnet(ctx, \u0026ec2.LookupSubnetArgs{\n\t\t\tId: pulumi.StringRef(subnetId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"subnet\", \u0026ec2.SecurityGroupArgs{\n\t\t\tVpcId: pulumi.String(selected.VpcId),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t\u0026ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(selected.CidrBlock),\n\t\t\t\t\t},\n\t\t\t\t\tFromPort: pulumi.Int(80),\n\t\t\t\t\tToPort: pulumi.Int(80),\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetId = config.get(\"subnetId\");\n final var selected = Ec2Functions.getSubnet(GetSubnetArgs.builder()\n .id(subnetId)\n .build());\n\n var subnet = new SecurityGroup(\"subnet\", SecurityGroupArgs.builder() \n .vpcId(selected.applyValue(getSubnetResult -\u003e getSubnetResult.vpcId()))\n .ingress(SecurityGroupIngressArgs.builder()\n .cidrBlocks(selected.applyValue(getSubnetResult -\u003e getSubnetResult.cidrBlock()))\n .fromPort(80)\n .toPort(80)\n .protocol(\"tcp\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n subnetId:\n type: dynamic\nresources:\n subnet:\n type: aws:ec2:SecurityGroup\n properties:\n vpcId: ${selected.vpcId}\n ingress:\n - cidrBlocks:\n - ${selected.cidrBlock}\n fromPort: 80\n toPort: 80\n protocol: tcp\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getSubnet\n Arguments:\n id: ${subnetId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Filter Example\n\nIf you want to match against tag `Name`, use:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.ec2.getSubnet({\n filters: [{\n name: \"tag:Name\",\n values: [\"yakdriver\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.ec2.get_subnet(filters=[aws.ec2.GetSubnetFilterArgs(\n name=\"tag:Name\",\n values=[\"yakdriver\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.Ec2.GetSubnet.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetFilterInputArgs\n {\n Name = \"tag:Name\",\n Values = new[]\n {\n \"yakdriver\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupSubnet(ctx, \u0026ec2.LookupSubnetArgs{\n\t\t\tFilters: []ec2.GetSubnetFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"yakdriver\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = Ec2Functions.getSubnet(GetSubnetArgs.builder()\n .filters(GetSubnetFilterArgs.builder()\n .name(\"tag:Name\")\n .values(\"yakdriver\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getSubnet\n Arguments:\n filters:\n - name: tag:Name\n values:\n - yakdriver\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubnet.\n", "properties": { @@ -361895,7 +361895,7 @@ } }, "aws:ec2/getVpc:getVpc": { - "description": "`aws.ec2.Vpc` provides details about a specific VPC.\n\nThis resource can prove useful when a module accepts a vpc id as\nan input variable and needs to, for example, determine the CIDR block of that\nVPC.\n\n## Example Usage\n\nThe following example shows how one might accept a VPC id as a variable\nand use this data source to obtain the data necessary to create a subnet\nwithin it.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst config = new pulumi.Config();\nconst vpcId = config.requireObject(\"vpcId\");\nconst selected = aws.ec2.getVpc({\n id: vpcId,\n});\nconst example = new aws.ec2.Subnet(\"example\", {\n vpcId: selected.then(selected =\u003e selected.id),\n availabilityZone: \"us-west-2a\",\n cidrBlock: selected.then(selected =\u003e std.cidrsubnet({\n input: selected.cidrBlock,\n newbits: 4,\n netnum: 1,\n })).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nconfig = pulumi.Config()\nvpc_id = config.require_object(\"vpcId\")\nselected = aws.ec2.get_vpc(id=vpc_id)\nexample = aws.ec2.Subnet(\"example\",\n vpc_id=selected.id,\n availability_zone=\"us-west-2a\",\n cidr_block=std.cidrsubnet(input=selected.cidr_block,\n newbits=4,\n netnum=1).result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpcId = config.RequireObject\u003cdynamic\u003e(\"vpcId\");\n var selected = Aws.Ec2.GetVpc.Invoke(new()\n {\n Id = vpcId,\n });\n\n var example = new Aws.Ec2.Subnet(\"example\", new()\n {\n VpcId = selected.Apply(getVpcResult =\u003e getVpcResult.Id),\n AvailabilityZone = \"us-west-2a\",\n CidrBlock = Std.Cidrsubnet.Invoke(new()\n {\n Input = selected.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n Newbits = 4,\n Netnum = 1,\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tvpcId := cfg.RequireObject(\"vpcId\")\n\t\tselected, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\n\t\t\tId: pulumi.StringRef(vpcId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeCidrsubnet, err := std.Cidrsubnet(ctx, \u0026std.CidrsubnetArgs{\n\t\t\tInput: selected.CidrBlock,\n\t\t\tNewbits: 4,\n\t\t\tNetnum: 1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: *pulumi.String(selected.Id),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tCidrBlock: invokeCidrsubnet.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpcId = config.get(\"vpcId\");\n final var selected = Ec2Functions.getVpc(GetVpcArgs.builder()\n .id(vpcId)\n .build());\n\n var example = new Subnet(\"example\", SubnetArgs.builder() \n .vpcId(selected.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .availabilityZone(\"us-west-2a\")\n .cidrBlock(StdFunctions.cidrsubnet(CidrsubnetArgs.builder()\n .input(selected.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .newbits(4)\n .netnum(1)\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpcId:\n type: dynamic\nresources:\n example:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${selected.id}\n availabilityZone: us-west-2a\n cidrBlock:\n fn::invoke:\n Function: std:cidrsubnet\n Arguments:\n input: ${selected.cidrBlock}\n newbits: 4\n netnum: 1\n Return: result\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n id: ${vpcId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.Vpc` provides details about a specific VPC.\n\nThis resource can prove useful when a module accepts a vpc id as\nan input variable and needs to, for example, determine the CIDR block of that\nVPC.\n\n## Example Usage\n\nThe following example shows how one might accept a VPC id as a variable\nand use this data source to obtain the data necessary to create a subnet\nwithin it.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst config = new pulumi.Config();\nconst vpcId = config.requireObject(\"vpcId\");\nconst selected = aws.ec2.getVpc({\n id: vpcId,\n});\nconst example = new aws.ec2.Subnet(\"example\", {\n vpcId: selected.then(selected =\u003e selected.id),\n availabilityZone: \"us-west-2a\",\n cidrBlock: selected.then(selected =\u003e std.cidrsubnet({\n input: selected.cidrBlock,\n newbits: 4,\n netnum: 1,\n })).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nconfig = pulumi.Config()\nvpc_id = config.require_object(\"vpcId\")\nselected = aws.ec2.get_vpc(id=vpc_id)\nexample = aws.ec2.Subnet(\"example\",\n vpc_id=selected.id,\n availability_zone=\"us-west-2a\",\n cidr_block=std.cidrsubnet(input=selected.cidr_block,\n newbits=4,\n netnum=1).result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpcId = config.RequireObject\u003cdynamic\u003e(\"vpcId\");\n var selected = Aws.Ec2.GetVpc.Invoke(new()\n {\n Id = vpcId,\n });\n\n var example = new Aws.Ec2.Subnet(\"example\", new()\n {\n VpcId = selected.Apply(getVpcResult =\u003e getVpcResult.Id),\n AvailabilityZone = \"us-west-2a\",\n CidrBlock = Std.Cidrsubnet.Invoke(new()\n {\n Input = selected.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n Newbits = 4,\n Netnum = 1,\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tvpcId := cfg.RequireObject(\"vpcId\")\n\t\tselected, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\n\t\t\tId: pulumi.StringRef(vpcId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeCidrsubnet, err := std.Cidrsubnet(ctx, \u0026std.CidrsubnetArgs{\n\t\t\tInput: selected.CidrBlock,\n\t\t\tNewbits: 4,\n\t\t\tNetnum: 1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: pulumi.String(selected.Id),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tCidrBlock: invokeCidrsubnet.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpcId = config.get(\"vpcId\");\n final var selected = Ec2Functions.getVpc(GetVpcArgs.builder()\n .id(vpcId)\n .build());\n\n var example = new Subnet(\"example\", SubnetArgs.builder() \n .vpcId(selected.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .availabilityZone(\"us-west-2a\")\n .cidrBlock(StdFunctions.cidrsubnet(CidrsubnetArgs.builder()\n .input(selected.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .newbits(4)\n .netnum(1)\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpcId:\n type: dynamic\nresources:\n example:\n type: aws:ec2:Subnet\n properties:\n vpcId: ${selected.id}\n availabilityZone: us-west-2a\n cidrBlock:\n fn::invoke:\n Function: std:cidrsubnet\n Arguments:\n input: ${selected.cidrBlock}\n newbits: 4\n netnum: 1\n Return: result\nvariables:\n selected:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n id: ${vpcId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVpc.\n", "properties": { @@ -362136,7 +362136,7 @@ } }, "aws:ec2/getVpcEndpoint:getVpcEndpoint": { - "description": "The VPC Endpoint data source provides details about\na specific VPC endpoint.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst s3 = aws.ec2.getVpcEndpoint({\n vpcId: foo.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\nconst privateS3 = new aws.ec2.VpcEndpointRouteTableAssociation(\"private_s3\", {\n vpcEndpointId: s3.then(s3 =\u003e s3.id),\n routeTableId: _private.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\ns3 = aws.ec2.get_vpc_endpoint(vpc_id=foo[\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\nprivate_s3 = aws.ec2.VpcEndpointRouteTableAssociation(\"private_s3\",\n vpc_endpoint_id=s3.id,\n route_table_id=private[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var s3 = Aws.Ec2.GetVpcEndpoint.Invoke(new()\n {\n VpcId = foo.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n });\n\n var privateS3 = new Aws.Ec2.VpcEndpointRouteTableAssociation(\"private_s3\", new()\n {\n VpcEndpointId = s3.Apply(getVpcEndpointResult =\u003e getVpcEndpointResult.Id),\n RouteTableId = @private.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\ts3, err := ec2.LookupVpcEndpoint(ctx, \u0026ec2.LookupVpcEndpointArgs{\n\t\t\tVpcId: pulumi.StringRef(foo.Id),\n\t\t\tServiceName: pulumi.StringRef(\"com.amazonaws.us-west-2.s3\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointRouteTableAssociation(ctx, \"private_s3\", \u0026ec2.VpcEndpointRouteTableAssociationArgs{\n\t\t\tVpcEndpointId: *pulumi.String(s3.Id),\n\t\t\tRouteTableId: pulumi.Any(private.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointArgs;\nimport com.pulumi.aws.ec2.VpcEndpointRouteTableAssociation;\nimport com.pulumi.aws.ec2.VpcEndpointRouteTableAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3 = Ec2Functions.getVpcEndpoint(GetVpcEndpointArgs.builder()\n .vpcId(foo.id())\n .serviceName(\"com.amazonaws.us-west-2.s3\")\n .build());\n\n var privateS3 = new VpcEndpointRouteTableAssociation(\"privateS3\", VpcEndpointRouteTableAssociationArgs.builder() \n .vpcEndpointId(s3.applyValue(getVpcEndpointResult -\u003e getVpcEndpointResult.id()))\n .routeTableId(private_.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n privateS3:\n type: aws:ec2:VpcEndpointRouteTableAssociation\n name: private_s3\n properties:\n vpcEndpointId: ${s3.id}\n routeTableId: ${private.id}\nvariables:\n # Declare the data source\n s3:\n fn::invoke:\n Function: aws:ec2:getVpcEndpoint\n Arguments:\n vpcId: ${foo.id}\n serviceName: com.amazonaws.us-west-2.s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The VPC Endpoint data source provides details about\na specific VPC endpoint.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst s3 = aws.ec2.getVpcEndpoint({\n vpcId: foo.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\nconst privateS3 = new aws.ec2.VpcEndpointRouteTableAssociation(\"private_s3\", {\n vpcEndpointId: s3.then(s3 =\u003e s3.id),\n routeTableId: _private.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\ns3 = aws.ec2.get_vpc_endpoint(vpc_id=foo[\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\nprivate_s3 = aws.ec2.VpcEndpointRouteTableAssociation(\"private_s3\",\n vpc_endpoint_id=s3.id,\n route_table_id=private[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var s3 = Aws.Ec2.GetVpcEndpoint.Invoke(new()\n {\n VpcId = foo.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n });\n\n var privateS3 = new Aws.Ec2.VpcEndpointRouteTableAssociation(\"private_s3\", new()\n {\n VpcEndpointId = s3.Apply(getVpcEndpointResult =\u003e getVpcEndpointResult.Id),\n RouteTableId = @private.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\ts3, err := ec2.LookupVpcEndpoint(ctx, \u0026ec2.LookupVpcEndpointArgs{\n\t\t\tVpcId: pulumi.StringRef(foo.Id),\n\t\t\tServiceName: pulumi.StringRef(\"com.amazonaws.us-west-2.s3\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointRouteTableAssociation(ctx, \"private_s3\", \u0026ec2.VpcEndpointRouteTableAssociationArgs{\n\t\t\tVpcEndpointId: pulumi.String(s3.Id),\n\t\t\tRouteTableId: pulumi.Any(private.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointArgs;\nimport com.pulumi.aws.ec2.VpcEndpointRouteTableAssociation;\nimport com.pulumi.aws.ec2.VpcEndpointRouteTableAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3 = Ec2Functions.getVpcEndpoint(GetVpcEndpointArgs.builder()\n .vpcId(foo.id())\n .serviceName(\"com.amazonaws.us-west-2.s3\")\n .build());\n\n var privateS3 = new VpcEndpointRouteTableAssociation(\"privateS3\", VpcEndpointRouteTableAssociationArgs.builder() \n .vpcEndpointId(s3.applyValue(getVpcEndpointResult -\u003e getVpcEndpointResult.id()))\n .routeTableId(private_.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n privateS3:\n type: aws:ec2:VpcEndpointRouteTableAssociation\n name: private_s3\n properties:\n vpcEndpointId: ${s3.id}\n routeTableId: ${private.id}\nvariables:\n # Declare the data source\n s3:\n fn::invoke:\n Function: aws:ec2:getVpcEndpoint\n Arguments:\n vpcId: ${foo.id}\n serviceName: com.amazonaws.us-west-2.s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVpcEndpoint.\n", "properties": { @@ -362307,7 +362307,7 @@ } }, "aws:ec2/getVpcEndpointService:getVpcEndpointService": { - "description": "The VPC Endpoint Service data source details about a specific service that\ncan be specified when creating a VPC endpoint within the region configured in the provider.\n\n## Example Usage\n\n### AWS Service\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst s3 = aws.ec2.getVpcEndpointService({\n service: \"s3\",\n serviceType: \"Gateway\",\n});\n// Create a VPC\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\n// Create a VPC endpoint\nconst ep = new aws.ec2.VpcEndpoint(\"ep\", {\n vpcId: foo.id,\n serviceName: s3.then(s3 =\u003e s3.serviceName),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\ns3 = aws.ec2.get_vpc_endpoint_service(service=\"s3\",\n service_type=\"Gateway\")\n# Create a VPC\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\n# Create a VPC endpoint\nep = aws.ec2.VpcEndpoint(\"ep\",\n vpc_id=foo.id,\n service_name=s3.service_name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var s3 = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Service = \"s3\",\n ServiceType = \"Gateway\",\n });\n\n // Create a VPC\n var foo = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n // Create a VPC endpoint\n var ep = new Aws.Ec2.VpcEndpoint(\"ep\", new()\n {\n VpcId = foo.Id,\n ServiceName = s3.Apply(getVpcEndpointServiceResult =\u003e getVpcEndpointServiceResult.ServiceName),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\ts3, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tService: pulumi.StringRef(\"s3\"),\n\t\t\tServiceType: pulumi.StringRef(\"Gateway\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a VPC\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a VPC endpoint\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"ep\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tServiceName: *pulumi.String(s3.ServiceName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3 = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .service(\"s3\")\n .serviceType(\"Gateway\")\n .build());\n\n var foo = new Vpc(\"foo\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var ep = new VpcEndpoint(\"ep\", VpcEndpointArgs.builder() \n .vpcId(foo.id())\n .serviceName(s3.applyValue(getVpcEndpointServiceResult -\u003e getVpcEndpointServiceResult.serviceName()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a VPC\n foo:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n # Create a VPC endpoint\n ep:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${foo.id}\n serviceName: ${s3.serviceName}\nvariables:\n # Declare the data source\n s3:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n service: s3\n serviceType: Gateway\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Non-AWS Service\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custome = aws.ec2.getVpcEndpointService({\n serviceName: \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustome = aws.ec2.get_vpc_endpoint_service(service_name=\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var custome = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n ServiceName = \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tServiceName: pulumi.StringRef(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custome = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .serviceName(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n custome:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n serviceName: com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Filter\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcEndpointService({\n filters: [{\n name: \"service-name\",\n values: [\"some-service\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_endpoint_service(filters=[aws.ec2.GetVpcEndpointServiceFilterArgs(\n name=\"service-name\",\n values=[\"some-service\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcEndpointServiceFilterInputArgs\n {\n Name = \"service-name\",\n Values = new[]\n {\n \"some-service\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tFilters: []ec2.GetVpcEndpointServiceFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"service-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-service\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .filters(GetVpcEndpointServiceFilterArgs.builder()\n .name(\"service-name\")\n .values(\"some-service\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n filters:\n - name: service-name\n values:\n - some-service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The VPC Endpoint Service data source details about a specific service that\ncan be specified when creating a VPC endpoint within the region configured in the provider.\n\n## Example Usage\n\n### AWS Service\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst s3 = aws.ec2.getVpcEndpointService({\n service: \"s3\",\n serviceType: \"Gateway\",\n});\n// Create a VPC\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\n// Create a VPC endpoint\nconst ep = new aws.ec2.VpcEndpoint(\"ep\", {\n vpcId: foo.id,\n serviceName: s3.then(s3 =\u003e s3.serviceName),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\ns3 = aws.ec2.get_vpc_endpoint_service(service=\"s3\",\n service_type=\"Gateway\")\n# Create a VPC\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\n# Create a VPC endpoint\nep = aws.ec2.VpcEndpoint(\"ep\",\n vpc_id=foo.id,\n service_name=s3.service_name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var s3 = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Service = \"s3\",\n ServiceType = \"Gateway\",\n });\n\n // Create a VPC\n var foo = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n // Create a VPC endpoint\n var ep = new Aws.Ec2.VpcEndpoint(\"ep\", new()\n {\n VpcId = foo.Id,\n ServiceName = s3.Apply(getVpcEndpointServiceResult =\u003e getVpcEndpointServiceResult.ServiceName),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\ts3, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tService: pulumi.StringRef(\"s3\"),\n\t\t\tServiceType: pulumi.StringRef(\"Gateway\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a VPC\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a VPC endpoint\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"ep\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tServiceName: pulumi.String(s3.ServiceName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3 = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .service(\"s3\")\n .serviceType(\"Gateway\")\n .build());\n\n var foo = new Vpc(\"foo\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var ep = new VpcEndpoint(\"ep\", VpcEndpointArgs.builder() \n .vpcId(foo.id())\n .serviceName(s3.applyValue(getVpcEndpointServiceResult -\u003e getVpcEndpointServiceResult.serviceName()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a VPC\n foo:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n # Create a VPC endpoint\n ep:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${foo.id}\n serviceName: ${s3.serviceName}\nvariables:\n # Declare the data source\n s3:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n service: s3\n serviceType: Gateway\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Non-AWS Service\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custome = aws.ec2.getVpcEndpointService({\n serviceName: \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustome = aws.ec2.get_vpc_endpoint_service(service_name=\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var custome = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n ServiceName = \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tServiceName: pulumi.StringRef(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custome = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .serviceName(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n custome:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n serviceName: com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Filter\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcEndpointService({\n filters: [{\n name: \"service-name\",\n values: [\"some-service\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_endpoint_service(filters=[aws.ec2.GetVpcEndpointServiceFilterArgs(\n name=\"service-name\",\n values=[\"some-service\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcEndpointServiceFilterInputArgs\n {\n Name = \"service-name\",\n Values = new[]\n {\n \"some-service\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tFilters: []ec2.GetVpcEndpointServiceFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"service-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-service\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .filters(GetVpcEndpointServiceFilterArgs.builder()\n .name(\"service-name\")\n .values(\"some-service\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n filters:\n - name: service-name\n values:\n - some-service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVpcEndpointService.\n", "properties": { @@ -362440,7 +362440,7 @@ }, "aws:ec2/getVpcIamPool:getVpcIamPool": { "deprecationMessage": "aws.ec2/getvpciampool.getVpcIamPool has been deprecated in favor of aws.ec2/getvpcipampool.getVpcIpamPool", - "description": "`aws.ec2.VpcIpamPool` provides details about an IPAM pool.\n\nThis resource can prove useful when an ipam pool was created in another root\nmodule and you need the pool's id as an input variable. For example, pools\ncan be shared via RAM and used to create vpcs with CIDRs from that pool.\n\n## Example Usage\n\nThe following example shows an account that has only 1 pool, perhaps shared\nvia RAM, and using that pool id to create a VPC with a CIDR derived from\nAWS IPAM.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcIpamPool({\n filters: [\n {\n name: \"description\",\n values: [\"*test*\"],\n },\n {\n name: \"address-family\",\n values: [\"ipv4\"],\n },\n ],\n});\nconst testVpc = new aws.ec2.Vpc(\"test\", {\n ipv4IpamPoolId: test.then(test =\u003e test.id),\n ipv4NetmaskLength: 28,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_ipam_pool(filters=[\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"description\",\n values=[\"*test*\"],\n ),\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"address-family\",\n values=[\"ipv4\"],\n ),\n])\ntest_vpc = aws.ec2.Vpc(\"test\",\n ipv4_ipam_pool_id=test.id,\n ipv4_netmask_length=28)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcIpamPool.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"description\",\n Values = new[]\n {\n \"*test*\",\n },\n },\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"address-family\",\n Values = new[]\n {\n \"ipv4\",\n },\n },\n },\n });\n\n var testVpc = new Aws.Ec2.Vpc(\"test\", new()\n {\n Ipv4IpamPoolId = test.Apply(getVpcIpamPoolResult =\u003e getVpcIpamPoolResult.Id),\n Ipv4NetmaskLength = 28,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.LookupVpcIpamPool(ctx, \u0026ec2.LookupVpcIpamPoolArgs{\n\t\t\tFilters: []ec2.GetVpcIpamPoolFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"description\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"*test*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"address-family\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ipv4\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpc(ctx, \"test\", \u0026ec2.VpcArgs{\n\t\t\tIpv4IpamPoolId: *pulumi.String(test.Id),\n\t\t\tIpv4NetmaskLength: pulumi.Int(28),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcIpamPool(GetVpcIpamPoolArgs.builder()\n .filters( \n GetVpcIpamPoolFilterArgs.builder()\n .name(\"description\")\n .values(\"*test*\")\n .build(),\n GetVpcIpamPoolFilterArgs.builder()\n .name(\"address-family\")\n .values(\"ipv4\")\n .build())\n .build());\n\n var testVpc = new Vpc(\"testVpc\", VpcArgs.builder() \n .ipv4IpamPoolId(test.applyValue(getVpcIpamPoolResult -\u003e getVpcIpamPoolResult.id()))\n .ipv4NetmaskLength(28)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVpc:\n type: aws:ec2:Vpc\n name: test\n properties:\n ipv4IpamPoolId: ${test.id}\n ipv4NetmaskLength: 28\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcIpamPool\n Arguments:\n filters:\n - name: description\n values:\n - '*test*'\n - name: address-family\n values:\n - ipv4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.VpcIpamPool` provides details about an IPAM pool.\n\nThis resource can prove useful when an ipam pool was created in another root\nmodule and you need the pool's id as an input variable. For example, pools\ncan be shared via RAM and used to create vpcs with CIDRs from that pool.\n\n## Example Usage\n\nThe following example shows an account that has only 1 pool, perhaps shared\nvia RAM, and using that pool id to create a VPC with a CIDR derived from\nAWS IPAM.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcIpamPool({\n filters: [\n {\n name: \"description\",\n values: [\"*test*\"],\n },\n {\n name: \"address-family\",\n values: [\"ipv4\"],\n },\n ],\n});\nconst testVpc = new aws.ec2.Vpc(\"test\", {\n ipv4IpamPoolId: test.then(test =\u003e test.id),\n ipv4NetmaskLength: 28,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_ipam_pool(filters=[\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"description\",\n values=[\"*test*\"],\n ),\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"address-family\",\n values=[\"ipv4\"],\n ),\n])\ntest_vpc = aws.ec2.Vpc(\"test\",\n ipv4_ipam_pool_id=test.id,\n ipv4_netmask_length=28)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcIpamPool.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"description\",\n Values = new[]\n {\n \"*test*\",\n },\n },\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"address-family\",\n Values = new[]\n {\n \"ipv4\",\n },\n },\n },\n });\n\n var testVpc = new Aws.Ec2.Vpc(\"test\", new()\n {\n Ipv4IpamPoolId = test.Apply(getVpcIpamPoolResult =\u003e getVpcIpamPoolResult.Id),\n Ipv4NetmaskLength = 28,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.LookupVpcIpamPool(ctx, \u0026ec2.LookupVpcIpamPoolArgs{\n\t\t\tFilters: []ec2.GetVpcIpamPoolFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"description\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"*test*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"address-family\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ipv4\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpc(ctx, \"test\", \u0026ec2.VpcArgs{\n\t\t\tIpv4IpamPoolId: pulumi.String(test.Id),\n\t\t\tIpv4NetmaskLength: pulumi.Int(28),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcIpamPool(GetVpcIpamPoolArgs.builder()\n .filters( \n GetVpcIpamPoolFilterArgs.builder()\n .name(\"description\")\n .values(\"*test*\")\n .build(),\n GetVpcIpamPoolFilterArgs.builder()\n .name(\"address-family\")\n .values(\"ipv4\")\n .build())\n .build());\n\n var testVpc = new Vpc(\"testVpc\", VpcArgs.builder() \n .ipv4IpamPoolId(test.applyValue(getVpcIpamPoolResult -\u003e getVpcIpamPoolResult.id()))\n .ipv4NetmaskLength(28)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVpc:\n type: aws:ec2:Vpc\n name: test\n properties:\n ipv4IpamPoolId: ${test.id}\n ipv4NetmaskLength: 28\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcIpamPool\n Arguments:\n filters:\n - name: description\n values:\n - '*test*'\n - name: address-family\n values:\n - ipv4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVpcIamPool.\n", "properties": { @@ -362686,7 +362686,7 @@ } }, "aws:ec2/getVpcIpamPool:getVpcIpamPool": { - "description": "`aws.ec2.VpcIpamPool` provides details about an IPAM pool.\n\nThis resource can prove useful when an ipam pool was created in another root\nmodule and you need the pool's id as an input variable. For example, pools\ncan be shared via RAM and used to create vpcs with CIDRs from that pool.\n\n## Example Usage\n\nThe following example shows an account that has only 1 pool, perhaps shared\nvia RAM, and using that pool id to create a VPC with a CIDR derived from\nAWS IPAM.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcIpamPool({\n filters: [\n {\n name: \"description\",\n values: [\"*test*\"],\n },\n {\n name: \"address-family\",\n values: [\"ipv4\"],\n },\n ],\n});\nconst testVpc = new aws.ec2.Vpc(\"test\", {\n ipv4IpamPoolId: test.then(test =\u003e test.id),\n ipv4NetmaskLength: 28,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_ipam_pool(filters=[\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"description\",\n values=[\"*test*\"],\n ),\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"address-family\",\n values=[\"ipv4\"],\n ),\n])\ntest_vpc = aws.ec2.Vpc(\"test\",\n ipv4_ipam_pool_id=test.id,\n ipv4_netmask_length=28)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcIpamPool.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"description\",\n Values = new[]\n {\n \"*test*\",\n },\n },\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"address-family\",\n Values = new[]\n {\n \"ipv4\",\n },\n },\n },\n });\n\n var testVpc = new Aws.Ec2.Vpc(\"test\", new()\n {\n Ipv4IpamPoolId = test.Apply(getVpcIpamPoolResult =\u003e getVpcIpamPoolResult.Id),\n Ipv4NetmaskLength = 28,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.LookupVpcIpamPool(ctx, \u0026ec2.LookupVpcIpamPoolArgs{\n\t\t\tFilters: []ec2.GetVpcIpamPoolFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"description\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"*test*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"address-family\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ipv4\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpc(ctx, \"test\", \u0026ec2.VpcArgs{\n\t\t\tIpv4IpamPoolId: *pulumi.String(test.Id),\n\t\t\tIpv4NetmaskLength: pulumi.Int(28),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcIpamPool(GetVpcIpamPoolArgs.builder()\n .filters( \n GetVpcIpamPoolFilterArgs.builder()\n .name(\"description\")\n .values(\"*test*\")\n .build(),\n GetVpcIpamPoolFilterArgs.builder()\n .name(\"address-family\")\n .values(\"ipv4\")\n .build())\n .build());\n\n var testVpc = new Vpc(\"testVpc\", VpcArgs.builder() \n .ipv4IpamPoolId(test.applyValue(getVpcIpamPoolResult -\u003e getVpcIpamPoolResult.id()))\n .ipv4NetmaskLength(28)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVpc:\n type: aws:ec2:Vpc\n name: test\n properties:\n ipv4IpamPoolId: ${test.id}\n ipv4NetmaskLength: 28\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcIpamPool\n Arguments:\n filters:\n - name: description\n values:\n - '*test*'\n - name: address-family\n values:\n - ipv4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.VpcIpamPool` provides details about an IPAM pool.\n\nThis resource can prove useful when an ipam pool was created in another root\nmodule and you need the pool's id as an input variable. For example, pools\ncan be shared via RAM and used to create vpcs with CIDRs from that pool.\n\n## Example Usage\n\nThe following example shows an account that has only 1 pool, perhaps shared\nvia RAM, and using that pool id to create a VPC with a CIDR derived from\nAWS IPAM.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcIpamPool({\n filters: [\n {\n name: \"description\",\n values: [\"*test*\"],\n },\n {\n name: \"address-family\",\n values: [\"ipv4\"],\n },\n ],\n});\nconst testVpc = new aws.ec2.Vpc(\"test\", {\n ipv4IpamPoolId: test.then(test =\u003e test.id),\n ipv4NetmaskLength: 28,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_ipam_pool(filters=[\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"description\",\n values=[\"*test*\"],\n ),\n aws.ec2.GetVpcIpamPoolFilterArgs(\n name=\"address-family\",\n values=[\"ipv4\"],\n ),\n])\ntest_vpc = aws.ec2.Vpc(\"test\",\n ipv4_ipam_pool_id=test.id,\n ipv4_netmask_length=28)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcIpamPool.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"description\",\n Values = new[]\n {\n \"*test*\",\n },\n },\n new Aws.Ec2.Inputs.GetVpcIpamPoolFilterInputArgs\n {\n Name = \"address-family\",\n Values = new[]\n {\n \"ipv4\",\n },\n },\n },\n });\n\n var testVpc = new Aws.Ec2.Vpc(\"test\", new()\n {\n Ipv4IpamPoolId = test.Apply(getVpcIpamPoolResult =\u003e getVpcIpamPoolResult.Id),\n Ipv4NetmaskLength = 28,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.LookupVpcIpamPool(ctx, \u0026ec2.LookupVpcIpamPoolArgs{\n\t\t\tFilters: []ec2.GetVpcIpamPoolFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"description\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"*test*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"address-family\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ipv4\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpc(ctx, \"test\", \u0026ec2.VpcArgs{\n\t\t\tIpv4IpamPoolId: pulumi.String(test.Id),\n\t\t\tIpv4NetmaskLength: pulumi.Int(28),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcIpamPoolArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcIpamPool(GetVpcIpamPoolArgs.builder()\n .filters( \n GetVpcIpamPoolFilterArgs.builder()\n .name(\"description\")\n .values(\"*test*\")\n .build(),\n GetVpcIpamPoolFilterArgs.builder()\n .name(\"address-family\")\n .values(\"ipv4\")\n .build())\n .build());\n\n var testVpc = new Vpc(\"testVpc\", VpcArgs.builder() \n .ipv4IpamPoolId(test.applyValue(getVpcIpamPoolResult -\u003e getVpcIpamPoolResult.id()))\n .ipv4NetmaskLength(28)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testVpc:\n type: aws:ec2:Vpc\n name: test\n properties:\n ipv4IpamPoolId: ${test.id}\n ipv4NetmaskLength: 28\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcIpamPool\n Arguments:\n filters:\n - name: description\n values:\n - '*test*'\n - name: address-family\n values:\n - ipv4\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVpcIpamPool.\n", "properties": { @@ -362930,7 +362930,7 @@ } }, "aws:ec2/getVpcPeeringConnection:getVpcPeeringConnection": { - "description": "The VPC Peering Connection data source provides details about\na specific VPC peering connection.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst pc = aws.ec2.getVpcPeeringConnection({\n vpcId: foo.id,\n peerCidrBlock: \"10.0.1.0/22\",\n});\n// Create a route table\nconst rt = new aws.ec2.RouteTable(\"rt\", {vpcId: foo.id});\n// Create a route\nconst r = new aws.ec2.Route(\"r\", {\n routeTableId: rt.id,\n destinationCidrBlock: pc.then(pc =\u003e pc.peerCidrBlock),\n vpcPeeringConnectionId: pc.then(pc =\u003e pc.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\npc = aws.ec2.get_vpc_peering_connection(vpc_id=foo[\"id\"],\n peer_cidr_block=\"10.0.1.0/22\")\n# Create a route table\nrt = aws.ec2.RouteTable(\"rt\", vpc_id=foo[\"id\"])\n# Create a route\nr = aws.ec2.Route(\"r\",\n route_table_id=rt.id,\n destination_cidr_block=pc.peer_cidr_block,\n vpc_peering_connection_id=pc.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var pc = Aws.Ec2.GetVpcPeeringConnection.Invoke(new()\n {\n VpcId = foo.Id,\n PeerCidrBlock = \"10.0.1.0/22\",\n });\n\n // Create a route table\n var rt = new Aws.Ec2.RouteTable(\"rt\", new()\n {\n VpcId = foo.Id,\n });\n\n // Create a route\n var r = new Aws.Ec2.Route(\"r\", new()\n {\n RouteTableId = rt.Id,\n DestinationCidrBlock = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.PeerCidrBlock),\n VpcPeeringConnectionId = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\tpc, err := ec2.LookupVpcPeeringConnection(ctx, \u0026ec2.LookupVpcPeeringConnectionArgs{\n\t\t\tVpcId: pulumi.StringRef(foo.Id),\n\t\t\tPeerCidrBlock: pulumi.StringRef(\"10.0.1.0/22\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a route table\n\t\trt, err := ec2.NewRouteTable(ctx, \"rt\", \u0026ec2.RouteTableArgs{\n\t\t\tVpcId: pulumi.Any(foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a route\n\t\t_, err = ec2.NewRoute(ctx, \"r\", \u0026ec2.RouteArgs{\n\t\t\tRouteTableId: rt.ID(),\n\t\t\tDestinationCidrBlock: *pulumi.String(pc.PeerCidrBlock),\n\t\t\tVpcPeeringConnectionId: *pulumi.String(pc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.RouteTable;\nimport com.pulumi.aws.ec2.RouteTableArgs;\nimport com.pulumi.aws.ec2.Route;\nimport com.pulumi.aws.ec2.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var pc = Ec2Functions.getVpcPeeringConnection(GetVpcPeeringConnectionArgs.builder()\n .vpcId(foo.id())\n .peerCidrBlock(\"10.0.1.0/22\")\n .build());\n\n var rt = new RouteTable(\"rt\", RouteTableArgs.builder() \n .vpcId(foo.id())\n .build());\n\n var r = new Route(\"r\", RouteArgs.builder() \n .routeTableId(rt.id())\n .destinationCidrBlock(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.peerCidrBlock()))\n .vpcPeeringConnectionId(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a route table\n rt:\n type: aws:ec2:RouteTable\n properties:\n vpcId: ${foo.id}\n # Create a route\n r:\n type: aws:ec2:Route\n properties:\n routeTableId: ${rt.id}\n destinationCidrBlock: ${pc.peerCidrBlock}\n vpcPeeringConnectionId: ${pc.id}\nvariables:\n # Declare the data source\n pc:\n fn::invoke:\n Function: aws:ec2:getVpcPeeringConnection\n Arguments:\n vpcId: ${foo.id}\n peerCidrBlock: 10.0.1.0/22\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The VPC Peering Connection data source provides details about\na specific VPC peering connection.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst pc = aws.ec2.getVpcPeeringConnection({\n vpcId: foo.id,\n peerCidrBlock: \"10.0.1.0/22\",\n});\n// Create a route table\nconst rt = new aws.ec2.RouteTable(\"rt\", {vpcId: foo.id});\n// Create a route\nconst r = new aws.ec2.Route(\"r\", {\n routeTableId: rt.id,\n destinationCidrBlock: pc.then(pc =\u003e pc.peerCidrBlock),\n vpcPeeringConnectionId: pc.then(pc =\u003e pc.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\npc = aws.ec2.get_vpc_peering_connection(vpc_id=foo[\"id\"],\n peer_cidr_block=\"10.0.1.0/22\")\n# Create a route table\nrt = aws.ec2.RouteTable(\"rt\", vpc_id=foo[\"id\"])\n# Create a route\nr = aws.ec2.Route(\"r\",\n route_table_id=rt.id,\n destination_cidr_block=pc.peer_cidr_block,\n vpc_peering_connection_id=pc.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var pc = Aws.Ec2.GetVpcPeeringConnection.Invoke(new()\n {\n VpcId = foo.Id,\n PeerCidrBlock = \"10.0.1.0/22\",\n });\n\n // Create a route table\n var rt = new Aws.Ec2.RouteTable(\"rt\", new()\n {\n VpcId = foo.Id,\n });\n\n // Create a route\n var r = new Aws.Ec2.Route(\"r\", new()\n {\n RouteTableId = rt.Id,\n DestinationCidrBlock = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.PeerCidrBlock),\n VpcPeeringConnectionId = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\tpc, err := ec2.LookupVpcPeeringConnection(ctx, \u0026ec2.LookupVpcPeeringConnectionArgs{\n\t\t\tVpcId: pulumi.StringRef(foo.Id),\n\t\t\tPeerCidrBlock: pulumi.StringRef(\"10.0.1.0/22\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a route table\n\t\trt, err := ec2.NewRouteTable(ctx, \"rt\", \u0026ec2.RouteTableArgs{\n\t\t\tVpcId: pulumi.Any(foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a route\n\t\t_, err = ec2.NewRoute(ctx, \"r\", \u0026ec2.RouteArgs{\n\t\t\tRouteTableId: rt.ID(),\n\t\t\tDestinationCidrBlock: pulumi.String(pc.PeerCidrBlock),\n\t\t\tVpcPeeringConnectionId: pulumi.String(pc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.RouteTable;\nimport com.pulumi.aws.ec2.RouteTableArgs;\nimport com.pulumi.aws.ec2.Route;\nimport com.pulumi.aws.ec2.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var pc = Ec2Functions.getVpcPeeringConnection(GetVpcPeeringConnectionArgs.builder()\n .vpcId(foo.id())\n .peerCidrBlock(\"10.0.1.0/22\")\n .build());\n\n var rt = new RouteTable(\"rt\", RouteTableArgs.builder() \n .vpcId(foo.id())\n .build());\n\n var r = new Route(\"r\", RouteArgs.builder() \n .routeTableId(rt.id())\n .destinationCidrBlock(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.peerCidrBlock()))\n .vpcPeeringConnectionId(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a route table\n rt:\n type: aws:ec2:RouteTable\n properties:\n vpcId: ${foo.id}\n # Create a route\n r:\n type: aws:ec2:Route\n properties:\n routeTableId: ${rt.id}\n destinationCidrBlock: ${pc.peerCidrBlock}\n vpcPeeringConnectionId: ${pc.id}\nvariables:\n # Declare the data source\n pc:\n fn::invoke:\n Function: aws:ec2:getVpcPeeringConnection\n Arguments:\n vpcId: ${foo.id}\n peerCidrBlock: 10.0.1.0/22\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getVpcPeeringConnection.\n", "properties": { @@ -366045,7 +366045,7 @@ } }, "aws:eks/getAddonVersion:getAddonVersion": { - "description": "Retrieve information about a specific EKS add-on version compatible with an EKS cluster version.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const default = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n });\n const latest = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n mostRecent: true,\n });\n const vpcCni = new aws.eks.Addon(\"vpc_cni\", {\n clusterName: example.name,\n addonName: \"vpc-cni\",\n addonVersion: latest.version,\n });\n return {\n \"default\": _default.version,\n latest: latest.version,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"])\nlatest = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"],\n most_recent=True)\nvpc_cni = aws.eks.Addon(\"vpc_cni\",\n cluster_name=example[\"name\"],\n addon_name=\"vpc-cni\",\n addon_version=latest.version)\npulumi.export(\"default\", default.version)\npulumi.export(\"latest\", latest.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n });\n\n var latest = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n MostRecent = true,\n });\n\n var vpcCni = new Aws.Eks.Addon(\"vpc_cni\", new()\n {\n ClusterName = example.Name,\n AddonName = \"vpc-cni\",\n AddonVersion = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"default\"] = @default.Apply(@default =\u003e @default.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version)),\n [\"latest\"] = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatest, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewAddon(ctx, \"vpc_cni\", \u0026eks.AddonArgs{\n\t\t\tClusterName: pulumi.Any(example.Name),\n\t\t\tAddonName: pulumi.String(\"vpc-cni\"),\n\t\t\tAddonVersion: *pulumi.String(latest.Version),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"default\", _default.Version)\n\t\tctx.Export(\"latest\", latest.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.EksFunctions;\nimport com.pulumi.aws.eks.inputs.GetAddonVersionArgs;\nimport com.pulumi.aws.eks.Addon;\nimport com.pulumi.aws.eks.AddonArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .build());\n\n final var latest = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .mostRecent(true)\n .build());\n\n var vpcCni = new Addon(\"vpcCni\", AddonArgs.builder() \n .clusterName(example.name())\n .addonName(\"vpc-cni\")\n .addonVersion(latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()))\n .build());\n\n ctx.export(\"default\", default_.version());\n ctx.export(\"latest\", latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()));\n }\n}\n```\n```yaml\nresources:\n vpcCni:\n type: aws:eks:Addon\n name: vpc_cni\n properties:\n clusterName: ${example.name}\n addonName: vpc-cni\n addonVersion: ${latest.version}\nvariables:\n default:\n fn::invoke:\n Function: aws:eks:getAddonVersion\n Arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n latest:\n fn::invoke:\n Function: aws:eks:getAddonVersion\n Arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n mostRecent: true\noutputs:\n default: ${default.version}\n latest: ${latest.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieve information about a specific EKS add-on version compatible with an EKS cluster version.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const default = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n });\n const latest = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n mostRecent: true,\n });\n const vpcCni = new aws.eks.Addon(\"vpc_cni\", {\n clusterName: example.name,\n addonName: \"vpc-cni\",\n addonVersion: latest.version,\n });\n return {\n \"default\": _default.version,\n latest: latest.version,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"])\nlatest = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"],\n most_recent=True)\nvpc_cni = aws.eks.Addon(\"vpc_cni\",\n cluster_name=example[\"name\"],\n addon_name=\"vpc-cni\",\n addon_version=latest.version)\npulumi.export(\"default\", default.version)\npulumi.export(\"latest\", latest.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n });\n\n var latest = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n MostRecent = true,\n });\n\n var vpcCni = new Aws.Eks.Addon(\"vpc_cni\", new()\n {\n ClusterName = example.Name,\n AddonName = \"vpc-cni\",\n AddonVersion = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"default\"] = @default.Apply(@default =\u003e @default.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version)),\n [\"latest\"] = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatest, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewAddon(ctx, \"vpc_cni\", \u0026eks.AddonArgs{\n\t\t\tClusterName: pulumi.Any(example.Name),\n\t\t\tAddonName: pulumi.String(\"vpc-cni\"),\n\t\t\tAddonVersion: pulumi.String(latest.Version),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"default\", _default.Version)\n\t\tctx.Export(\"latest\", latest.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.EksFunctions;\nimport com.pulumi.aws.eks.inputs.GetAddonVersionArgs;\nimport com.pulumi.aws.eks.Addon;\nimport com.pulumi.aws.eks.AddonArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .build());\n\n final var latest = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .mostRecent(true)\n .build());\n\n var vpcCni = new Addon(\"vpcCni\", AddonArgs.builder() \n .clusterName(example.name())\n .addonName(\"vpc-cni\")\n .addonVersion(latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()))\n .build());\n\n ctx.export(\"default\", default_.version());\n ctx.export(\"latest\", latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()));\n }\n}\n```\n```yaml\nresources:\n vpcCni:\n type: aws:eks:Addon\n name: vpc_cni\n properties:\n clusterName: ${example.name}\n addonName: vpc-cni\n addonVersion: ${latest.version}\nvariables:\n default:\n fn::invoke:\n Function: aws:eks:getAddonVersion\n Arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n latest:\n fn::invoke:\n Function: aws:eks:getAddonVersion\n Arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n mostRecent: true\noutputs:\n default: ${default.version}\n latest: ${latest.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAddonVersion.\n", "properties": { @@ -367256,7 +367256,7 @@ } }, "aws:elb/getHostedZoneId:getHostedZoneId": { - "description": "Use this data source to get the HostedZoneId of the AWS Elastic Load Balancing HostedZoneId\nin a given region for the purpose of using in an AWS Route53 Alias.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getHostedZoneId({});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"example.com\",\n type: \"A\",\n aliases: [{\n name: mainAwsElb.dnsName,\n zoneId: main.then(main =\u003e main.id),\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_hosted_zone_id()\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"example.com\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=main_aws_elb[\"dnsName\"],\n zone_id=main.id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.Elb.GetHostedZoneId.Invoke();\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"example.com\",\n Type = \"A\",\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = mainAwsElb.DnsName,\n ZoneId = main.Apply(getHostedZoneIdResult =\u003e getHostedZoneIdResult.Id),\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.GetHostedZoneId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.Any(mainAwsElb.DnsName),\n\t\t\t\t\tZoneId: *pulumi.String(main.Id),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.ElbFunctions;\nimport com.pulumi.aws.elb.inputs.GetHostedZoneIdArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = ElbFunctions.getHostedZoneId();\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"example.com\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(mainAwsElb.dnsName())\n .zoneId(main.applyValue(getHostedZoneIdResult -\u003e getHostedZoneIdResult.id()))\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: example.com\n type: A\n aliases:\n - name: ${mainAwsElb.dnsName}\n zoneId: ${main.id}\n evaluateTargetHealth: true\nvariables:\n main:\n fn::invoke:\n Function: aws:elb:getHostedZoneId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get the HostedZoneId of the AWS Elastic Load Balancing HostedZoneId\nin a given region for the purpose of using in an AWS Route53 Alias.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getHostedZoneId({});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"example.com\",\n type: aws.route53.RecordType.A,\n aliases: [{\n name: mainAwsElb.dnsName,\n zoneId: main.then(main =\u003e main.id),\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_hosted_zone_id()\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"example.com\",\n type=aws.route53.RecordType.A,\n aliases=[aws.route53.RecordAliasArgs(\n name=main_aws_elb[\"dnsName\"],\n zone_id=main.id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.Elb.GetHostedZoneId.Invoke();\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"example.com\",\n Type = Aws.Route53.RecordType.A,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = mainAwsElb.DnsName,\n ZoneId = main.Apply(getHostedZoneIdResult =\u003e getHostedZoneIdResult.Id),\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.GetHostedZoneId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.Any(mainAwsElb.DnsName),\n\t\t\t\t\tZoneId: pulumi.String(main.Id),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.ElbFunctions;\nimport com.pulumi.aws.elb.inputs.GetHostedZoneIdArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = ElbFunctions.getHostedZoneId();\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"example.com\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(mainAwsElb.dnsName())\n .zoneId(main.applyValue(getHostedZoneIdResult -\u003e getHostedZoneIdResult.id()))\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: example.com\n type: A\n aliases:\n - name: ${mainAwsElb.dnsName}\n zoneId: ${main.id}\n evaluateTargetHealth: true\nvariables:\n main:\n fn::invoke:\n Function: aws:elb:getHostedZoneId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getHostedZoneId.\n", "properties": { @@ -369343,7 +369343,7 @@ } }, "aws:iam/getPolicyDocument:getPolicyDocument": { - "description": "Generates an IAM policy document in JSON format for use with resources that expect policy documents such as `aws.iam.Policy`.\n\nUsing this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings in your configuration or to use the `file` interpolation function to read a raw JSON policy document from a file.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n actions: [\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources: [\"arn:aws:s3:::*\"],\n },\n {\n actions: [\"s3:ListBucket\"],\n resources: [`arn:aws:s3:::${s3BucketName}`],\n conditions: [{\n test: \"StringLike\",\n variable: \"s3:prefix\",\n values: [\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n }],\n },\n {\n actions: [\"s3:*\"],\n resources: [\n `arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}`,\n `arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}/*`,\n ],\n },\n ],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"example_policy\",\n path: \"/\",\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n actions=[\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources=[\"arn:aws:s3:::*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListBucket\"],\n resources=[f\"arn:aws:s3:::{s3_bucket_name}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"s3:prefix\",\n values=[\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:*\"],\n resources=[\n f\"arn:aws:s3:::{s3_bucket_name}/home/\u0026{{aws:username}}\",\n f\"arn:aws:s3:::{s3_bucket_name}/home/\u0026{{aws:username}}/*\",\n ],\n ),\n])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"example_policy\",\n path=\"/\",\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Actions = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{s3BucketName}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"s3:prefix\",\n Values = new[]\n {\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{s3BucketName}/home/\u0026{{aws:username}}\",\n $\"arn:aws:s3:::{s3BucketName}/home/\u0026{{aws:username}}/*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"example_policy\",\n Path = \"/\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: pulumi.Array{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: pulumi.StringRef(\"1\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v\", s3BucketName),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringLike\",\n\t\t\t\t\t\t\tVariable: \"s3:prefix\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\t\t\"home/\",\n\t\t\t\t\t\t\t\t\"home/\u0026{aws:username}/\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}\", s3BucketName),\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}/*\", s3BucketName),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"example_policy\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tPolicy: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .actions( \n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\")\n .resources(\"arn:aws:s3:::*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:ListBucket\")\n .resources(String.format(\"arn:aws:s3:::%s\", s3BucketName))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"s3:prefix\")\n .values( \n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:*\")\n .resources( \n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}\", s3BucketName),\n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}/*\", s3BucketName))\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example_policy\")\n .path(\"/\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: example_policy\n path: /\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n actions:\n - s3:ListAllMyBuckets\n - s3:GetBucketLocation\n resources:\n - arn:aws:s3:::*\n - actions:\n - s3:ListBucket\n resources:\n - arn:aws:s3:::${s3BucketName}\n conditions:\n - test: StringLike\n variable: s3:prefix\n values:\n -\n - home/\n - home/\u0026{aws:username}/\n - actions:\n - s3:*\n resources:\n - arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}\n - arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Multiple Condition Keys and Values\n\nYou can specify a [condition with multiple keys and values](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html) by supplying multiple `condition` blocks with the same `test` value, but differing `variable` and `values` values.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleMultipleConditionKeysAndValues = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n resources: [\"*\"],\n conditions: [\n {\n test: \"ForAnyValue:StringEquals\",\n variable: \"kms:EncryptionContext:service\",\n values: [\"pi\"],\n },\n {\n test: \"ForAnyValue:StringEquals\",\n variable: \"kms:EncryptionContext:aws:pi:service\",\n values: [\"rds\"],\n },\n {\n test: \"ForAnyValue:StringEquals\",\n variable: \"kms:EncryptionContext:aws:rds:db-id\",\n values: [\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_multiple_condition_keys_and_values = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n resources=[\"*\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n variable=\"kms:EncryptionContext:service\",\n values=[\"pi\"],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n variable=\"kms:EncryptionContext:aws:pi:service\",\n values=[\"rds\"],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n variable=\"kms:EncryptionContext:aws:rds:db-id\",\n values=[\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleMultipleConditionKeysAndValues = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n },\n Resources = new[]\n {\n \"*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Variable = \"kms:EncryptionContext:service\",\n Values = new[]\n {\n \"pi\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Variable = \"kms:EncryptionContext:aws:pi:service\",\n Values = new[]\n {\n \"rds\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Variable = \"kms:EncryptionContext:aws:rds:db-id\",\n Values = new[]\n {\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\t\t\"kms:GenerateDataKey\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:service\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"pi\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:pi:service\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"rds\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:rds:db-id\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n\t\t\t\t\t\t\t\t\"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleMultipleConditionKeysAndValues = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"kms:Decrypt\",\n \"kms:GenerateDataKey\")\n .resources(\"*\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .variable(\"kms:EncryptionContext:service\")\n .values(\"pi\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .variable(\"kms:EncryptionContext:aws:pi:service\")\n .values(\"rds\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .variable(\"kms:EncryptionContext:aws:rds:db-id\")\n .values( \n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n exampleMultipleConditionKeysAndValues:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - kms:Decrypt\n - kms:GenerateDataKey\n resources:\n - '*'\n conditions:\n - test: ForAnyValue:StringEquals\n variable: kms:EncryptionContext:service\n values:\n - pi\n - test: ForAnyValue:StringEquals\n variable: kms:EncryptionContext:aws:pi:service\n values:\n - rds\n - test: ForAnyValue:StringEquals\n variable: kms:EncryptionContext:aws:rds:db-id\n values:\n - db-AAAAABBBBBCCCCCDDDDDEEEEE\n - db-EEEEEDDDDDCCCCCBBBBBAAAAA\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.example_multiple_condition_keys_and_values.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:GenerateDataKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"ForAnyValue:StringEquals\": {\n \"kms:EncryptionContext:aws:pi:service\": \"rds\",\n \"kms:EncryptionContext:aws:rds:db-id\": [\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\"\n ],\n \"kms:EncryptionContext:service\": \"pi\"\n }\n }\n }\n ]\n}\n```\n\n### Example Assume-Role Policy with Multiple Principals\n\nYou can specify multiple principal blocks with different types. You can also use this data source to generate an assume-role policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst eventStreamBucketRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [\n {\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n },\n {\n type: \"AWS\",\n identifiers: [trustedRoleArn],\n },\n {\n type: \"Federated\",\n identifiers: [\n `arn:aws:iam::${accountId}:saml-provider/${providerName}`,\n \"cognito-identity.amazonaws.com\",\n ],\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nevent_stream_bucket_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[trusted_role_arn],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Federated\",\n identifiers=[\n f\"arn:aws:iam::{account_id}:saml-provider/{provider_name}\",\n \"cognito-identity.amazonaws.com\",\n ],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventStreamBucketRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n trustedRoleArn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Federated\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{accountId}:saml-provider/{providerName}\",\n \"cognito-identity.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"firehose.amazonaws.com\",\n},\n},\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ntrustedRoleArn,\n},\n},\n{\nType: \"Federated\",\nIdentifiers: []string{\nfmt.Sprintf(\"arn:aws:iam::%v:saml-provider/%v\", accountId, providerName),\n\"cognito-identity.amazonaws.com\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var eventStreamBucketRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals( \n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(trustedRoleArn)\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Federated\")\n .identifiers( \n String.format(\"arn:aws:iam::%s:saml-provider/%s\", accountId,providerName),\n \"cognito-identity.amazonaws.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n eventStreamBucketRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n - type: AWS\n identifiers:\n - ${trustedRoleArn}\n - type: Federated\n identifiers:\n - arn:aws:iam::${accountId}:saml-provider/${providerName}\n - cognito-identity.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Using A Source Document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceDocumentExample = source.then(source =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_document_example = aws.iam.get_policy_document(source_policy_documents=[source.json],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n sourceDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.source_document_example.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SidToOverride\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": [\n \"arn:aws:s3:::somebucket/*\",\n \"arn:aws:s3:::somebucket\"\n ]\n }\n ]\n}\n```\n\n### Example Using An Override Document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst overridePolicyDocumentExample = override.then(override =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [override.json],\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\noverride_policy_document_example = aws.iam.get_policy_document(override_policy_documents=[override.json],\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var overridePolicyDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var overridePolicyDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n overridePolicyDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${override.json}\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.override_policy_document_example.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SidToOverride\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n### Example with Both Source and Override Documents\n\nYou can also combine `source_policy_documents` and `override_policy_documents` in the same document.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"s3:GetObject\"],\n resources: [\"*\"],\n }],\n});\nconst politik = Promise.all([source, override]).then(([source, override]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n overridePolicyDocuments: [override.json],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"s3:GetObject\"],\n resources=[\"*\"],\n)])\npolitik = aws.iam.get_policy_document(source_policy_documents=[source.json],\n override_policy_documents=[override.json])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var politik = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"ec2:DescribeAccountAttributes\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"s3:GetObject\")\n .resources(\"*\")\n .build())\n .build());\n\n final var politik = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - s3:GetObject\n resources:\n - '*'\n politik:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n overridePolicyDocuments:\n - ${override.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.politik.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"OverridePlaceholder\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n### Example of Merging Source Documents\n\nMultiple documents can be combined using the `source_policy_documents` or `override_policy_documents` attributes. `source_policy_documents` requires that all documents have unique Sids, while `override_policy_documents` will iteratively override matching Sids.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sourceOne = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"UniqueSidOne\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"UniqueSidTwo\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n {\n actions: [\"lambda:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst combined = Promise.all([sourceOne, sourceTwo]).then(([sourceOne, sourceTwo]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [\n sourceOne.json,\n sourceTwo.json,\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource_one = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidOne\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidTwo\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"lambda:*\"],\n resources=[\"*\"],\n ),\n])\ncombined = aws.iam.get_policy_document(source_policy_documents=[\n source_one.json,\n source_two.json,\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sourceOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidOne\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidTwo\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"lambda:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n sourceOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n sourceTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsourceOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"UniqueSidOne\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsourceTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: pulumi.Array{\niam.GetPolicyDocumentStatement{\nSid: pulumi.StringRef(\"UniqueSidTwo\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\niam.GetPolicyDocumentStatement{\nActions: []string{\n\"lambda:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsourceOne.Json,\nsourceTwo.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sourceOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidOne\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidTwo\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"lambda:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments( \n sourceOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n sourceTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sourceOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: UniqueSidOne\n actions:\n - s3:*\n resources:\n - '*'\n sourceTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: UniqueSidTwo\n actions:\n - iam:*\n resources:\n - '*'\n - actions:\n - lambda:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${sourceOne.json}\n - ${sourceTwo.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"UniqueSidOne\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"UniqueSidTwo\",\n \"Effect\": \"Allow\",\n \"Action\": \"iam:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"lambda:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n### Example of Merging Override Documents\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst policyTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Allow\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst policyThree = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Deny\",\n actions: [\"logs:*\"],\n resources: [\"*\"],\n }],\n});\nconst combined = Promise.all([policyOne, policyTwo, policyThree]).then(([policyOne, policyTwo, policyThree]) =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [\n policyOne.json,\n policyTwo.json,\n policyThree.json,\n ],\n statements: [{\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Deny\",\n actions: [\"*\"],\n resources: [\"*\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\npolicy_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Allow\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n])\npolicy_three = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Deny\",\n actions=[\"logs:*\"],\n resources=[\"*\"],\n)])\ncombined = aws.iam.get_policy_document(override_policy_documents=[\n policy_one.json,\n policy_two.json,\n policy_three.json,\n ],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Deny\",\n actions=[\"*\"],\n resources=[\"*\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyThree = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"logs:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n policyOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyThree.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\npolicyOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyThree, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"logs:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\npolicyOne.Json,\npolicyTwo.Json,\npolicyThree.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policyOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Allow\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyThree = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Deny\")\n .actions(\"logs:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments( \n policyOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyThree.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Deny\")\n .actions(\"*\")\n .resources(\"*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policyOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n policyTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:*\n resources:\n - '*'\n - sid: OverridePlaceHolderTwo\n effect: Allow\n actions:\n - iam:*\n resources:\n - '*'\n policyThree:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Deny\n actions:\n - logs:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${policyOne.json}\n - ${policyTwo.json}\n - ${policyThree.json}\n statements:\n - sid: OverridePlaceHolderTwo\n effect: Deny\n actions:\n - '*'\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"OverridePlaceholderTwo\",\n \"Effect\": \"Allow\",\n \"Action\": \"iam:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"OverridePlaceholderOne\",\n \"Effect\": \"Deny\",\n \"Action\": \"logs:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n ]\n}\n```\n", + "description": "Generates an IAM policy document in JSON format for use with resources that expect policy documents such as `aws.iam.Policy`.\n\nUsing this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings in your configuration or to use the `file` interpolation function to read a raw JSON policy document from a file.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n actions: [\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources: [\"arn:aws:s3:::*\"],\n },\n {\n actions: [\"s3:ListBucket\"],\n resources: [`arn:aws:s3:::${s3BucketName}`],\n conditions: [{\n test: \"StringLike\",\n variable: \"s3:prefix\",\n values: [\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n }],\n },\n {\n actions: [\"s3:*\"],\n resources: [\n `arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}`,\n `arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}/*`,\n ],\n },\n ],\n});\nconst examplePolicy = new aws.iam.Policy(\"example\", {\n name: \"example_policy\",\n path: \"/\",\n policy: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n actions=[\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources=[\"arn:aws:s3:::*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListBucket\"],\n resources=[f\"arn:aws:s3:::{s3_bucket_name}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"s3:prefix\",\n values=[\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n ],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:*\"],\n resources=[\n f\"arn:aws:s3:::{s3_bucket_name}/home/\u0026{{aws:username}}\",\n f\"arn:aws:s3:::{s3_bucket_name}/home/\u0026{{aws:username}}/*\",\n ],\n ),\n])\nexample_policy = aws.iam.Policy(\"example\",\n name=\"example_policy\",\n path=\"/\",\n policy=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"1\",\n Actions = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{s3BucketName}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"s3:prefix\",\n Values = new[]\n {\n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:s3:::{s3BucketName}/home/\u0026{{aws:username}}\",\n $\"arn:aws:s3:::{s3BucketName}/home/\u0026{{aws:username}}/*\",\n },\n },\n },\n });\n\n var examplePolicy = new Aws.Iam.Policy(\"example\", new()\n {\n Name = \"example_policy\",\n Path = \"/\",\n PolicyDocument = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: pulumi.Array{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: pulumi.StringRef(\"1\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v\", s3BucketName),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"StringLike\",\n\t\t\t\t\t\t\tVariable: \"s3:prefix\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\t\t\"home/\",\n\t\t\t\t\t\t\t\t\"home/\u0026{aws:username}/\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}\", s3BucketName),\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:s3:::%v/home/\u0026{aws:username}/*\", s3BucketName),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicy(ctx, \"example\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"example_policy\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tPolicy: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"1\")\n .actions( \n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\")\n .resources(\"arn:aws:s3:::*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:ListBucket\")\n .resources(String.format(\"arn:aws:s3:::%s\", s3BucketName))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"s3:prefix\")\n .values( \n \"\",\n \"home/\",\n \"home/\u0026{aws:username}/\")\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:*\")\n .resources( \n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}\", s3BucketName),\n String.format(\"arn:aws:s3:::%s/home/\u0026{{aws:username}}/*\", s3BucketName))\n .build())\n .build());\n\n var examplePolicy = new Policy(\"examplePolicy\", PolicyArgs.builder() \n .name(\"example_policy\")\n .path(\"/\")\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n examplePolicy:\n type: aws:iam:Policy\n name: example\n properties:\n name: example_policy\n path: /\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: '1'\n actions:\n - s3:ListAllMyBuckets\n - s3:GetBucketLocation\n resources:\n - arn:aws:s3:::*\n - actions:\n - s3:ListBucket\n resources:\n - arn:aws:s3:::${s3BucketName}\n conditions:\n - test: StringLike\n variable: s3:prefix\n values:\n -\n - home/\n - home/\u0026{aws:username}/\n - actions:\n - s3:*\n resources:\n - arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}\n - arn:aws:s3:::${s3BucketName}/home/\u0026{aws:username}/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Multiple Condition Keys and Values\n\nYou can specify a [condition with multiple keys and values](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html) by supplying multiple `condition` blocks with the same `test` value, but differing `variable` and `values` values.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleMultipleConditionKeysAndValues = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n resources: [\"*\"],\n conditions: [\n {\n test: \"ForAnyValue:StringEquals\",\n variable: \"kms:EncryptionContext:service\",\n values: [\"pi\"],\n },\n {\n test: \"ForAnyValue:StringEquals\",\n variable: \"kms:EncryptionContext:aws:pi:service\",\n values: [\"rds\"],\n },\n {\n test: \"ForAnyValue:StringEquals\",\n variable: \"kms:EncryptionContext:aws:rds:db-id\",\n values: [\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_multiple_condition_keys_and_values = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n ],\n resources=[\"*\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n variable=\"kms:EncryptionContext:service\",\n values=[\"pi\"],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n variable=\"kms:EncryptionContext:aws:pi:service\",\n values=[\"rds\"],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringEquals\",\n variable=\"kms:EncryptionContext:aws:rds:db-id\",\n values=[\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n ],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleMultipleConditionKeysAndValues = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"kms:Decrypt\",\n \"kms:GenerateDataKey\",\n },\n Resources = new[]\n {\n \"*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Variable = \"kms:EncryptionContext:service\",\n Values = new[]\n {\n \"pi\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Variable = \"kms:EncryptionContext:aws:pi:service\",\n Values = new[]\n {\n \"rds\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringEquals\",\n Variable = \"kms:EncryptionContext:aws:rds:db-id\",\n Values = new[]\n {\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\t\t\"kms:GenerateDataKey\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:service\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"pi\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:pi:service\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"rds\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"ForAnyValue:StringEquals\",\n\t\t\t\t\t\t\tVariable: \"kms:EncryptionContext:aws:rds:db-id\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n\t\t\t\t\t\t\t\t\"db-EEEEEDDDDDCCCCCBBBBBAAAAA\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleMultipleConditionKeysAndValues = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"kms:Decrypt\",\n \"kms:GenerateDataKey\")\n .resources(\"*\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .variable(\"kms:EncryptionContext:service\")\n .values(\"pi\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .variable(\"kms:EncryptionContext:aws:pi:service\")\n .values(\"rds\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringEquals\")\n .variable(\"kms:EncryptionContext:aws:rds:db-id\")\n .values( \n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n exampleMultipleConditionKeysAndValues:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - kms:Decrypt\n - kms:GenerateDataKey\n resources:\n - '*'\n conditions:\n - test: ForAnyValue:StringEquals\n variable: kms:EncryptionContext:service\n values:\n - pi\n - test: ForAnyValue:StringEquals\n variable: kms:EncryptionContext:aws:pi:service\n values:\n - rds\n - test: ForAnyValue:StringEquals\n variable: kms:EncryptionContext:aws:rds:db-id\n values:\n - db-AAAAABBBBBCCCCCDDDDDEEEEE\n - db-EEEEEDDDDDCCCCCBBBBBAAAAA\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.example_multiple_condition_keys_and_values.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:GenerateDataKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"ForAnyValue:StringEquals\": {\n \"kms:EncryptionContext:aws:pi:service\": \"rds\",\n \"kms:EncryptionContext:aws:rds:db-id\": [\n \"db-AAAAABBBBBCCCCCDDDDDEEEEE\",\n \"db-EEEEEDDDDDCCCCCBBBBBAAAAA\"\n ],\n \"kms:EncryptionContext:service\": \"pi\"\n }\n }\n }\n ]\n}\n```\n\n### Example Assume-Role Policy with Multiple Principals\n\nYou can specify multiple principal blocks with different types. You can also use this data source to generate an assume-role policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst eventStreamBucketRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [\n {\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n },\n {\n type: \"AWS\",\n identifiers: [trustedRoleArn],\n },\n {\n type: \"Federated\",\n identifiers: [\n `arn:aws:iam::${accountId}:saml-provider/${providerName}`,\n \"cognito-identity.amazonaws.com\",\n ],\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nevent_stream_bucket_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"firehose.amazonaws.com\"],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[trusted_role_arn],\n ),\n aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Federated\",\n identifiers=[\n f\"arn:aws:iam::{account_id}:saml-provider/{provider_name}\",\n \"cognito-identity.amazonaws.com\",\n ],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var eventStreamBucketRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n trustedRoleArn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Federated\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{accountId}:saml-provider/{providerName}\",\n \"cognito-identity.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n_, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"sts:AssumeRole\",\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"Service\",\nIdentifiers: []string{\n\"firehose.amazonaws.com\",\n},\n},\n{\nType: \"AWS\",\nIdentifiers: interface{}{\ntrustedRoleArn,\n},\n},\n{\nType: \"Federated\",\nIdentifiers: []string{\nfmt.Sprintf(\"arn:aws:iam::%v:saml-provider/%v\", accountId, providerName),\n\"cognito-identity.amazonaws.com\",\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var eventStreamBucketRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals( \n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(trustedRoleArn)\n .build(),\n GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Federated\")\n .identifiers( \n String.format(\"arn:aws:iam::%s:saml-provider/%s\", accountId,providerName),\n \"cognito-identity.amazonaws.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n eventStreamBucketRoleAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n - type: AWS\n identifiers:\n - ${trustedRoleArn}\n - type: Federated\n identifiers:\n - arn:aws:iam::${accountId}:saml-provider/${providerName}\n - cognito-identity.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Using A Source Document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceDocumentExample = source.then(source =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_document_example = aws.iam.get_policy_document(source_policy_documents=[source.json],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n sourceDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.source_document_example.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SidToOverride\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": [\n \"arn:aws:s3:::somebucket/*\",\n \"arn:aws:s3:::somebucket\"\n ]\n }\n ]\n}\n```\n\n### Example Using An Override Document\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst overridePolicyDocumentExample = override.then(override =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [override.json],\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\noverride_policy_document_example = aws.iam.get_policy_document(override_policy_documents=[override.json],\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var overridePolicyDocumentExample = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"SidToOverride\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"SidToOverride\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"arn:aws:s3:::somebucket\",\n\"arn:aws:s3:::somebucket/*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var overridePolicyDocumentExample = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"SidToOverride\")\n .actions(\"s3:*\")\n .resources( \n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - '*'\n overridePolicyDocumentExample:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${override.json}\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: SidToOverride\n actions:\n - s3:*\n resources:\n - arn:aws:s3:::somebucket\n - arn:aws:s3:::somebucket/*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.override_policy_document_example.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"SidToOverride\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n### Example with Both Source and Override Documents\n\nYou can also combine `source_policy_documents` and `override_policy_documents` in the same document.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"s3:GetObject\"],\n resources: [\"*\"],\n }],\n});\nconst politik = Promise.all([source, override]).then(([source, override]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [source.json],\n overridePolicyDocuments: [override.json],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"s3:GetObject\"],\n resources=[\"*\"],\n)])\npolitik = aws.iam.get_policy_document(source_policy_documents=[source.json],\n override_policy_documents=[override.json])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var source = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var @override = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var politik = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n source.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n OverridePolicyDocuments = new[]\n {\n @override.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsource, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"ec2:DescribeAccountAttributes\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\noverride, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceholder\"),\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsource.Json,\n},\nOverridePolicyDocuments: interface{}{\noverride.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var source = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n final var override = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceholder\")\n .actions(\"s3:GetObject\")\n .resources(\"*\")\n .build())\n .build());\n\n final var politik = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments(source.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .overridePolicyDocuments(override.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n source:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n override:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceholder\n actions:\n - s3:GetObject\n resources:\n - '*'\n politik:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${source.json}\n overridePolicyDocuments:\n - ${override.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.politik.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"OverridePlaceholder\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n### Example of Merging Source Documents\n\nMultiple documents can be combined using the `source_policy_documents` or `override_policy_documents` attributes. `source_policy_documents` requires that all documents have unique Sids, while `override_policy_documents` will iteratively override matching Sids.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sourceOne = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"UniqueSidOne\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"UniqueSidTwo\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n {\n actions: [\"lambda:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst combined = Promise.all([sourceOne, sourceTwo]).then(([sourceOne, sourceTwo]) =\u003e aws.iam.getPolicyDocument({\n sourcePolicyDocuments: [\n sourceOne.json,\n sourceTwo.json,\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource_one = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidOne\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"UniqueSidTwo\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"lambda:*\"],\n resources=[\"*\"],\n ),\n])\ncombined = aws.iam.get_policy_document(source_policy_documents=[\n source_one.json,\n source_two.json,\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sourceOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidOne\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var sourceTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"UniqueSidTwo\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"lambda:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n SourcePolicyDocuments = new[]\n {\n sourceOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n sourceTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nsourceOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"UniqueSidOne\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsourceTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: pulumi.Array{\niam.GetPolicyDocumentStatement{\nSid: pulumi.StringRef(\"UniqueSidTwo\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\niam.GetPolicyDocumentStatement{\nActions: []string{\n\"lambda:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nSourcePolicyDocuments: interface{}{\nsourceOne.Json,\nsourceTwo.Json,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sourceOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidOne\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var sourceTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"UniqueSidTwo\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"lambda:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .sourcePolicyDocuments( \n sourceOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n sourceTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sourceOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:*\n resources:\n - '*'\n - sid: UniqueSidOne\n actions:\n - s3:*\n resources:\n - '*'\n sourceTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: UniqueSidTwo\n actions:\n - iam:*\n resources:\n - '*'\n - actions:\n - lambda:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n sourcePolicyDocuments:\n - ${sourceOne.json}\n - ${sourceTwo.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"UniqueSidOne\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"UniqueSidTwo\",\n \"Effect\": \"Allow\",\n \"Action\": \"iam:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"lambda:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n### Example of Merging Override Documents\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Allow\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst policyTwo = aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Allow\",\n actions: [\"iam:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst policyThree = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceHolderOne\",\n effect: \"Deny\",\n actions: [\"logs:*\"],\n resources: [\"*\"],\n }],\n});\nconst combined = Promise.all([policyOne, policyTwo, policyThree]).then(([policyOne, policyTwo, policyThree]) =\u003e aws.iam.getPolicyDocument({\n overridePolicyDocuments: [\n policyOne.json,\n policyTwo.json,\n policyThree.json,\n ],\n statements: [{\n sid: \"OverridePlaceHolderTwo\",\n effect: \"Deny\",\n actions: [\"*\"],\n resources: [\"*\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Allow\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\npolicy_two = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Allow\",\n actions=[\"iam:*\"],\n resources=[\"*\"],\n ),\n])\npolicy_three = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderOne\",\n effect=\"Deny\",\n actions=[\"logs:*\"],\n resources=[\"*\"],\n)])\ncombined = aws.iam.get_policy_document(override_policy_documents=[\n policy_one.json,\n policy_two.json,\n policy_three.json,\n ],\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceHolderTwo\",\n effect=\"Deny\",\n actions=[\"*\"],\n resources=[\"*\"],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyTwo = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Allow\",\n Actions = new[]\n {\n \"iam:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var policyThree = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderOne\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"logs:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var combined = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n OverridePolicyDocuments = new[]\n {\n policyOne.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyTwo.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n policyThree.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"OverridePlaceHolderTwo\",\n Effect = \"Deny\",\n Actions = new[]\n {\n \"*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\npolicyOne, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"s3:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyTwo, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"ec2:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Allow\"),\nActions: []string{\n\"iam:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\npolicyThree, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderOne\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"logs:*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nOverridePolicyDocuments: interface{}{\npolicyOne.Json,\npolicyTwo.Json,\npolicyThree.Json,\n},\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"OverridePlaceHolderTwo\"),\nEffect: pulumi.StringRef(\"Deny\"),\nActions: []string{\n\"*\",\n},\nResources: []string{\n\"*\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policyOne = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Allow\")\n .actions(\"s3:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyTwo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"ec2:*\")\n .resources(\"*\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Allow\")\n .actions(\"iam:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var policyThree = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderOne\")\n .effect(\"Deny\")\n .actions(\"logs:*\")\n .resources(\"*\")\n .build())\n .build());\n\n final var combined = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .overridePolicyDocuments( \n policyOne.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyTwo.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()),\n policyThree.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"OverridePlaceHolderTwo\")\n .effect(\"Deny\")\n .actions(\"*\")\n .resources(\"*\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policyOne:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Allow\n actions:\n - s3:*\n resources:\n - '*'\n policyTwo:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - ec2:*\n resources:\n - '*'\n - sid: OverridePlaceHolderTwo\n effect: Allow\n actions:\n - iam:*\n resources:\n - '*'\n policyThree:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - sid: OverridePlaceHolderOne\n effect: Deny\n actions:\n - logs:*\n resources:\n - '*'\n combined:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n overridePolicyDocuments:\n - ${policyOne.json}\n - ${policyTwo.json}\n - ${policyThree.json}\n statements:\n - sid: OverridePlaceHolderTwo\n effect: Deny\n actions:\n - '*'\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n`data.aws_iam_policy_document.combined.json` will evaluate to:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"OverridePlaceholderTwo\",\n \"Effect\": \"Allow\",\n \"Action\": \"iam:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"OverridePlaceholderOne\",\n \"Effect\": \"Deny\",\n \"Action\": \"logs:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"ec2:*\",\n \"Resource\": \"*\"\n },\n ]\n}\n```\n", "inputs": { "description": "A collection of arguments for invoking getPolicyDocument.\n", "properties": { @@ -369779,7 +369779,7 @@ } }, "aws:iam/getServerCertificate:getServerCertificate": { - "description": "Use this data source to lookup information about IAM Server Certificates.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst my-domain = aws.iam.getServerCertificate({\n namePrefix: \"my-domain.org\",\n latest: true,\n});\nconst elb = new aws.elb.LoadBalancer(\"elb\", {\n name: \"my-domain-elb\",\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"https\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: my_domain.then(my_domain =\u003e my_domain.arn),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_domain = aws.iam.get_server_certificate(name_prefix=\"my-domain.org\",\n latest=True)\nelb = aws.elb.LoadBalancer(\"elb\",\n name=\"my-domain-elb\",\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"https\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=my_domain.arn,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_domain = Aws.Iam.GetServerCertificate.Invoke(new()\n {\n NamePrefix = \"my-domain.org\",\n Latest = true,\n });\n\n var elb = new Aws.Elb.LoadBalancer(\"elb\", new()\n {\n Name = \"my-domain-elb\",\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"https\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = my_domain.Apply(my_domain =\u003e my_domain.Apply(getServerCertificateResult =\u003e getServerCertificateResult.Arn)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_domain, err := iam.LookupServerCertificate(ctx, \u0026iam.LookupServerCertificateArgs{\n\t\t\tNamePrefix: pulumi.StringRef(\"my-domain.org\"),\n\t\t\tLatest: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancer(ctx, \"elb\", \u0026elb.LoadBalancerArgs{\n\t\t\tName: pulumi.String(\"my-domain-elb\"),\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: *pulumi.String(my_domain.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetServerCertificateArgs;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-domain = IamFunctions.getServerCertificate(GetServerCertificateArgs.builder()\n .namePrefix(\"my-domain.org\")\n .latest(true)\n .build());\n\n var elb = new LoadBalancer(\"elb\", LoadBalancerArgs.builder() \n .name(\"my-domain-elb\")\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"https\")\n .lbPort(443)\n .lbProtocol(\"https\")\n .sslCertificateId(my_domain.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elb:\n type: aws:elb:LoadBalancer\n properties:\n name: my-domain-elb\n listeners:\n - instancePort: 8000\n instanceProtocol: https\n lbPort: 443\n lbProtocol: https\n sslCertificateId: ${[\"my-domain\"].arn}\nvariables:\n my-domain:\n fn::invoke:\n Function: aws:iam:getServerCertificate\n Arguments:\n namePrefix: my-domain.org\n latest: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to lookup information about IAM Server Certificates.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst my-domain = aws.iam.getServerCertificate({\n namePrefix: \"my-domain.org\",\n latest: true,\n});\nconst elb = new aws.elb.LoadBalancer(\"elb\", {\n name: \"my-domain-elb\",\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"https\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: my_domain.then(my_domain =\u003e my_domain.arn),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_domain = aws.iam.get_server_certificate(name_prefix=\"my-domain.org\",\n latest=True)\nelb = aws.elb.LoadBalancer(\"elb\",\n name=\"my-domain-elb\",\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"https\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=my_domain.arn,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_domain = Aws.Iam.GetServerCertificate.Invoke(new()\n {\n NamePrefix = \"my-domain.org\",\n Latest = true,\n });\n\n var elb = new Aws.Elb.LoadBalancer(\"elb\", new()\n {\n Name = \"my-domain-elb\",\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"https\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = my_domain.Apply(my_domain =\u003e my_domain.Apply(getServerCertificateResult =\u003e getServerCertificateResult.Arn)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_domain, err := iam.LookupServerCertificate(ctx, \u0026iam.LookupServerCertificateArgs{\n\t\t\tNamePrefix: pulumi.StringRef(\"my-domain.org\"),\n\t\t\tLatest: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancer(ctx, \"elb\", \u0026elb.LoadBalancerArgs{\n\t\t\tName: pulumi.String(\"my-domain-elb\"),\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(my_domain.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetServerCertificateArgs;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-domain = IamFunctions.getServerCertificate(GetServerCertificateArgs.builder()\n .namePrefix(\"my-domain.org\")\n .latest(true)\n .build());\n\n var elb = new LoadBalancer(\"elb\", LoadBalancerArgs.builder() \n .name(\"my-domain-elb\")\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"https\")\n .lbPort(443)\n .lbProtocol(\"https\")\n .sslCertificateId(my_domain.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elb:\n type: aws:elb:LoadBalancer\n properties:\n name: my-domain-elb\n listeners:\n - instancePort: 8000\n instanceProtocol: https\n lbPort: 443\n lbProtocol: https\n sslCertificateId: ${[\"my-domain\"].arn}\nvariables:\n my-domain:\n fn::invoke:\n Function: aws:iam:getServerCertificate\n Arguments:\n namePrefix: my-domain.org\n latest: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getServerCertificate.\n", "properties": { @@ -371638,7 +371638,7 @@ } }, "aws:index/getAvailabilityZones:getAvailabilityZones": { - "description": "The Availability Zones data source allows access to the list of AWS\nAvailability Zones which can be accessed by an AWS account within the region\nconfigured in the provider.\n\nThis is different from the `aws.getAvailabilityZone` (singular) data source,\nwhich provides some details about a specific availability zone.\n\n\u003e When [Local Zones](https://aws.amazon.com/about-aws/global-infrastructure/localzones/) are enabled in a region, by default the API and this data source include both Local Zones and Availability Zones. To return only Availability Zones, see the example section below.\n\n## Example Usage\n\n### By State\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\n// e.g., Create subnets in the first two available availability zones\nconst primary = new aws.ec2.Subnet(\"primary\", {availabilityZone: available.then(available =\u003e available.names?.[0])});\nconst secondary = new aws.ec2.Subnet(\"secondary\", {availabilityZone: available.then(available =\u003e available.names?.[1])});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\navailable = aws.get_availability_zones(state=\"available\")\n# e.g., Create subnets in the first two available availability zones\nprimary = aws.ec2.Subnet(\"primary\", availability_zone=available.names[0])\nsecondary = aws.ec2.Subnet(\"secondary\", availability_zone=available.names[1])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n // e.g., Create subnets in the first two available availability zones\n var primary = new Aws.Ec2.Subnet(\"primary\", new()\n {\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var secondary = new Aws.Ec2.Subnet(\"secondary\", new()\n {\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// e.g., Create subnets in the first two available availability zones\n\t\t_, err = ec2.NewSubnet(ctx, \"primary\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"secondary\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: *pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var primary = new Subnet(\"primary\", SubnetArgs.builder() \n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var secondary = new Subnet(\"secondary\", SubnetArgs.builder() \n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # e.g., Create subnets in the first two available availability zones\n primary:\n type: aws:ec2:Subnet\n properties:\n availabilityZone: ${available.names[0]}\n secondary:\n type: aws:ec2:Subnet\n properties:\n availabilityZone: ${available.names[1]}\nvariables:\n # Declare the data source\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### By Filter\n\nAll Local Zones (regardless of opt-in status):\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.getAvailabilityZones({\n allAvailabilityZones: true,\n filters: [{\n name: \"opt-in-status\",\n values: [\n \"not-opted-in\",\n \"opted-in\",\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.get_availability_zones(all_availability_zones=True,\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\n \"not-opted-in\",\n \"opted-in\",\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetAvailabilityZones.Invoke(new()\n {\n AllAvailabilityZones = true,\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"not-opted-in\",\n \"opted-in\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tAllAvailabilityZones: pulumi.BoolRef(true),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"not-opted-in\",\n\t\t\t\t\t\t\"opted-in\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .allAvailabilityZones(true)\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values( \n \"not-opted-in\",\n \"opted-in\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n allAvailabilityZones: true\n filters:\n - name: opt-in-status\n values:\n - not-opted-in\n - opted-in\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nOnly Availability Zones (no Local Zones):\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.getAvailabilityZones({\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.get_availability_zones(filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetAvailabilityZones.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The Availability Zones data source allows access to the list of AWS\nAvailability Zones which can be accessed by an AWS account within the region\nconfigured in the provider.\n\nThis is different from the `aws.getAvailabilityZone` (singular) data source,\nwhich provides some details about a specific availability zone.\n\n\u003e When [Local Zones](https://aws.amazon.com/about-aws/global-infrastructure/localzones/) are enabled in a region, by default the API and this data source include both Local Zones and Availability Zones. To return only Availability Zones, see the example section below.\n\n## Example Usage\n\n### By State\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Declare the data source\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\n// e.g., Create subnets in the first two available availability zones\nconst primary = new aws.ec2.Subnet(\"primary\", {availabilityZone: available.then(available =\u003e available.names?.[0])});\nconst secondary = new aws.ec2.Subnet(\"secondary\", {availabilityZone: available.then(available =\u003e available.names?.[1])});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Declare the data source\navailable = aws.get_availability_zones(state=\"available\")\n# e.g., Create subnets in the first two available availability zones\nprimary = aws.ec2.Subnet(\"primary\", availability_zone=available.names[0])\nsecondary = aws.ec2.Subnet(\"secondary\", availability_zone=available.names[1])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Declare the data source\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n });\n\n // e.g., Create subnets in the first two available availability zones\n var primary = new Aws.Ec2.Subnet(\"primary\", new()\n {\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[0]),\n });\n\n var secondary = new Aws.Ec2.Subnet(\"secondary\", new()\n {\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names[1]),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Declare the data source\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tState: pulumi.StringRef(\"available\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// e.g., Create subnets in the first two available availability zones\n\t\t_, err = ec2.NewSubnet(ctx, \"primary\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"secondary\", \u0026ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .build());\n\n var primary = new Subnet(\"primary\", SubnetArgs.builder() \n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[0]))\n .build());\n\n var secondary = new Subnet(\"secondary\", SubnetArgs.builder() \n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names()[1]))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # e.g., Create subnets in the first two available availability zones\n primary:\n type: aws:ec2:Subnet\n properties:\n availabilityZone: ${available.names[0]}\n secondary:\n type: aws:ec2:Subnet\n properties:\n availabilityZone: ${available.names[1]}\nvariables:\n # Declare the data source\n available:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n state: available\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### By Filter\n\nAll Local Zones (regardless of opt-in status):\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.getAvailabilityZones({\n allAvailabilityZones: true,\n filters: [{\n name: \"opt-in-status\",\n values: [\n \"not-opted-in\",\n \"opted-in\",\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.get_availability_zones(all_availability_zones=True,\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\n \"not-opted-in\",\n \"opted-in\",\n ],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetAvailabilityZones.Invoke(new()\n {\n AllAvailabilityZones = true,\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"not-opted-in\",\n \"opted-in\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tAllAvailabilityZones: pulumi.BoolRef(true),\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"not-opted-in\",\n\t\t\t\t\t\t\"opted-in\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .allAvailabilityZones(true)\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values( \n \"not-opted-in\",\n \"opted-in\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n allAvailabilityZones: true\n filters:\n - name: opt-in-status\n values:\n - not-opted-in\n - opted-in\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nOnly Availability Zones (no Local Zones):\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.getAvailabilityZones({\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.get_availability_zones(filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetAvailabilityZones.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\n\t\t\tFilters: []aws.GetAvailabilityZonesFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: aws:getAvailabilityZones\n Arguments:\n filters:\n - name: opt-in-status\n values:\n - opt-in-not-required\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAvailabilityZones.\n", "properties": { @@ -371841,7 +371841,7 @@ } }, "aws:index/getIpRanges:getIpRanges": { - "description": "Use this data source to get the IP ranges of various AWS products and services. For more information about the contents of this data source and required JSON syntax if referencing a custom URL, see the [AWS IP Address Ranges documentation](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst europeanEc2 = aws.getIpRanges({\n regions: [\n \"eu-west-1\",\n \"eu-central-1\",\n ],\n services: [\"ec2\"],\n});\nconst fromEurope = new aws.ec2.SecurityGroup(\"from_europe\", {\n name: \"from_europe\",\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: europeanEc2.then(europeanEc2 =\u003e europeanEc2.cidrBlocks),\n ipv6CidrBlocks: europeanEc2.then(europeanEc2 =\u003e europeanEc2.ipv6CidrBlocks),\n }],\n tags: {\n CreateDate: europeanEc2.then(europeanEc2 =\u003e europeanEc2.createDate),\n SyncToken: europeanEc2.then(europeanEc2 =\u003e europeanEc2.syncToken),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\neuropean_ec2 = aws.get_ip_ranges(regions=[\n \"eu-west-1\",\n \"eu-central-1\",\n ],\n services=[\"ec2\"])\nfrom_europe = aws.ec2.SecurityGroup(\"from_europe\",\n name=\"from_europe\",\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=european_ec2.cidr_blocks,\n ipv6_cidr_blocks=european_ec2.ipv6_cidr_blocks,\n )],\n tags={\n \"CreateDate\": european_ec2.create_date,\n \"SyncToken\": european_ec2.sync_token,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var europeanEc2 = Aws.GetIpRanges.Invoke(new()\n {\n Regions = new[]\n {\n \"eu-west-1\",\n \"eu-central-1\",\n },\n Services = new[]\n {\n \"ec2\",\n },\n });\n\n var fromEurope = new Aws.Ec2.SecurityGroup(\"from_europe\", new()\n {\n Name = \"from_europe\",\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.CidrBlocks),\n Ipv6CidrBlocks = europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.Ipv6CidrBlocks),\n },\n },\n Tags = \n {\n { \"CreateDate\", europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.CreateDate) },\n { \"SyncToken\", europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.SyncToken) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teuropeanEc2, err := aws.GetIpRanges(ctx, \u0026aws.GetIpRangesArgs{\n\t\t\tRegions: []string{\n\t\t\t\t\"eu-west-1\",\n\t\t\t\t\"eu-central-1\",\n\t\t\t},\n\t\t\tServices: []string{\n\t\t\t\t\"ec2\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"from_europe\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"from_europe\"),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t\u0026ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(443),\n\t\t\t\t\tToPort: pulumi.Int(443),\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tCidrBlocks: interface{}(europeanEc2.CidrBlocks),\n\t\t\t\t\tIpv6CidrBlocks: interface{}(europeanEc2.Ipv6CidrBlocks),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"CreateDate\": *pulumi.String(europeanEc2.CreateDate),\n\t\t\t\t\"SyncToken\": *pulumi.Int(europeanEc2.SyncToken),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetIpRangesArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var europeanEc2 = AwsFunctions.getIpRanges(GetIpRangesArgs.builder()\n .regions( \n \"eu-west-1\",\n \"eu-central-1\")\n .services(\"ec2\")\n .build());\n\n var fromEurope = new SecurityGroup(\"fromEurope\", SecurityGroupArgs.builder() \n .name(\"from_europe\")\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(\"443\")\n .toPort(\"443\")\n .protocol(\"tcp\")\n .cidrBlocks(europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.cidrBlocks()))\n .ipv6CidrBlocks(europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.ipv6CidrBlocks()))\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"CreateDate\", europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.createDate())),\n Map.entry(\"SyncToken\", europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.syncToken()))\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fromEurope:\n type: aws:ec2:SecurityGroup\n name: from_europe\n properties:\n name: from_europe\n ingress:\n - fromPort: '443'\n toPort: '443'\n protocol: tcp\n cidrBlocks: ${europeanEc2.cidrBlocks}\n ipv6CidrBlocks: ${europeanEc2.ipv6CidrBlocks}\n tags:\n CreateDate: ${europeanEc2.createDate}\n SyncToken: ${europeanEc2.syncToken}\nvariables:\n europeanEc2:\n fn::invoke:\n Function: aws:getIpRanges\n Arguments:\n regions:\n - eu-west-1\n - eu-central-1\n services:\n - ec2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get the IP ranges of various AWS products and services. For more information about the contents of this data source and required JSON syntax if referencing a custom URL, see the [AWS IP Address Ranges documentation](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst europeanEc2 = aws.getIpRanges({\n regions: [\n \"eu-west-1\",\n \"eu-central-1\",\n ],\n services: [\"ec2\"],\n});\nconst fromEurope = new aws.ec2.SecurityGroup(\"from_europe\", {\n name: \"from_europe\",\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: europeanEc2.then(europeanEc2 =\u003e europeanEc2.cidrBlocks),\n ipv6CidrBlocks: europeanEc2.then(europeanEc2 =\u003e europeanEc2.ipv6CidrBlocks),\n }],\n tags: {\n CreateDate: europeanEc2.then(europeanEc2 =\u003e europeanEc2.createDate),\n SyncToken: europeanEc2.then(europeanEc2 =\u003e europeanEc2.syncToken),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\neuropean_ec2 = aws.get_ip_ranges(regions=[\n \"eu-west-1\",\n \"eu-central-1\",\n ],\n services=[\"ec2\"])\nfrom_europe = aws.ec2.SecurityGroup(\"from_europe\",\n name=\"from_europe\",\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=european_ec2.cidr_blocks,\n ipv6_cidr_blocks=european_ec2.ipv6_cidr_blocks,\n )],\n tags={\n \"CreateDate\": european_ec2.create_date,\n \"SyncToken\": european_ec2.sync_token,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var europeanEc2 = Aws.GetIpRanges.Invoke(new()\n {\n Regions = new[]\n {\n \"eu-west-1\",\n \"eu-central-1\",\n },\n Services = new[]\n {\n \"ec2\",\n },\n });\n\n var fromEurope = new Aws.Ec2.SecurityGroup(\"from_europe\", new()\n {\n Name = \"from_europe\",\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.CidrBlocks),\n Ipv6CidrBlocks = europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.Ipv6CidrBlocks),\n },\n },\n Tags = \n {\n { \"CreateDate\", europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.CreateDate) },\n { \"SyncToken\", europeanEc2.Apply(getIpRangesResult =\u003e getIpRangesResult.SyncToken) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teuropeanEc2, err := aws.GetIpRanges(ctx, \u0026aws.GetIpRangesArgs{\n\t\t\tRegions: []string{\n\t\t\t\t\"eu-west-1\",\n\t\t\t\t\"eu-central-1\",\n\t\t\t},\n\t\t\tServices: []string{\n\t\t\t\t\"ec2\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"from_europe\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"from_europe\"),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t\u0026ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(443),\n\t\t\t\t\tToPort: pulumi.Int(443),\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tCidrBlocks: interface{}(europeanEc2.CidrBlocks),\n\t\t\t\t\tIpv6CidrBlocks: interface{}(europeanEc2.Ipv6CidrBlocks),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"CreateDate\": pulumi.String(europeanEc2.CreateDate),\n\t\t\t\t\"SyncToken\": pulumi.Int(europeanEc2.SyncToken),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetIpRangesArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var europeanEc2 = AwsFunctions.getIpRanges(GetIpRangesArgs.builder()\n .regions( \n \"eu-west-1\",\n \"eu-central-1\")\n .services(\"ec2\")\n .build());\n\n var fromEurope = new SecurityGroup(\"fromEurope\", SecurityGroupArgs.builder() \n .name(\"from_europe\")\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(\"443\")\n .toPort(\"443\")\n .protocol(\"tcp\")\n .cidrBlocks(europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.cidrBlocks()))\n .ipv6CidrBlocks(europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.ipv6CidrBlocks()))\n .build())\n .tags(Map.ofEntries(\n Map.entry(\"CreateDate\", europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.createDate())),\n Map.entry(\"SyncToken\", europeanEc2.applyValue(getIpRangesResult -\u003e getIpRangesResult.syncToken()))\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fromEurope:\n type: aws:ec2:SecurityGroup\n name: from_europe\n properties:\n name: from_europe\n ingress:\n - fromPort: '443'\n toPort: '443'\n protocol: tcp\n cidrBlocks: ${europeanEc2.cidrBlocks}\n ipv6CidrBlocks: ${europeanEc2.ipv6CidrBlocks}\n tags:\n CreateDate: ${europeanEc2.createDate}\n SyncToken: ${europeanEc2.syncToken}\nvariables:\n europeanEc2:\n fn::invoke:\n Function: aws:getIpRanges\n Arguments:\n regions:\n - eu-west-1\n - eu-central-1\n services:\n - ec2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIpRanges.\n", "properties": { @@ -372201,7 +372201,7 @@ } }, "aws:iot/getRegistrationCode:getRegistrationCode": { - "description": "Gets a registration code used to register a CA certificate with AWS IoT.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = aws.iot.getRegistrationCode({});\nconst verification = new tls.PrivateKey(\"verification\", {algorithm: \"RSA\"});\nconst verificationCertRequest = new tls.CertRequest(\"verification\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: verification.privateKeyPem,\n subject: {\n commonName: example.then(example =\u003e example.registrationCode),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nexample = aws.iot.get_registration_code()\nverification = tls.PrivateKey(\"verification\", algorithm=\"RSA\")\nverification_cert_request = tls.CertRequest(\"verification\",\n key_algorithm=\"RSA\",\n private_key_pem=verification.private_key_pem,\n subject=tls.CertRequestSubjectArgs(\n common_name=example.registration_code,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iot.GetRegistrationCode.Invoke();\n\n var verification = new Tls.PrivateKey(\"verification\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var verificationCertRequest = new Tls.CertRequest(\"verification\", new()\n {\n KeyAlgorithm = \"RSA\",\n PrivateKeyPem = verification.PrivateKeyPem,\n Subject = new Tls.Inputs.CertRequestSubjectArgs\n {\n CommonName = example.Apply(getRegistrationCodeResult =\u003e getRegistrationCodeResult.RegistrationCode),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iot.GetRegistrationCode(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverification, err := tls.NewPrivateKey(ctx, \"verification\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tls.NewCertRequest(ctx, \"verification\", \u0026tls.CertRequestArgs{\n\t\t\tKeyAlgorithm: pulumi.String(\"RSA\"),\n\t\t\tPrivateKeyPem: verification.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.CertRequestSubjectArgs{\n\t\t\t\tCommonName: *pulumi.String(example.RegistrationCode),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iot.IotFunctions;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.CertRequest;\nimport com.pulumi.tls.CertRequestArgs;\nimport com.pulumi.tls.inputs.CertRequestSubjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IotFunctions.getRegistrationCode();\n\n var verification = new PrivateKey(\"verification\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n var verificationCertRequest = new CertRequest(\"verificationCertRequest\", CertRequestArgs.builder() \n .keyAlgorithm(\"RSA\")\n .privateKeyPem(verification.privateKeyPem())\n .subject(CertRequestSubjectArgs.builder()\n .commonName(example.applyValue(getRegistrationCodeResult -\u003e getRegistrationCodeResult.registrationCode()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n verification:\n type: tls:PrivateKey\n properties:\n algorithm: RSA\n verificationCertRequest:\n type: tls:CertRequest\n name: verification\n properties:\n keyAlgorithm: RSA\n privateKeyPem: ${verification.privateKeyPem}\n subject:\n commonName: ${example.registrationCode}\nvariables:\n example:\n fn::invoke:\n Function: aws:iot:getRegistrationCode\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets a registration code used to register a CA certificate with AWS IoT.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = aws.iot.getRegistrationCode({});\nconst verification = new tls.PrivateKey(\"verification\", {algorithm: \"RSA\"});\nconst verificationCertRequest = new tls.CertRequest(\"verification\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: verification.privateKeyPem,\n subject: {\n commonName: example.then(example =\u003e example.registrationCode),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nexample = aws.iot.get_registration_code()\nverification = tls.PrivateKey(\"verification\", algorithm=\"RSA\")\nverification_cert_request = tls.CertRequest(\"verification\",\n key_algorithm=\"RSA\",\n private_key_pem=verification.private_key_pem,\n subject=tls.CertRequestSubjectArgs(\n common_name=example.registration_code,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Iot.GetRegistrationCode.Invoke();\n\n var verification = new Tls.PrivateKey(\"verification\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var verificationCertRequest = new Tls.CertRequest(\"verification\", new()\n {\n KeyAlgorithm = \"RSA\",\n PrivateKeyPem = verification.PrivateKeyPem,\n Subject = new Tls.Inputs.CertRequestSubjectArgs\n {\n CommonName = example.Apply(getRegistrationCodeResult =\u003e getRegistrationCodeResult.RegistrationCode),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iot.GetRegistrationCode(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tverification, err := tls.NewPrivateKey(ctx, \"verification\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tls.NewCertRequest(ctx, \"verification\", \u0026tls.CertRequestArgs{\n\t\t\tKeyAlgorithm: pulumi.String(\"RSA\"),\n\t\t\tPrivateKeyPem: verification.PrivateKeyPem,\n\t\t\tSubject: \u0026tls.CertRequestSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(example.RegistrationCode),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iot.IotFunctions;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.CertRequest;\nimport com.pulumi.tls.CertRequestArgs;\nimport com.pulumi.tls.inputs.CertRequestSubjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = IotFunctions.getRegistrationCode();\n\n var verification = new PrivateKey(\"verification\", PrivateKeyArgs.builder() \n .algorithm(\"RSA\")\n .build());\n\n var verificationCertRequest = new CertRequest(\"verificationCertRequest\", CertRequestArgs.builder() \n .keyAlgorithm(\"RSA\")\n .privateKeyPem(verification.privateKeyPem())\n .subject(CertRequestSubjectArgs.builder()\n .commonName(example.applyValue(getRegistrationCodeResult -\u003e getRegistrationCodeResult.registrationCode()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n verification:\n type: tls:PrivateKey\n properties:\n algorithm: RSA\n verificationCertRequest:\n type: tls:CertRequest\n name: verification\n properties:\n keyAlgorithm: RSA\n privateKeyPem: ${verification.privateKeyPem}\n subject:\n commonName: ${example.registrationCode}\nvariables:\n example:\n fn::invoke:\n Function: aws:iot:getRegistrationCode\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getRegistrationCode.\n", "properties": { @@ -374428,7 +374428,7 @@ } }, "aws:lb/getHostedZoneId:getHostedZoneId": { - "description": "Use this data source to get the HostedZoneId of the AWS Elastic Load Balancing (ELB) in a given region for the purpose of using in an AWS Route53 Alias. Specify the ELB type (`network` or `application`) to return the relevant the associated HostedZoneId. Ref: [ELB service endpoints](https://docs.aws.amazon.com/general/latest/gr/elb.html#elb_region)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.lb.getHostedZoneId({});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"example.com\",\n type: \"A\",\n aliases: [{\n name: mainAwsLb.dnsName,\n zoneId: main.then(main =\u003e main.id),\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.lb.get_hosted_zone_id()\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"example.com\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=main_aws_lb[\"dnsName\"],\n zone_id=main.id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.LB.GetHostedZoneId.Invoke();\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"example.com\",\n Type = \"A\",\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = mainAwsLb.DnsName,\n ZoneId = main.Apply(getHostedZoneIdResult =\u003e getHostedZoneIdResult.Id),\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := lb.GetHostedZoneId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.Any(mainAwsLb.DnsName),\n\t\t\t\t\tZoneId: *pulumi.String(main.Id),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LbFunctions;\nimport com.pulumi.aws.lb.inputs.GetHostedZoneIdArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = LbFunctions.getHostedZoneId();\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"example.com\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(mainAwsLb.dnsName())\n .zoneId(main.applyValue(getHostedZoneIdResult -\u003e getHostedZoneIdResult.id()))\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: example.com\n type: A\n aliases:\n - name: ${mainAwsLb.dnsName}\n zoneId: ${main.id}\n evaluateTargetHealth: true\nvariables:\n main:\n fn::invoke:\n Function: aws:lb:getHostedZoneId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get the HostedZoneId of the AWS Elastic Load Balancing (ELB) in a given region for the purpose of using in an AWS Route53 Alias. Specify the ELB type (`network` or `application`) to return the relevant the associated HostedZoneId. Ref: [ELB service endpoints](https://docs.aws.amazon.com/general/latest/gr/elb.html#elb_region)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.lb.getHostedZoneId({});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: primary.zoneId,\n name: \"example.com\",\n type: aws.route53.RecordType.A,\n aliases: [{\n name: mainAwsLb.dnsName,\n zoneId: main.then(main =\u003e main.id),\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.lb.get_hosted_zone_id()\nwww = aws.route53.Record(\"www\",\n zone_id=primary[\"zoneId\"],\n name=\"example.com\",\n type=aws.route53.RecordType.A,\n aliases=[aws.route53.RecordAliasArgs(\n name=main_aws_lb[\"dnsName\"],\n zone_id=main.id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var main = Aws.LB.GetHostedZoneId.Invoke();\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = primary.ZoneId,\n Name = \"example.com\",\n Type = Aws.Route53.RecordType.A,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = mainAwsLb.DnsName,\n ZoneId = main.Apply(getHostedZoneIdResult =\u003e getHostedZoneIdResult.Id),\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := lb.GetHostedZoneId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(primary.ZoneId),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.Any(mainAwsLb.DnsName),\n\t\t\t\t\tZoneId: pulumi.String(main.Id),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LbFunctions;\nimport com.pulumi.aws.lb.inputs.GetHostedZoneIdArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var main = LbFunctions.getHostedZoneId();\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(primary.zoneId())\n .name(\"example.com\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(mainAwsLb.dnsName())\n .zoneId(main.applyValue(getHostedZoneIdResult -\u003e getHostedZoneIdResult.id()))\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${primary.zoneId}\n name: example.com\n type: A\n aliases:\n - name: ${mainAwsLb.dnsName}\n zoneId: ${main.id}\n evaluateTargetHealth: true\nvariables:\n main:\n fn::invoke:\n Function: aws:lb:getHostedZoneId\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getHostedZoneId.\n", "properties": { @@ -381326,7 +381326,7 @@ } }, "aws:rds/getClusterSnapshot:getClusterSnapshot": { - "description": "Use this data source to get information about a DB Cluster Snapshot for use when provisioning DB clusters.\n\n\u003e **NOTE:** This data source does not apply to snapshots created on DB Instances.\nSee the `aws.rds.Snapshot` data source for DB Instance snapshots.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst developmentFinalSnapshot = aws.rds.getClusterSnapshot({\n dbClusterIdentifier: \"development_cluster\",\n mostRecent: true,\n});\n// Use the last snapshot of the dev database before it was destroyed to create\n// a new dev database.\nconst aurora = new aws.rds.Cluster(\"aurora\", {\n clusterIdentifier: \"development_cluster\",\n snapshotIdentifier: developmentFinalSnapshot.then(developmentFinalSnapshot =\u003e developmentFinalSnapshot.id),\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\nconst auroraClusterInstance = new aws.rds.ClusterInstance(\"aurora\", {\n clusterIdentifier: aurora.id,\n instanceClass: \"db.t2.small\",\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndevelopment_final_snapshot = aws.rds.get_cluster_snapshot(db_cluster_identifier=\"development_cluster\",\n most_recent=True)\n# Use the last snapshot of the dev database before it was destroyed to create\n# a new dev database.\naurora = aws.rds.Cluster(\"aurora\",\n cluster_identifier=\"development_cluster\",\n snapshot_identifier=development_final_snapshot.id,\n db_subnet_group_name=\"my_db_subnet_group\")\naurora_cluster_instance = aws.rds.ClusterInstance(\"aurora\",\n cluster_identifier=aurora.id,\n instance_class=\"db.t2.small\",\n db_subnet_group_name=\"my_db_subnet_group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var developmentFinalSnapshot = Aws.Rds.GetClusterSnapshot.Invoke(new()\n {\n DbClusterIdentifier = \"development_cluster\",\n MostRecent = true,\n });\n\n // Use the last snapshot of the dev database before it was destroyed to create\n // a new dev database.\n var aurora = new Aws.Rds.Cluster(\"aurora\", new()\n {\n ClusterIdentifier = \"development_cluster\",\n SnapshotIdentifier = developmentFinalSnapshot.Apply(getClusterSnapshotResult =\u003e getClusterSnapshotResult.Id),\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n var auroraClusterInstance = new Aws.Rds.ClusterInstance(\"aurora\", new()\n {\n ClusterIdentifier = aurora.Id,\n InstanceClass = \"db.t2.small\",\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdevelopmentFinalSnapshot, err := rds.LookupClusterSnapshot(ctx, \u0026rds.LookupClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.StringRef(\"development_cluster\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Use the last snapshot of the dev database before it was destroyed to create\n\t\t// a new dev database.\n\t\taurora, err := rds.NewCluster(ctx, \"aurora\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"development_cluster\"),\n\t\t\tSnapshotIdentifier: *pulumi.String(developmentFinalSnapshot.Id),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"aurora\", \u0026rds.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: aurora.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetClusterSnapshotArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var developmentFinalSnapshot = RdsFunctions.getClusterSnapshot(GetClusterSnapshotArgs.builder()\n .dbClusterIdentifier(\"development_cluster\")\n .mostRecent(true)\n .build());\n\n var aurora = new Cluster(\"aurora\", ClusterArgs.builder() \n .clusterIdentifier(\"development_cluster\")\n .snapshotIdentifier(developmentFinalSnapshot.applyValue(getClusterSnapshotResult -\u003e getClusterSnapshotResult.id()))\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n var auroraClusterInstance = new ClusterInstance(\"auroraClusterInstance\", ClusterInstanceArgs.builder() \n .clusterIdentifier(aurora.id())\n .instanceClass(\"db.t2.small\")\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Use the last snapshot of the dev database before it was destroyed to create\n # a new dev database.\n aurora:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: development_cluster\n snapshotIdentifier: ${developmentFinalSnapshot.id}\n dbSubnetGroupName: my_db_subnet_group\n auroraClusterInstance:\n type: aws:rds:ClusterInstance\n name: aurora\n properties:\n clusterIdentifier: ${aurora.id}\n instanceClass: db.t2.small\n dbSubnetGroupName: my_db_subnet_group\nvariables:\n developmentFinalSnapshot:\n fn::invoke:\n Function: aws:rds:getClusterSnapshot\n Arguments:\n dbClusterIdentifier: development_cluster\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a DB Cluster Snapshot for use when provisioning DB clusters.\n\n\u003e **NOTE:** This data source does not apply to snapshots created on DB Instances.\nSee the `aws.rds.Snapshot` data source for DB Instance snapshots.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst developmentFinalSnapshot = aws.rds.getClusterSnapshot({\n dbClusterIdentifier: \"development_cluster\",\n mostRecent: true,\n});\n// Use the last snapshot of the dev database before it was destroyed to create\n// a new dev database.\nconst aurora = new aws.rds.Cluster(\"aurora\", {\n clusterIdentifier: \"development_cluster\",\n snapshotIdentifier: developmentFinalSnapshot.then(developmentFinalSnapshot =\u003e developmentFinalSnapshot.id),\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\nconst auroraClusterInstance = new aws.rds.ClusterInstance(\"aurora\", {\n clusterIdentifier: aurora.id,\n instanceClass: aws.rds.InstanceType.T2_Small,\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndevelopment_final_snapshot = aws.rds.get_cluster_snapshot(db_cluster_identifier=\"development_cluster\",\n most_recent=True)\n# Use the last snapshot of the dev database before it was destroyed to create\n# a new dev database.\naurora = aws.rds.Cluster(\"aurora\",\n cluster_identifier=\"development_cluster\",\n snapshot_identifier=development_final_snapshot.id,\n db_subnet_group_name=\"my_db_subnet_group\")\naurora_cluster_instance = aws.rds.ClusterInstance(\"aurora\",\n cluster_identifier=aurora.id,\n instance_class=aws.rds.InstanceType.T2_SMALL,\n db_subnet_group_name=\"my_db_subnet_group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var developmentFinalSnapshot = Aws.Rds.GetClusterSnapshot.Invoke(new()\n {\n DbClusterIdentifier = \"development_cluster\",\n MostRecent = true,\n });\n\n // Use the last snapshot of the dev database before it was destroyed to create\n // a new dev database.\n var aurora = new Aws.Rds.Cluster(\"aurora\", new()\n {\n ClusterIdentifier = \"development_cluster\",\n SnapshotIdentifier = developmentFinalSnapshot.Apply(getClusterSnapshotResult =\u003e getClusterSnapshotResult.Id),\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n var auroraClusterInstance = new Aws.Rds.ClusterInstance(\"aurora\", new()\n {\n ClusterIdentifier = aurora.Id,\n InstanceClass = Aws.Rds.InstanceType.T2_Small,\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdevelopmentFinalSnapshot, err := rds.LookupClusterSnapshot(ctx, \u0026rds.LookupClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.StringRef(\"development_cluster\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Use the last snapshot of the dev database before it was destroyed to create\n\t\t// a new dev database.\n\t\taurora, err := rds.NewCluster(ctx, \"aurora\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"development_cluster\"),\n\t\t\tSnapshotIdentifier: pulumi.String(developmentFinalSnapshot.Id),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"aurora\", \u0026rds.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: aurora.ID(),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Small),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetClusterSnapshotArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var developmentFinalSnapshot = RdsFunctions.getClusterSnapshot(GetClusterSnapshotArgs.builder()\n .dbClusterIdentifier(\"development_cluster\")\n .mostRecent(true)\n .build());\n\n var aurora = new Cluster(\"aurora\", ClusterArgs.builder() \n .clusterIdentifier(\"development_cluster\")\n .snapshotIdentifier(developmentFinalSnapshot.applyValue(getClusterSnapshotResult -\u003e getClusterSnapshotResult.id()))\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n var auroraClusterInstance = new ClusterInstance(\"auroraClusterInstance\", ClusterInstanceArgs.builder() \n .clusterIdentifier(aurora.id())\n .instanceClass(\"db.t2.small\")\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Use the last snapshot of the dev database before it was destroyed to create\n # a new dev database.\n aurora:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: development_cluster\n snapshotIdentifier: ${developmentFinalSnapshot.id}\n dbSubnetGroupName: my_db_subnet_group\n auroraClusterInstance:\n type: aws:rds:ClusterInstance\n name: aurora\n properties:\n clusterIdentifier: ${aurora.id}\n instanceClass: db.t2.small\n dbSubnetGroupName: my_db_subnet_group\nvariables:\n developmentFinalSnapshot:\n fn::invoke:\n Function: aws:rds:getClusterSnapshot\n Arguments:\n dbClusterIdentifier: development_cluster\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClusterSnapshot.\n", "properties": { @@ -382636,7 +382636,7 @@ } }, "aws:rds/getSnapshot:getSnapshot": { - "description": "Use this data source to get information about a DB Snapshot for use when provisioning DB instances\n\n\u003e **NOTE:** This data source does not apply to snapshots created on Aurora DB clusters.\nSee the `aws.rds.ClusterSnapshot` data source for DB Cluster snapshots.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst prod = new aws.rds.Instance(\"prod\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: \"db.t2.micro\",\n dbName: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst latestProdSnapshot = aws.rds.getSnapshotOutput({\n dbInstanceIdentifier: prod.identifier,\n mostRecent: true,\n});\n// Use the latest production snapshot to create a dev instance.\nconst dev = new aws.rds.Instance(\"dev\", {\n instanceClass: \"db.t2.micro\",\n dbName: \"mydbdev\",\n snapshotIdentifier: latestProdSnapshot.apply(latestProdSnapshot =\u003e latestProdSnapshot.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprod = aws.rds.Instance(\"prod\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\nlatest_prod_snapshot = aws.rds.get_snapshot_output(db_instance_identifier=prod.identifier,\n most_recent=True)\n# Use the latest production snapshot to create a dev instance.\ndev = aws.rds.Instance(\"dev\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydbdev\",\n snapshot_identifier=latest_prod_snapshot.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var prod = new Aws.Rds.Instance(\"prod\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var latestProdSnapshot = Aws.Rds.GetSnapshot.Invoke(new()\n {\n DbInstanceIdentifier = prod.Identifier,\n MostRecent = true,\n });\n\n // Use the latest production snapshot to create a dev instance.\n var dev = new Aws.Rds.Instance(\"dev\", new()\n {\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydbdev\",\n SnapshotIdentifier = latestProdSnapshot.Apply(getSnapshotResult =\u003e getSnapshotResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprod, err := rds.NewInstance(ctx, \"prod\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatestProdSnapshot := rds.LookupSnapshotOutput(ctx, rds.GetSnapshotOutputArgs{\n\t\t\tDbInstanceIdentifier: prod.Identifier,\n\t\t\tMostRecent: pulumi.Bool(true),\n\t\t}, nil)\n\t\t// Use the latest production snapshot to create a dev instance.\n\t\t_, err = rds.NewInstance(ctx, \"dev\", \u0026rds.InstanceArgs{\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydbdev\"),\n\t\t\tSnapshotIdentifier: latestProdSnapshot.ApplyT(func(latestProdSnapshot rds.GetSnapshotResult) (*string, error) {\n\t\t\t\treturn \u0026latestProdSnapshot.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetSnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var prod = new Instance(\"prod\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.17\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(\"bar\")\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n final var latestProdSnapshot = RdsFunctions.getSnapshot(GetSnapshotArgs.builder()\n .dbInstanceIdentifier(prod.identifier())\n .mostRecent(true)\n .build());\n\n var dev = new Instance(\"dev\", InstanceArgs.builder() \n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydbdev\")\n .snapshotIdentifier(latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult).applyValue(latestProdSnapshot -\u003e latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n prod:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.17\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: bar\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.6\n # Use the latest production snapshot to create a dev instance.\n dev:\n type: aws:rds:Instance\n properties:\n instanceClass: db.t2.micro\n dbName: mydbdev\n snapshotIdentifier: ${latestProdSnapshot.id}\nvariables:\n latestProdSnapshot:\n fn::invoke:\n Function: aws:rds:getSnapshot\n Arguments:\n dbInstanceIdentifier: ${prod.identifier}\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about a DB Snapshot for use when provisioning DB instances\n\n\u003e **NOTE:** This data source does not apply to snapshots created on Aurora DB clusters.\nSee the `aws.rds.ClusterSnapshot` data source for DB Cluster snapshots.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst prod = new aws.rds.Instance(\"prod\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: aws.rds.InstanceType.T2_Micro,\n dbName: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst latestProdSnapshot = aws.rds.getSnapshotOutput({\n dbInstanceIdentifier: prod.identifier,\n mostRecent: true,\n});\n// Use the latest production snapshot to create a dev instance.\nconst dev = new aws.rds.Instance(\"dev\", {\n instanceClass: aws.rds.InstanceType.T2_Micro,\n dbName: \"mydbdev\",\n snapshotIdentifier: latestProdSnapshot.apply(latestProdSnapshot =\u003e latestProdSnapshot.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprod = aws.rds.Instance(\"prod\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=aws.rds.InstanceType.T2_MICRO,\n db_name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\nlatest_prod_snapshot = aws.rds.get_snapshot_output(db_instance_identifier=prod.identifier,\n most_recent=True)\n# Use the latest production snapshot to create a dev instance.\ndev = aws.rds.Instance(\"dev\",\n instance_class=aws.rds.InstanceType.T2_MICRO,\n db_name=\"mydbdev\",\n snapshot_identifier=latest_prod_snapshot.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var prod = new Aws.Rds.Instance(\"prod\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = Aws.Rds.InstanceType.T2_Micro,\n DbName = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var latestProdSnapshot = Aws.Rds.GetSnapshot.Invoke(new()\n {\n DbInstanceIdentifier = prod.Identifier,\n MostRecent = true,\n });\n\n // Use the latest production snapshot to create a dev instance.\n var dev = new Aws.Rds.Instance(\"dev\", new()\n {\n InstanceClass = Aws.Rds.InstanceType.T2_Micro,\n DbName = \"mydbdev\",\n SnapshotIdentifier = latestProdSnapshot.Apply(getSnapshotResult =\u003e getSnapshotResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprod, err := rds.NewInstance(ctx, \"prod\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Micro),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatestProdSnapshot := rds.LookupSnapshotOutput(ctx, rds.GetSnapshotOutputArgs{\n\t\t\tDbInstanceIdentifier: prod.Identifier,\n\t\t\tMostRecent: pulumi.Bool(true),\n\t\t}, nil)\n\t\t// Use the latest production snapshot to create a dev instance.\n\t\t_, err = rds.NewInstance(ctx, \"dev\", \u0026rds.InstanceArgs{\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T2_Micro),\n\t\t\tDbName: pulumi.String(\"mydbdev\"),\n\t\t\tSnapshotIdentifier: latestProdSnapshot.ApplyT(func(latestProdSnapshot rds.GetSnapshotResult) (*string, error) {\n\t\t\t\treturn \u0026latestProdSnapshot.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetSnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var prod = new Instance(\"prod\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.17\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(\"bar\")\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n final var latestProdSnapshot = RdsFunctions.getSnapshot(GetSnapshotArgs.builder()\n .dbInstanceIdentifier(prod.identifier())\n .mostRecent(true)\n .build());\n\n var dev = new Instance(\"dev\", InstanceArgs.builder() \n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydbdev\")\n .snapshotIdentifier(latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult).applyValue(latestProdSnapshot -\u003e latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n prod:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.17\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: bar\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.6\n # Use the latest production snapshot to create a dev instance.\n dev:\n type: aws:rds:Instance\n properties:\n instanceClass: db.t2.micro\n dbName: mydbdev\n snapshotIdentifier: ${latestProdSnapshot.id}\nvariables:\n latestProdSnapshot:\n fn::invoke:\n Function: aws:rds:getSnapshot\n Arguments:\n dbInstanceIdentifier: ${prod.identifier}\n mostRecent: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSnapshot.\n", "properties": { @@ -384390,7 +384390,7 @@ } }, "aws:route53/getTrafficPolicyDocument:getTrafficPolicyDocument": { - "description": "Generates an Route53 traffic policy document in JSON format for use with resources that expect policy documents such as `aws.route53.TrafficPolicy`.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = Promise.all([current, current]).then(([current, current1]) =\u003e aws.route53.getTrafficPolicyDocument({\n recordType: \"A\",\n startRule: \"site_switch\",\n endpoints: [\n {\n id: \"my_elb\",\n type: \"elastic-load-balancer\",\n value: `elb-111111.${current.name}.elb.amazonaws.com`,\n },\n {\n id: \"site_down_banner\",\n type: \"s3-website\",\n region: current1.name,\n value: \"www.example.com\",\n },\n ],\n rules: [{\n id: \"site_switch\",\n type: \"failover\",\n primary: {\n endpointReference: \"my_elb\",\n },\n secondary: {\n endpointReference: \"site_down_banner\",\n },\n }],\n}));\nconst exampleTrafficPolicy = new aws.route53.TrafficPolicy(\"example\", {\n name: \"example\",\n comment: \"example comment\",\n document: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.route53.get_traffic_policy_document(record_type=\"A\",\n start_rule=\"site_switch\",\n endpoints=[\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"my_elb\",\n type=\"elastic-load-balancer\",\n value=f\"elb-111111.{current.name}.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"site_down_banner\",\n type=\"s3-website\",\n region=current.name,\n value=\"www.example.com\",\n ),\n ],\n rules=[aws.route53.GetTrafficPolicyDocumentRuleArgs(\n id=\"site_switch\",\n type=\"failover\",\n primary=aws.route53.GetTrafficPolicyDocumentRulePrimaryArgs(\n endpoint_reference=\"my_elb\",\n ),\n secondary=aws.route53.GetTrafficPolicyDocumentRuleSecondaryArgs(\n endpoint_reference=\"site_down_banner\",\n ),\n )])\nexample_traffic_policy = aws.route53.TrafficPolicy(\"example\",\n name=\"example\",\n comment=\"example comment\",\n document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = Aws.Route53.GetTrafficPolicyDocument.Invoke(new()\n {\n RecordType = \"A\",\n StartRule = \"site_switch\",\n Endpoints = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"my_elb\",\n Type = \"elastic-load-balancer\",\n Value = $\"elb-111111.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"site_down_banner\",\n Type = \"s3-website\",\n Region = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Value = \"www.example.com\",\n },\n },\n Rules = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleInputArgs\n {\n Id = \"site_switch\",\n Type = \"failover\",\n Primary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRulePrimaryInputArgs\n {\n EndpointReference = \"my_elb\",\n },\n Secondary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleSecondaryInputArgs\n {\n EndpointReference = \"site_down_banner\",\n },\n },\n },\n });\n\n var exampleTrafficPolicy = new Aws.Route53.TrafficPolicy(\"example\", new()\n {\n Name = \"example\",\n Comment = \"example comment\",\n Document = example.Apply(getTrafficPolicyDocumentResult =\u003e getTrafficPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := route53.GetTrafficPolicyDocument(ctx, \u0026route53.GetTrafficPolicyDocumentArgs{\n\t\t\tRecordType: pulumi.StringRef(\"A\"),\n\t\t\tStartRule: pulumi.StringRef(\"site_switch\"),\n\t\t\tEndpoints: []route53.GetTrafficPolicyDocumentEndpoint{\n\t\t\t\t{\n\t\t\t\t\tId: \"my_elb\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(fmt.Sprintf(\"elb-111111.%v.elb.amazonaws.com\", current.Name)),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"site_down_banner\",\n\t\t\t\t\tType: pulumi.StringRef(\"s3-website\"),\n\t\t\t\t\tRegion: pulumi.StringRef(current.Name),\n\t\t\t\t\tValue: pulumi.StringRef(\"www.example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRules: []route53.GetTrafficPolicyDocumentRule{\n\t\t\t\t{\n\t\t\t\t\tId: \"site_switch\",\n\t\t\t\t\tType: pulumi.StringRef(\"failover\"),\n\t\t\t\t\tPrimary: {\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"my_elb\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecondary: {\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"site_down_banner\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewTrafficPolicy(ctx, \"example\", \u0026route53.TrafficPolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tComment: pulumi.String(\"example comment\"),\n\t\t\tDocument: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetTrafficPolicyDocumentArgs;\nimport com.pulumi.aws.route53.TrafficPolicy;\nimport com.pulumi.aws.route53.TrafficPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var example = Route53Functions.getTrafficPolicyDocument(GetTrafficPolicyDocumentArgs.builder()\n .recordType(\"A\")\n .startRule(\"site_switch\")\n .endpoints( \n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"my_elb\")\n .type(\"elastic-load-balancer\")\n .value(String.format(\"elb-111111.%s.elb.amazonaws.com\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"site_down_banner\")\n .type(\"s3-website\")\n .region(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .value(\"www.example.com\")\n .build())\n .rules(GetTrafficPolicyDocumentRuleArgs.builder()\n .id(\"site_switch\")\n .type(\"failover\")\n .primary(GetTrafficPolicyDocumentRulePrimaryArgs.builder()\n .endpointReference(\"my_elb\")\n .build())\n .secondary(GetTrafficPolicyDocumentRuleSecondaryArgs.builder()\n .endpointReference(\"site_down_banner\")\n .build())\n .build())\n .build());\n\n var exampleTrafficPolicy = new TrafficPolicy(\"exampleTrafficPolicy\", TrafficPolicyArgs.builder() \n .name(\"example\")\n .comment(\"example comment\")\n .document(example.applyValue(getTrafficPolicyDocumentResult -\u003e getTrafficPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTrafficPolicy:\n type: aws:route53:TrafficPolicy\n name: example\n properties:\n name: example\n comment: example comment\n document: ${example.json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:route53:getTrafficPolicyDocument\n Arguments:\n recordType: A\n startRule: site_switch\n endpoints:\n - id: my_elb\n type: elastic-load-balancer\n value: elb-111111.${current.name}.elb.amazonaws.com\n - id: site_down_banner\n type: s3-website\n region: ${current.name}\n value: www.example.com\n rules:\n - id: site_switch\n type: failover\n primary:\n endpointReference: my_elb\n secondary:\n endpointReference: site_down_banner\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Complex Example\n\nThe following example showcases the use of nested rules within the traffic policy document and introduces the `geoproximity` rule type.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.route53.getTrafficPolicyDocument({\n recordType: \"A\",\n startRule: \"geoproximity_rule\",\n endpoints: [\n {\n id: \"na_endpoint_a\",\n type: \"elastic-load-balancer\",\n value: \"elb-111111.us-west-1.elb.amazonaws.com\",\n },\n {\n id: \"na_endpoint_b\",\n type: \"elastic-load-balancer\",\n value: \"elb-222222.us-west-1.elb.amazonaws.com\",\n },\n {\n id: \"eu_endpoint\",\n type: \"elastic-load-balancer\",\n value: \"elb-333333.eu-west-1.elb.amazonaws.com\",\n },\n {\n id: \"ap_endpoint\",\n type: \"elastic-load-balancer\",\n value: \"elb-444444.ap-northeast-2.elb.amazonaws.com\",\n },\n ],\n rules: [\n {\n id: \"na_rule\",\n type: \"failover\",\n primary: {\n endpointReference: \"na_endpoint_a\",\n },\n secondary: {\n endpointReference: \"na_endpoint_b\",\n },\n },\n {\n id: \"geoproximity_rule\",\n type: \"geoproximity\",\n geoProximityLocations: [\n {\n region: \"aws:route53:us-west-1\",\n bias: \"10\",\n evaluateTargetHealth: true,\n ruleReference: \"na_rule\",\n },\n {\n region: \"aws:route53:eu-west-1\",\n bias: \"10\",\n evaluateTargetHealth: true,\n endpointReference: \"eu_endpoint\",\n },\n {\n region: \"aws:route53:ap-northeast-2\",\n bias: \"0\",\n evaluateTargetHealth: true,\n endpointReference: \"ap_endpoint\",\n },\n ],\n },\n ],\n});\nconst exampleTrafficPolicy = new aws.route53.TrafficPolicy(\"example\", {\n name: \"example\",\n comment: \"example comment\",\n document: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.get_traffic_policy_document(record_type=\"A\",\n start_rule=\"geoproximity_rule\",\n endpoints=[\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"na_endpoint_a\",\n type=\"elastic-load-balancer\",\n value=\"elb-111111.us-west-1.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"na_endpoint_b\",\n type=\"elastic-load-balancer\",\n value=\"elb-222222.us-west-1.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"eu_endpoint\",\n type=\"elastic-load-balancer\",\n value=\"elb-333333.eu-west-1.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"ap_endpoint\",\n type=\"elastic-load-balancer\",\n value=\"elb-444444.ap-northeast-2.elb.amazonaws.com\",\n ),\n ],\n rules=[\n aws.route53.GetTrafficPolicyDocumentRuleArgs(\n id=\"na_rule\",\n type=\"failover\",\n primary=aws.route53.GetTrafficPolicyDocumentRulePrimaryArgs(\n endpoint_reference=\"na_endpoint_a\",\n ),\n secondary=aws.route53.GetTrafficPolicyDocumentRuleSecondaryArgs(\n endpoint_reference=\"na_endpoint_b\",\n ),\n ),\n aws.route53.GetTrafficPolicyDocumentRuleArgs(\n id=\"geoproximity_rule\",\n type=\"geoproximity\",\n geo_proximity_locations=[\n aws.route53.GetTrafficPolicyDocumentRuleGeoProximityLocationArgs(\n region=\"aws:route53:us-west-1\",\n bias=\"10\",\n evaluate_target_health=True,\n rule_reference=\"na_rule\",\n ),\n aws.route53.GetTrafficPolicyDocumentRuleGeoProximityLocationArgs(\n region=\"aws:route53:eu-west-1\",\n bias=\"10\",\n evaluate_target_health=True,\n endpoint_reference=\"eu_endpoint\",\n ),\n aws.route53.GetTrafficPolicyDocumentRuleGeoProximityLocationArgs(\n region=\"aws:route53:ap-northeast-2\",\n bias=\"0\",\n evaluate_target_health=True,\n endpoint_reference=\"ap_endpoint\",\n ),\n ],\n ),\n ])\nexample_traffic_policy = aws.route53.TrafficPolicy(\"example\",\n name=\"example\",\n comment=\"example comment\",\n document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Route53.GetTrafficPolicyDocument.Invoke(new()\n {\n RecordType = \"A\",\n StartRule = \"geoproximity_rule\",\n Endpoints = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"na_endpoint_a\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-111111.us-west-1.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"na_endpoint_b\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-222222.us-west-1.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"eu_endpoint\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-333333.eu-west-1.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"ap_endpoint\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-444444.ap-northeast-2.elb.amazonaws.com\",\n },\n },\n Rules = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleInputArgs\n {\n Id = \"na_rule\",\n Type = \"failover\",\n Primary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRulePrimaryInputArgs\n {\n EndpointReference = \"na_endpoint_a\",\n },\n Secondary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleSecondaryInputArgs\n {\n EndpointReference = \"na_endpoint_b\",\n },\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleInputArgs\n {\n Id = \"geoproximity_rule\",\n Type = \"geoproximity\",\n GeoProximityLocations = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleGeoProximityLocationInputArgs\n {\n Region = \"aws:route53:us-west-1\",\n Bias = \"10\",\n EvaluateTargetHealth = true,\n RuleReference = \"na_rule\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleGeoProximityLocationInputArgs\n {\n Region = \"aws:route53:eu-west-1\",\n Bias = \"10\",\n EvaluateTargetHealth = true,\n EndpointReference = \"eu_endpoint\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleGeoProximityLocationInputArgs\n {\n Region = \"aws:route53:ap-northeast-2\",\n Bias = \"0\",\n EvaluateTargetHealth = true,\n EndpointReference = \"ap_endpoint\",\n },\n },\n },\n },\n });\n\n var exampleTrafficPolicy = new Aws.Route53.TrafficPolicy(\"example\", new()\n {\n Name = \"example\",\n Comment = \"example comment\",\n Document = example.Apply(getTrafficPolicyDocumentResult =\u003e getTrafficPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := route53.GetTrafficPolicyDocument(ctx, \u0026route53.GetTrafficPolicyDocumentArgs{\n\t\t\tRecordType: pulumi.StringRef(\"A\"),\n\t\t\tStartRule: pulumi.StringRef(\"geoproximity_rule\"),\n\t\t\tEndpoints: []route53.GetTrafficPolicyDocumentEndpoint{\n\t\t\t\t{\n\t\t\t\t\tId: \"na_endpoint_a\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-111111.us-west-1.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"na_endpoint_b\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-222222.us-west-1.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"eu_endpoint\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-333333.eu-west-1.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"ap_endpoint\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-444444.ap-northeast-2.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRules: pulumi.Array{\n\t\t\t\troute53.GetTrafficPolicyDocumentRule{\n\t\t\t\t\tId: \"na_rule\",\n\t\t\t\t\tType: pulumi.StringRef(\"failover\"),\n\t\t\t\t\tPrimary: route53.GetTrafficPolicyDocumentRulePrimary{\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"na_endpoint_a\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecondary: route53.GetTrafficPolicyDocumentRuleSecondary{\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"na_endpoint_b\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\troute53.GetTrafficPolicyDocumentRule{\n\t\t\t\t\tId: \"geoproximity_rule\",\n\t\t\t\t\tType: pulumi.StringRef(\"geoproximity\"),\n\t\t\t\t\tGeoProximityLocations: []route53.GetTrafficPolicyDocumentRuleGeoProximityLocation{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tRegion: pulumi.StringRef(\"aws:route53:us-west-1\"),\n\t\t\t\t\t\t\tBias: pulumi.StringRef(\"10\"),\n\t\t\t\t\t\t\tEvaluateTargetHealth: pulumi.BoolRef(true),\n\t\t\t\t\t\t\tRuleReference: pulumi.StringRef(\"na_rule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tRegion: pulumi.StringRef(\"aws:route53:eu-west-1\"),\n\t\t\t\t\t\t\tBias: pulumi.StringRef(\"10\"),\n\t\t\t\t\t\t\tEvaluateTargetHealth: pulumi.BoolRef(true),\n\t\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"eu_endpoint\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tRegion: pulumi.StringRef(\"aws:route53:ap-northeast-2\"),\n\t\t\t\t\t\t\tBias: pulumi.StringRef(\"0\"),\n\t\t\t\t\t\t\tEvaluateTargetHealth: pulumi.BoolRef(true),\n\t\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"ap_endpoint\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewTrafficPolicy(ctx, \"example\", \u0026route53.TrafficPolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tComment: pulumi.String(\"example comment\"),\n\t\t\tDocument: *pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetTrafficPolicyDocumentArgs;\nimport com.pulumi.aws.route53.TrafficPolicy;\nimport com.pulumi.aws.route53.TrafficPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Route53Functions.getTrafficPolicyDocument(GetTrafficPolicyDocumentArgs.builder()\n .recordType(\"A\")\n .startRule(\"geoproximity_rule\")\n .endpoints( \n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"na_endpoint_a\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-111111.us-west-1.elb.amazonaws.com\")\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"na_endpoint_b\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-222222.us-west-1.elb.amazonaws.com\")\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"eu_endpoint\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-333333.eu-west-1.elb.amazonaws.com\")\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"ap_endpoint\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-444444.ap-northeast-2.elb.amazonaws.com\")\n .build())\n .rules( \n GetTrafficPolicyDocumentRuleArgs.builder()\n .id(\"na_rule\")\n .type(\"failover\")\n .primary(GetTrafficPolicyDocumentRulePrimaryArgs.builder()\n .endpointReference(\"na_endpoint_a\")\n .build())\n .secondary(GetTrafficPolicyDocumentRuleSecondaryArgs.builder()\n .endpointReference(\"na_endpoint_b\")\n .build())\n .build(),\n GetTrafficPolicyDocumentRuleArgs.builder()\n .id(\"geoproximity_rule\")\n .type(\"geoproximity\")\n .geoProximityLocations( \n GetTrafficPolicyDocumentRuleGeoProximityLocationArgs.builder()\n .region(\"aws:route53:us-west-1\")\n .bias(10)\n .evaluateTargetHealth(true)\n .ruleReference(\"na_rule\")\n .build(),\n GetTrafficPolicyDocumentRuleGeoProximityLocationArgs.builder()\n .region(\"aws:route53:eu-west-1\")\n .bias(10)\n .evaluateTargetHealth(true)\n .endpointReference(\"eu_endpoint\")\n .build(),\n GetTrafficPolicyDocumentRuleGeoProximityLocationArgs.builder()\n .region(\"aws:route53:ap-northeast-2\")\n .bias(0)\n .evaluateTargetHealth(true)\n .endpointReference(\"ap_endpoint\")\n .build())\n .build())\n .build());\n\n var exampleTrafficPolicy = new TrafficPolicy(\"exampleTrafficPolicy\", TrafficPolicyArgs.builder() \n .name(\"example\")\n .comment(\"example comment\")\n .document(example.applyValue(getTrafficPolicyDocumentResult -\u003e getTrafficPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTrafficPolicy:\n type: aws:route53:TrafficPolicy\n name: example\n properties:\n name: example\n comment: example comment\n document: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:route53:getTrafficPolicyDocument\n Arguments:\n recordType: A\n startRule: geoproximity_rule\n endpoints:\n - id: na_endpoint_a\n type: elastic-load-balancer\n value: elb-111111.us-west-1.elb.amazonaws.com\n - id: na_endpoint_b\n type: elastic-load-balancer\n value: elb-222222.us-west-1.elb.amazonaws.com\n - id: eu_endpoint\n type: elastic-load-balancer\n value: elb-333333.eu-west-1.elb.amazonaws.com\n - id: ap_endpoint\n type: elastic-load-balancer\n value: elb-444444.ap-northeast-2.elb.amazonaws.com\n rules:\n - id: na_rule\n type: failover\n primary:\n endpointReference: na_endpoint_a\n secondary:\n endpointReference: na_endpoint_b\n - id: geoproximity_rule\n type: geoproximity\n geoProximityLocations:\n - region: aws:route53:us-west-1\n bias: 10\n evaluateTargetHealth: true\n ruleReference: na_rule\n - region: aws:route53:eu-west-1\n bias: 10\n evaluateTargetHealth: true\n endpointReference: eu_endpoint\n - region: aws:route53:ap-northeast-2\n bias: 0\n evaluateTargetHealth: true\n endpointReference: ap_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Generates an Route53 traffic policy document in JSON format for use with resources that expect policy documents such as `aws.route53.TrafficPolicy`.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst example = Promise.all([current, current]).then(([current, current1]) =\u003e aws.route53.getTrafficPolicyDocument({\n recordType: \"A\",\n startRule: \"site_switch\",\n endpoints: [\n {\n id: \"my_elb\",\n type: \"elastic-load-balancer\",\n value: `elb-111111.${current.name}.elb.amazonaws.com`,\n },\n {\n id: \"site_down_banner\",\n type: \"s3-website\",\n region: current1.name,\n value: \"www.example.com\",\n },\n ],\n rules: [{\n id: \"site_switch\",\n type: \"failover\",\n primary: {\n endpointReference: \"my_elb\",\n },\n secondary: {\n endpointReference: \"site_down_banner\",\n },\n }],\n}));\nconst exampleTrafficPolicy = new aws.route53.TrafficPolicy(\"example\", {\n name: \"example\",\n comment: \"example comment\",\n document: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.route53.get_traffic_policy_document(record_type=\"A\",\n start_rule=\"site_switch\",\n endpoints=[\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"my_elb\",\n type=\"elastic-load-balancer\",\n value=f\"elb-111111.{current.name}.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"site_down_banner\",\n type=\"s3-website\",\n region=current.name,\n value=\"www.example.com\",\n ),\n ],\n rules=[aws.route53.GetTrafficPolicyDocumentRuleArgs(\n id=\"site_switch\",\n type=\"failover\",\n primary=aws.route53.GetTrafficPolicyDocumentRulePrimaryArgs(\n endpoint_reference=\"my_elb\",\n ),\n secondary=aws.route53.GetTrafficPolicyDocumentRuleSecondaryArgs(\n endpoint_reference=\"site_down_banner\",\n ),\n )])\nexample_traffic_policy = aws.route53.TrafficPolicy(\"example\",\n name=\"example\",\n comment=\"example comment\",\n document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var example = Aws.Route53.GetTrafficPolicyDocument.Invoke(new()\n {\n RecordType = \"A\",\n StartRule = \"site_switch\",\n Endpoints = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"my_elb\",\n Type = \"elastic-load-balancer\",\n Value = $\"elb-111111.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"site_down_banner\",\n Type = \"s3-website\",\n Region = current.Apply(getRegionResult =\u003e getRegionResult.Name),\n Value = \"www.example.com\",\n },\n },\n Rules = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleInputArgs\n {\n Id = \"site_switch\",\n Type = \"failover\",\n Primary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRulePrimaryInputArgs\n {\n EndpointReference = \"my_elb\",\n },\n Secondary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleSecondaryInputArgs\n {\n EndpointReference = \"site_down_banner\",\n },\n },\n },\n });\n\n var exampleTrafficPolicy = new Aws.Route53.TrafficPolicy(\"example\", new()\n {\n Name = \"example\",\n Comment = \"example comment\",\n Document = example.Apply(getTrafficPolicyDocumentResult =\u003e getTrafficPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := route53.GetTrafficPolicyDocument(ctx, \u0026route53.GetTrafficPolicyDocumentArgs{\n\t\t\tRecordType: pulumi.StringRef(\"A\"),\n\t\t\tStartRule: pulumi.StringRef(\"site_switch\"),\n\t\t\tEndpoints: []route53.GetTrafficPolicyDocumentEndpoint{\n\t\t\t\t{\n\t\t\t\t\tId: \"my_elb\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(fmt.Sprintf(\"elb-111111.%v.elb.amazonaws.com\", current.Name)),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"site_down_banner\",\n\t\t\t\t\tType: pulumi.StringRef(\"s3-website\"),\n\t\t\t\t\tRegion: pulumi.StringRef(current.Name),\n\t\t\t\t\tValue: pulumi.StringRef(\"www.example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRules: []route53.GetTrafficPolicyDocumentRule{\n\t\t\t\t{\n\t\t\t\t\tId: \"site_switch\",\n\t\t\t\t\tType: pulumi.StringRef(\"failover\"),\n\t\t\t\t\tPrimary: {\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"my_elb\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecondary: {\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"site_down_banner\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewTrafficPolicy(ctx, \"example\", \u0026route53.TrafficPolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tComment: pulumi.String(\"example comment\"),\n\t\t\tDocument: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetTrafficPolicyDocumentArgs;\nimport com.pulumi.aws.route53.TrafficPolicy;\nimport com.pulumi.aws.route53.TrafficPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var example = Route53Functions.getTrafficPolicyDocument(GetTrafficPolicyDocumentArgs.builder()\n .recordType(\"A\")\n .startRule(\"site_switch\")\n .endpoints( \n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"my_elb\")\n .type(\"elastic-load-balancer\")\n .value(String.format(\"elb-111111.%s.elb.amazonaws.com\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"site_down_banner\")\n .type(\"s3-website\")\n .region(current.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .value(\"www.example.com\")\n .build())\n .rules(GetTrafficPolicyDocumentRuleArgs.builder()\n .id(\"site_switch\")\n .type(\"failover\")\n .primary(GetTrafficPolicyDocumentRulePrimaryArgs.builder()\n .endpointReference(\"my_elb\")\n .build())\n .secondary(GetTrafficPolicyDocumentRuleSecondaryArgs.builder()\n .endpointReference(\"site_down_banner\")\n .build())\n .build())\n .build());\n\n var exampleTrafficPolicy = new TrafficPolicy(\"exampleTrafficPolicy\", TrafficPolicyArgs.builder() \n .name(\"example\")\n .comment(\"example comment\")\n .document(example.applyValue(getTrafficPolicyDocumentResult -\u003e getTrafficPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTrafficPolicy:\n type: aws:route53:TrafficPolicy\n name: example\n properties:\n name: example\n comment: example comment\n document: ${example.json}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n example:\n fn::invoke:\n Function: aws:route53:getTrafficPolicyDocument\n Arguments:\n recordType: A\n startRule: site_switch\n endpoints:\n - id: my_elb\n type: elastic-load-balancer\n value: elb-111111.${current.name}.elb.amazonaws.com\n - id: site_down_banner\n type: s3-website\n region: ${current.name}\n value: www.example.com\n rules:\n - id: site_switch\n type: failover\n primary:\n endpointReference: my_elb\n secondary:\n endpointReference: site_down_banner\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Complex Example\n\nThe following example showcases the use of nested rules within the traffic policy document and introduces the `geoproximity` rule type.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.route53.getTrafficPolicyDocument({\n recordType: \"A\",\n startRule: \"geoproximity_rule\",\n endpoints: [\n {\n id: \"na_endpoint_a\",\n type: \"elastic-load-balancer\",\n value: \"elb-111111.us-west-1.elb.amazonaws.com\",\n },\n {\n id: \"na_endpoint_b\",\n type: \"elastic-load-balancer\",\n value: \"elb-222222.us-west-1.elb.amazonaws.com\",\n },\n {\n id: \"eu_endpoint\",\n type: \"elastic-load-balancer\",\n value: \"elb-333333.eu-west-1.elb.amazonaws.com\",\n },\n {\n id: \"ap_endpoint\",\n type: \"elastic-load-balancer\",\n value: \"elb-444444.ap-northeast-2.elb.amazonaws.com\",\n },\n ],\n rules: [\n {\n id: \"na_rule\",\n type: \"failover\",\n primary: {\n endpointReference: \"na_endpoint_a\",\n },\n secondary: {\n endpointReference: \"na_endpoint_b\",\n },\n },\n {\n id: \"geoproximity_rule\",\n type: \"geoproximity\",\n geoProximityLocations: [\n {\n region: \"aws:route53:us-west-1\",\n bias: \"10\",\n evaluateTargetHealth: true,\n ruleReference: \"na_rule\",\n },\n {\n region: \"aws:route53:eu-west-1\",\n bias: \"10\",\n evaluateTargetHealth: true,\n endpointReference: \"eu_endpoint\",\n },\n {\n region: \"aws:route53:ap-northeast-2\",\n bias: \"0\",\n evaluateTargetHealth: true,\n endpointReference: \"ap_endpoint\",\n },\n ],\n },\n ],\n});\nconst exampleTrafficPolicy = new aws.route53.TrafficPolicy(\"example\", {\n name: \"example\",\n comment: \"example comment\",\n document: example.then(example =\u003e example.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.get_traffic_policy_document(record_type=\"A\",\n start_rule=\"geoproximity_rule\",\n endpoints=[\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"na_endpoint_a\",\n type=\"elastic-load-balancer\",\n value=\"elb-111111.us-west-1.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"na_endpoint_b\",\n type=\"elastic-load-balancer\",\n value=\"elb-222222.us-west-1.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"eu_endpoint\",\n type=\"elastic-load-balancer\",\n value=\"elb-333333.eu-west-1.elb.amazonaws.com\",\n ),\n aws.route53.GetTrafficPolicyDocumentEndpointArgs(\n id=\"ap_endpoint\",\n type=\"elastic-load-balancer\",\n value=\"elb-444444.ap-northeast-2.elb.amazonaws.com\",\n ),\n ],\n rules=[\n aws.route53.GetTrafficPolicyDocumentRuleArgs(\n id=\"na_rule\",\n type=\"failover\",\n primary=aws.route53.GetTrafficPolicyDocumentRulePrimaryArgs(\n endpoint_reference=\"na_endpoint_a\",\n ),\n secondary=aws.route53.GetTrafficPolicyDocumentRuleSecondaryArgs(\n endpoint_reference=\"na_endpoint_b\",\n ),\n ),\n aws.route53.GetTrafficPolicyDocumentRuleArgs(\n id=\"geoproximity_rule\",\n type=\"geoproximity\",\n geo_proximity_locations=[\n aws.route53.GetTrafficPolicyDocumentRuleGeoProximityLocationArgs(\n region=\"aws:route53:us-west-1\",\n bias=\"10\",\n evaluate_target_health=True,\n rule_reference=\"na_rule\",\n ),\n aws.route53.GetTrafficPolicyDocumentRuleGeoProximityLocationArgs(\n region=\"aws:route53:eu-west-1\",\n bias=\"10\",\n evaluate_target_health=True,\n endpoint_reference=\"eu_endpoint\",\n ),\n aws.route53.GetTrafficPolicyDocumentRuleGeoProximityLocationArgs(\n region=\"aws:route53:ap-northeast-2\",\n bias=\"0\",\n evaluate_target_health=True,\n endpoint_reference=\"ap_endpoint\",\n ),\n ],\n ),\n ])\nexample_traffic_policy = aws.route53.TrafficPolicy(\"example\",\n name=\"example\",\n comment=\"example comment\",\n document=example.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Route53.GetTrafficPolicyDocument.Invoke(new()\n {\n RecordType = \"A\",\n StartRule = \"geoproximity_rule\",\n Endpoints = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"na_endpoint_a\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-111111.us-west-1.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"na_endpoint_b\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-222222.us-west-1.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"eu_endpoint\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-333333.eu-west-1.elb.amazonaws.com\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentEndpointInputArgs\n {\n Id = \"ap_endpoint\",\n Type = \"elastic-load-balancer\",\n Value = \"elb-444444.ap-northeast-2.elb.amazonaws.com\",\n },\n },\n Rules = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleInputArgs\n {\n Id = \"na_rule\",\n Type = \"failover\",\n Primary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRulePrimaryInputArgs\n {\n EndpointReference = \"na_endpoint_a\",\n },\n Secondary = new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleSecondaryInputArgs\n {\n EndpointReference = \"na_endpoint_b\",\n },\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleInputArgs\n {\n Id = \"geoproximity_rule\",\n Type = \"geoproximity\",\n GeoProximityLocations = new[]\n {\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleGeoProximityLocationInputArgs\n {\n Region = \"aws:route53:us-west-1\",\n Bias = \"10\",\n EvaluateTargetHealth = true,\n RuleReference = \"na_rule\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleGeoProximityLocationInputArgs\n {\n Region = \"aws:route53:eu-west-1\",\n Bias = \"10\",\n EvaluateTargetHealth = true,\n EndpointReference = \"eu_endpoint\",\n },\n new Aws.Route53.Inputs.GetTrafficPolicyDocumentRuleGeoProximityLocationInputArgs\n {\n Region = \"aws:route53:ap-northeast-2\",\n Bias = \"0\",\n EvaluateTargetHealth = true,\n EndpointReference = \"ap_endpoint\",\n },\n },\n },\n },\n });\n\n var exampleTrafficPolicy = new Aws.Route53.TrafficPolicy(\"example\", new()\n {\n Name = \"example\",\n Comment = \"example comment\",\n Document = example.Apply(getTrafficPolicyDocumentResult =\u003e getTrafficPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := route53.GetTrafficPolicyDocument(ctx, \u0026route53.GetTrafficPolicyDocumentArgs{\n\t\t\tRecordType: pulumi.StringRef(\"A\"),\n\t\t\tStartRule: pulumi.StringRef(\"geoproximity_rule\"),\n\t\t\tEndpoints: []route53.GetTrafficPolicyDocumentEndpoint{\n\t\t\t\t{\n\t\t\t\t\tId: \"na_endpoint_a\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-111111.us-west-1.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"na_endpoint_b\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-222222.us-west-1.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"eu_endpoint\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-333333.eu-west-1.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tId: \"ap_endpoint\",\n\t\t\t\t\tType: pulumi.StringRef(\"elastic-load-balancer\"),\n\t\t\t\t\tValue: pulumi.StringRef(\"elb-444444.ap-northeast-2.elb.amazonaws.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRules: pulumi.Array{\n\t\t\t\troute53.GetTrafficPolicyDocumentRule{\n\t\t\t\t\tId: \"na_rule\",\n\t\t\t\t\tType: pulumi.StringRef(\"failover\"),\n\t\t\t\t\tPrimary: route53.GetTrafficPolicyDocumentRulePrimary{\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"na_endpoint_a\"),\n\t\t\t\t\t},\n\t\t\t\t\tSecondary: route53.GetTrafficPolicyDocumentRuleSecondary{\n\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"na_endpoint_b\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\troute53.GetTrafficPolicyDocumentRule{\n\t\t\t\t\tId: \"geoproximity_rule\",\n\t\t\t\t\tType: pulumi.StringRef(\"geoproximity\"),\n\t\t\t\t\tGeoProximityLocations: []route53.GetTrafficPolicyDocumentRuleGeoProximityLocation{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tRegion: pulumi.StringRef(\"aws:route53:us-west-1\"),\n\t\t\t\t\t\t\tBias: pulumi.StringRef(\"10\"),\n\t\t\t\t\t\t\tEvaluateTargetHealth: pulumi.BoolRef(true),\n\t\t\t\t\t\t\tRuleReference: pulumi.StringRef(\"na_rule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tRegion: pulumi.StringRef(\"aws:route53:eu-west-1\"),\n\t\t\t\t\t\t\tBias: pulumi.StringRef(\"10\"),\n\t\t\t\t\t\t\tEvaluateTargetHealth: pulumi.BoolRef(true),\n\t\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"eu_endpoint\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tRegion: pulumi.StringRef(\"aws:route53:ap-northeast-2\"),\n\t\t\t\t\t\t\tBias: pulumi.StringRef(\"0\"),\n\t\t\t\t\t\t\tEvaluateTargetHealth: pulumi.BoolRef(true),\n\t\t\t\t\t\t\tEndpointReference: pulumi.StringRef(\"ap_endpoint\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewTrafficPolicy(ctx, \"example\", \u0026route53.TrafficPolicyArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tComment: pulumi.String(\"example comment\"),\n\t\t\tDocument: pulumi.String(example.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetTrafficPolicyDocumentArgs;\nimport com.pulumi.aws.route53.TrafficPolicy;\nimport com.pulumi.aws.route53.TrafficPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Route53Functions.getTrafficPolicyDocument(GetTrafficPolicyDocumentArgs.builder()\n .recordType(\"A\")\n .startRule(\"geoproximity_rule\")\n .endpoints( \n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"na_endpoint_a\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-111111.us-west-1.elb.amazonaws.com\")\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"na_endpoint_b\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-222222.us-west-1.elb.amazonaws.com\")\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"eu_endpoint\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-333333.eu-west-1.elb.amazonaws.com\")\n .build(),\n GetTrafficPolicyDocumentEndpointArgs.builder()\n .id(\"ap_endpoint\")\n .type(\"elastic-load-balancer\")\n .value(\"elb-444444.ap-northeast-2.elb.amazonaws.com\")\n .build())\n .rules( \n GetTrafficPolicyDocumentRuleArgs.builder()\n .id(\"na_rule\")\n .type(\"failover\")\n .primary(GetTrafficPolicyDocumentRulePrimaryArgs.builder()\n .endpointReference(\"na_endpoint_a\")\n .build())\n .secondary(GetTrafficPolicyDocumentRuleSecondaryArgs.builder()\n .endpointReference(\"na_endpoint_b\")\n .build())\n .build(),\n GetTrafficPolicyDocumentRuleArgs.builder()\n .id(\"geoproximity_rule\")\n .type(\"geoproximity\")\n .geoProximityLocations( \n GetTrafficPolicyDocumentRuleGeoProximityLocationArgs.builder()\n .region(\"aws:route53:us-west-1\")\n .bias(10)\n .evaluateTargetHealth(true)\n .ruleReference(\"na_rule\")\n .build(),\n GetTrafficPolicyDocumentRuleGeoProximityLocationArgs.builder()\n .region(\"aws:route53:eu-west-1\")\n .bias(10)\n .evaluateTargetHealth(true)\n .endpointReference(\"eu_endpoint\")\n .build(),\n GetTrafficPolicyDocumentRuleGeoProximityLocationArgs.builder()\n .region(\"aws:route53:ap-northeast-2\")\n .bias(0)\n .evaluateTargetHealth(true)\n .endpointReference(\"ap_endpoint\")\n .build())\n .build())\n .build());\n\n var exampleTrafficPolicy = new TrafficPolicy(\"exampleTrafficPolicy\", TrafficPolicyArgs.builder() \n .name(\"example\")\n .comment(\"example comment\")\n .document(example.applyValue(getTrafficPolicyDocumentResult -\u003e getTrafficPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTrafficPolicy:\n type: aws:route53:TrafficPolicy\n name: example\n properties:\n name: example\n comment: example comment\n document: ${example.json}\nvariables:\n example:\n fn::invoke:\n Function: aws:route53:getTrafficPolicyDocument\n Arguments:\n recordType: A\n startRule: geoproximity_rule\n endpoints:\n - id: na_endpoint_a\n type: elastic-load-balancer\n value: elb-111111.us-west-1.elb.amazonaws.com\n - id: na_endpoint_b\n type: elastic-load-balancer\n value: elb-222222.us-west-1.elb.amazonaws.com\n - id: eu_endpoint\n type: elastic-load-balancer\n value: elb-333333.eu-west-1.elb.amazonaws.com\n - id: ap_endpoint\n type: elastic-load-balancer\n value: elb-444444.ap-northeast-2.elb.amazonaws.com\n rules:\n - id: na_rule\n type: failover\n primary:\n endpointReference: na_endpoint_a\n secondary:\n endpointReference: na_endpoint_b\n - id: geoproximity_rule\n type: geoproximity\n geoProximityLocations:\n - region: aws:route53:us-west-1\n bias: 10\n evaluateTargetHealth: true\n ruleReference: na_rule\n - region: aws:route53:eu-west-1\n bias: 10\n evaluateTargetHealth: true\n endpointReference: eu_endpoint\n - region: aws:route53:ap-northeast-2\n bias: 0\n evaluateTargetHealth: true\n endpointReference: ap_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTrafficPolicyDocument.\n", "properties": { @@ -384471,7 +384471,7 @@ } }, "aws:route53/getZone:getZone": { - "description": "`aws.route53.Zone` provides details about a specific Route 53 Hosted Zone.\n\nThis data source allows to find a Hosted Zone ID given Hosted Zone name and certain search criteria.\n\n## Example Usage\n\nThe following example shows how to get a Hosted Zone from its name and from this data how to create a Record Set.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.route53.getZone({\n name: \"test.com.\",\n privateZone: true,\n});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: selected.then(selected =\u003e selected.zoneId),\n name: selected.then(selected =\u003e `www.${selected.name}`),\n type: \"A\",\n ttl: 300,\n records: [\"10.0.0.1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.route53.get_zone(name=\"test.com.\",\n private_zone=True)\nwww = aws.route53.Record(\"www\",\n zone_id=selected.zone_id,\n name=f\"www.{selected.name}\",\n type=\"A\",\n ttl=300,\n records=[\"10.0.0.1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.Route53.GetZone.Invoke(new()\n {\n Name = \"test.com.\",\n PrivateZone = true,\n });\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = selected.Apply(getZoneResult =\u003e getZoneResult.ZoneId),\n Name = $\"www.{selected.Apply(getZoneResult =\u003e getZoneResult.Name)}\",\n Type = \"A\",\n Ttl = 300,\n Records = new[]\n {\n \"10.0.0.1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := route53.LookupZone(ctx, \u0026route53.LookupZoneArgs{\n\t\t\tName: pulumi.StringRef(\"test.com.\"),\n\t\t\tPrivateZone: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: *pulumi.String(selected.ZoneId),\n\t\t\tName: pulumi.String(fmt.Sprintf(\"www.%v\", selected.Name)),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.0.0.1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = Route53Functions.getZone(GetZoneArgs.builder()\n .name(\"test.com.\")\n .privateZone(true)\n .build());\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(selected.applyValue(getZoneResult -\u003e getZoneResult.zoneId()))\n .name(String.format(\"www.%s\", selected.applyValue(getZoneResult -\u003e getZoneResult.name())))\n .type(\"A\")\n .ttl(\"300\")\n .records(\"10.0.0.1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${selected.zoneId}\n name: www.${selected.name}\n type: A\n ttl: '300'\n records:\n - 10.0.0.1\nvariables:\n selected:\n fn::invoke:\n Function: aws:route53:getZone\n Arguments:\n name: test.com.\n privateZone: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.route53.Zone` provides details about a specific Route 53 Hosted Zone.\n\nThis data source allows to find a Hosted Zone ID given Hosted Zone name and certain search criteria.\n\n## Example Usage\n\nThe following example shows how to get a Hosted Zone from its name and from this data how to create a Record Set.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.route53.getZone({\n name: \"test.com.\",\n privateZone: true,\n});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: selected.then(selected =\u003e selected.zoneId),\n name: selected.then(selected =\u003e `www.${selected.name}`),\n type: aws.route53.RecordType.A,\n ttl: 300,\n records: [\"10.0.0.1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.route53.get_zone(name=\"test.com.\",\n private_zone=True)\nwww = aws.route53.Record(\"www\",\n zone_id=selected.zone_id,\n name=f\"www.{selected.name}\",\n type=aws.route53.RecordType.A,\n ttl=300,\n records=[\"10.0.0.1\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.Route53.GetZone.Invoke(new()\n {\n Name = \"test.com.\",\n PrivateZone = true,\n });\n\n var www = new Aws.Route53.Record(\"www\", new()\n {\n ZoneId = selected.Apply(getZoneResult =\u003e getZoneResult.ZoneId),\n Name = $\"www.{selected.Apply(getZoneResult =\u003e getZoneResult.Name)}\",\n Type = Aws.Route53.RecordType.A,\n Ttl = 300,\n Records = new[]\n {\n \"10.0.0.1\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := route53.LookupZone(ctx, \u0026route53.LookupZoneArgs{\n\t\t\tName: pulumi.StringRef(\"test.com.\"),\n\t\t\tPrivateZone: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.String(selected.ZoneId),\n\t\t\tName: pulumi.String(fmt.Sprintf(\"www.%v\", selected.Name)),\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.0.0.1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = Route53Functions.getZone(GetZoneArgs.builder()\n .name(\"test.com.\")\n .privateZone(true)\n .build());\n\n var www = new Record(\"www\", RecordArgs.builder() \n .zoneId(selected.applyValue(getZoneResult -\u003e getZoneResult.zoneId()))\n .name(String.format(\"www.%s\", selected.applyValue(getZoneResult -\u003e getZoneResult.name())))\n .type(\"A\")\n .ttl(\"300\")\n .records(\"10.0.0.1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n www:\n type: aws:route53:Record\n properties:\n zoneId: ${selected.zoneId}\n name: www.${selected.name}\n type: A\n ttl: '300'\n records:\n - 10.0.0.1\nvariables:\n selected:\n fn::invoke:\n Function: aws:route53:getZone\n Arguments:\n name: test.com.\n privateZone: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getZone.\n", "properties": { @@ -384634,7 +384634,7 @@ } }, "aws:s3/getBucket:getBucket": { - "description": "Provides details about a specific S3 bucket.\n\nThis resource may prove useful when setting up a Route53 record, or an origin for a CloudFront\nDistribution.\n\n## Example Usage\n\n### Route53 Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.s3.getBucket({\n bucket: \"bucket.test.com\",\n});\nconst testZone = aws.route53.getZone({\n name: \"test.com.\",\n});\nconst example = new aws.route53.Record(\"example\", {\n zoneId: testZone.then(testZone =\u003e testZone.id),\n name: \"bucket\",\n type: \"A\",\n aliases: [{\n name: selected.then(selected =\u003e selected.websiteDomain),\n zoneId: selected.then(selected =\u003e selected.hostedZoneId),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.s3.get_bucket(bucket=\"bucket.test.com\")\ntest_zone = aws.route53.get_zone(name=\"test.com.\")\nexample = aws.route53.Record(\"example\",\n zone_id=test_zone.id,\n name=\"bucket\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=selected.website_domain,\n zone_id=selected.hosted_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"bucket.test.com\",\n });\n\n var testZone = Aws.Route53.GetZone.Invoke(new()\n {\n Name = \"test.com.\",\n });\n\n var example = new Aws.Route53.Record(\"example\", new()\n {\n ZoneId = testZone.Apply(getZoneResult =\u003e getZoneResult.Id),\n Name = \"bucket\",\n Type = \"A\",\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = selected.Apply(getBucketResult =\u003e getBucketResult.WebsiteDomain),\n ZoneId = selected.Apply(getBucketResult =\u003e getBucketResult.HostedZoneId),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"bucket.test.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestZone, err := route53.LookupZone(ctx, \u0026route53.LookupZoneArgs{\n\t\t\tName: pulumi.StringRef(\"test.com.\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tZoneId: *pulumi.String(testZone.Id),\n\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: *pulumi.String(selected.WebsiteDomain),\n\t\t\t\t\tZoneId: *pulumi.String(selected.HostedZoneId),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"bucket.test.com\")\n .build());\n\n final var testZone = Route53Functions.getZone(GetZoneArgs.builder()\n .name(\"test.com.\")\n .build());\n\n var example = new Record(\"example\", RecordArgs.builder() \n .zoneId(testZone.applyValue(getZoneResult -\u003e getZoneResult.id()))\n .name(\"bucket\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(selected.applyValue(getBucketResult -\u003e getBucketResult.websiteDomain()))\n .zoneId(selected.applyValue(getBucketResult -\u003e getBucketResult.hostedZoneId()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:route53:Record\n properties:\n zoneId: ${testZone.id}\n name: bucket\n type: A\n aliases:\n - name: ${selected.websiteDomain}\n zoneId: ${selected.hostedZoneId}\nvariables:\n selected:\n fn::invoke:\n Function: aws:s3:getBucket\n Arguments:\n bucket: bucket.test.com\n testZone:\n fn::invoke:\n Function: aws:route53:getZone\n Arguments:\n name: test.com.\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### CloudFront Origin\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.s3.getBucket({\n bucket: \"a-test-bucket\",\n});\nconst test = new aws.cloudfront.Distribution(\"test\", {origins: [{\n domainName: selected.then(selected =\u003e selected.bucketDomainName),\n originId: \"s3-selected-bucket\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.s3.get_bucket(bucket=\"a-test-bucket\")\ntest = aws.cloudfront.Distribution(\"test\", origins=[aws.cloudfront.DistributionOriginArgs(\n domain_name=selected.bucket_domain_name,\n origin_id=\"s3-selected-bucket\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"a-test-bucket\",\n });\n\n var test = new Aws.CloudFront.Distribution(\"test\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n DomainName = selected.Apply(getBucketResult =\u003e getBucketResult.BucketDomainName),\n OriginId = \"s3-selected-bucket\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"a-test-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfront.NewDistribution(ctx, \"test\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tDomainName: *pulumi.String(selected.BucketDomainName),\n\t\t\t\t\tOriginId: pulumi.String(\"s3-selected-bucket\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"a-test-bucket\")\n .build());\n\n var test = new Distribution(\"test\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .domainName(selected.applyValue(getBucketResult -\u003e getBucketResult.bucketDomainName()))\n .originId(\"s3-selected-bucket\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - domainName: ${selected.bucketDomainName}\n originId: s3-selected-bucket\nvariables:\n selected:\n fn::invoke:\n Function: aws:s3:getBucket\n Arguments:\n bucket: a-test-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides details about a specific S3 bucket.\n\nThis resource may prove useful when setting up a Route53 record, or an origin for a CloudFront\nDistribution.\n\n## Example Usage\n\n### Route53 Record\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.s3.getBucket({\n bucket: \"bucket.test.com\",\n});\nconst testZone = aws.route53.getZone({\n name: \"test.com.\",\n});\nconst example = new aws.route53.Record(\"example\", {\n zoneId: testZone.then(testZone =\u003e testZone.id),\n name: \"bucket\",\n type: aws.route53.RecordType.A,\n aliases: [{\n name: selected.then(selected =\u003e selected.websiteDomain),\n zoneId: selected.then(selected =\u003e selected.hostedZoneId),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.s3.get_bucket(bucket=\"bucket.test.com\")\ntest_zone = aws.route53.get_zone(name=\"test.com.\")\nexample = aws.route53.Record(\"example\",\n zone_id=test_zone.id,\n name=\"bucket\",\n type=aws.route53.RecordType.A,\n aliases=[aws.route53.RecordAliasArgs(\n name=selected.website_domain,\n zone_id=selected.hosted_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"bucket.test.com\",\n });\n\n var testZone = Aws.Route53.GetZone.Invoke(new()\n {\n Name = \"test.com.\",\n });\n\n var example = new Aws.Route53.Record(\"example\", new()\n {\n ZoneId = testZone.Apply(getZoneResult =\u003e getZoneResult.Id),\n Name = \"bucket\",\n Type = Aws.Route53.RecordType.A,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = selected.Apply(getBucketResult =\u003e getBucketResult.WebsiteDomain),\n ZoneId = selected.Apply(getBucketResult =\u003e getBucketResult.HostedZoneId),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"bucket.test.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestZone, err := route53.LookupZone(ctx, \u0026route53.LookupZoneArgs{\n\t\t\tName: pulumi.StringRef(\"test.com.\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.String(testZone.Id),\n\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\tType: pulumi.String(route53.RecordTypeA),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.String(selected.WebsiteDomain),\n\t\t\t\t\tZoneId: pulumi.String(selected.HostedZoneId),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.route53.Route53Functions;\nimport com.pulumi.aws.route53.inputs.GetZoneArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"bucket.test.com\")\n .build());\n\n final var testZone = Route53Functions.getZone(GetZoneArgs.builder()\n .name(\"test.com.\")\n .build());\n\n var example = new Record(\"example\", RecordArgs.builder() \n .zoneId(testZone.applyValue(getZoneResult -\u003e getZoneResult.id()))\n .name(\"bucket\")\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(selected.applyValue(getBucketResult -\u003e getBucketResult.websiteDomain()))\n .zoneId(selected.applyValue(getBucketResult -\u003e getBucketResult.hostedZoneId()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:route53:Record\n properties:\n zoneId: ${testZone.id}\n name: bucket\n type: A\n aliases:\n - name: ${selected.websiteDomain}\n zoneId: ${selected.hostedZoneId}\nvariables:\n selected:\n fn::invoke:\n Function: aws:s3:getBucket\n Arguments:\n bucket: bucket.test.com\n testZone:\n fn::invoke:\n Function: aws:route53:getZone\n Arguments:\n name: test.com.\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### CloudFront Origin\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.s3.getBucket({\n bucket: \"a-test-bucket\",\n});\nconst test = new aws.cloudfront.Distribution(\"test\", {origins: [{\n domainName: selected.then(selected =\u003e selected.bucketDomainName),\n originId: \"s3-selected-bucket\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.s3.get_bucket(bucket=\"a-test-bucket\")\ntest = aws.cloudfront.Distribution(\"test\", origins=[aws.cloudfront.DistributionOriginArgs(\n domain_name=selected.bucket_domain_name,\n origin_id=\"s3-selected-bucket\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var selected = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"a-test-bucket\",\n });\n\n var test = new Aws.CloudFront.Distribution(\"test\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n DomainName = selected.Apply(getBucketResult =\u003e getBucketResult.BucketDomainName),\n OriginId = \"s3-selected-bucket\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"a-test-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfront.NewDistribution(ctx, \"test\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tDomainName: pulumi.String(selected.BucketDomainName),\n\t\t\t\t\tOriginId: pulumi.String(\"s3-selected-bucket\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var selected = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"a-test-bucket\")\n .build());\n\n var test = new Distribution(\"test\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .domainName(selected.applyValue(getBucketResult -\u003e getBucketResult.bucketDomainName()))\n .originId(\"s3-selected-bucket\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - domainName: ${selected.bucketDomainName}\n originId: s3-selected-bucket\nvariables:\n selected:\n fn::invoke:\n Function: aws:s3:getBucket\n Arguments:\n bucket: a-test-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBucket.\n", "properties": { @@ -384702,7 +384702,7 @@ } }, "aws:s3/getBucketObject:getBucketObject": { - "description": "\u003e **NOTE:** The `aws.s3.BucketObject` data source is DEPRECATED and will be removed in a future version! Use `aws.s3.BucketObjectv2` instead, where new features and fixes will be added.\n\nThe S3 object data source allows access to the metadata and\n_optionally_ (see below) content of an object stored inside S3 bucket.\n\n\u003e **Note:** The content of an object (`body` field) is available only for objects which have a human-readable `Content-Type` (`text/*` and `application/json`). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.\n\n## Example Usage\n\nThe following example retrieves a text object (which must have a `Content-Type`\nvalue starting with `text/`) and uses it as the `user_data` for an EC2 instance:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bootstrapScript = aws.s3.getBucketObject({\n bucket: \"ourcorp-deploy-config\",\n key: \"ec2-bootstrap-script.sh\",\n});\nconst example = new aws.ec2.Instance(\"example\", {\n instanceType: \"t2.micro\",\n ami: \"ami-2757f631\",\n userData: bootstrapScript.then(bootstrapScript =\u003e bootstrapScript.body),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbootstrap_script = aws.s3.get_bucket_object(bucket=\"ourcorp-deploy-config\",\n key=\"ec2-bootstrap-script.sh\")\nexample = aws.ec2.Instance(\"example\",\n instance_type=\"t2.micro\",\n ami=\"ami-2757f631\",\n user_data=bootstrap_script.body)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bootstrapScript = Aws.S3.GetBucketObject.Invoke(new()\n {\n Bucket = \"ourcorp-deploy-config\",\n Key = \"ec2-bootstrap-script.sh\",\n });\n\n var example = new Aws.Ec2.Instance(\"example\", new()\n {\n InstanceType = \"t2.micro\",\n Ami = \"ami-2757f631\",\n UserData = bootstrapScript.Apply(getBucketObjectResult =\u003e getBucketObjectResult.Body),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbootstrapScript, err := s3.LookupBucketObject(ctx, \u0026s3.LookupBucketObjectArgs{\n\t\t\tBucket: \"ourcorp-deploy-config\",\n\t\t\tKey: \"ec2-bootstrap-script.sh\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tAmi: pulumi.String(\"ami-2757f631\"),\n\t\t\tUserData: *pulumi.String(bootstrapScript.Body),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketObjectArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var bootstrapScript = S3Functions.getBucketObject(GetBucketObjectArgs.builder()\n .bucket(\"ourcorp-deploy-config\")\n .key(\"ec2-bootstrap-script.sh\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .instanceType(\"t2.micro\")\n .ami(\"ami-2757f631\")\n .userData(bootstrapScript.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.body()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Instance\n properties:\n instanceType: t2.micro\n ami: ami-2757f631\n userData: ${bootstrapScript.body}\nvariables:\n bootstrapScript:\n fn::invoke:\n Function: aws:s3:getBucketObject\n Arguments:\n bucket: ourcorp-deploy-config\n key: ec2-bootstrap-script.sh\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe following, more-complex example retrieves only the metadata for a zip\nfile stored in S3, which is then used to pass the most recent `version_id`\nto AWS Lambda for use as a function implementation. More information about\nLambda functions is available in the documentation for\n`aws.lambda.Function`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda = aws.s3.getBucketObject({\n bucket: \"ourcorp-lambda-functions\",\n key: \"hello-world.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n s3Bucket: lambda.then(lambda =\u003e lambda.id),\n s3Key: lambda.then(lambda =\u003e lambda.key),\n s3ObjectVersion: lambda.then(lambda =\u003e lambda.versionId),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"exports.test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_ = aws.s3.get_bucket_object(bucket=\"ourcorp-lambda-functions\",\n key=\"hello-world.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n s3_bucket=lambda_.id,\n s3_key=lambda_.key,\n s3_object_version=lambda_.version_id,\n name=\"lambda_function_name\",\n role=iam_for_lambda[\"arn\"],\n handler=\"exports.test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lambda = Aws.S3.GetBucketObject.Invoke(new()\n {\n Bucket = \"ourcorp-lambda-functions\",\n Key = \"hello-world.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n S3Bucket = lambda.Apply(getBucketObjectResult =\u003e getBucketObjectResult.Id),\n S3Key = lambda.Apply(getBucketObjectResult =\u003e getBucketObjectResult.Key),\n S3ObjectVersion = lambda.Apply(getBucketObjectResult =\u003e getBucketObjectResult.VersionId),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlambda, err := s3.LookupBucketObject(ctx, \u0026s3.LookupBucketObjectArgs{\n\t\t\tBucket: \"ourcorp-lambda-functions\",\n\t\t\tKey: \"hello-world.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tS3Bucket: *pulumi.String(lambda.Id),\n\t\t\tS3Key: *pulumi.String(lambda.Key),\n\t\t\tS3ObjectVersion: *pulumi.String(lambda.VersionId),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: pulumi.Any(iamForLambda.Arn),\n\t\t\tHandler: pulumi.String(\"exports.test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketObjectArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var lambda = S3Functions.getBucketObject(GetBucketObjectArgs.builder()\n .bucket(\"ourcorp-lambda-functions\")\n .key(\"hello-world.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .s3Bucket(lambda.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.id()))\n .s3Key(lambda.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.key()))\n .s3ObjectVersion(lambda.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.versionId()))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n s3Bucket: ${lambda.id}\n s3Key: ${lambda.key}\n s3ObjectVersion: ${lambda.versionId}\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: exports.test\nvariables:\n lambda:\n fn::invoke:\n Function: aws:s3:getBucketObject\n Arguments:\n bucket: ourcorp-lambda-functions\n key: hello-world.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "\u003e **NOTE:** The `aws.s3.BucketObject` data source is DEPRECATED and will be removed in a future version! Use `aws.s3.BucketObjectv2` instead, where new features and fixes will be added.\n\nThe S3 object data source allows access to the metadata and\n_optionally_ (see below) content of an object stored inside S3 bucket.\n\n\u003e **Note:** The content of an object (`body` field) is available only for objects which have a human-readable `Content-Type` (`text/*` and `application/json`). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.\n\n## Example Usage\n\nThe following example retrieves a text object (which must have a `Content-Type`\nvalue starting with `text/`) and uses it as the `user_data` for an EC2 instance:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bootstrapScript = aws.s3.getBucketObject({\n bucket: \"ourcorp-deploy-config\",\n key: \"ec2-bootstrap-script.sh\",\n});\nconst example = new aws.ec2.Instance(\"example\", {\n instanceType: aws.ec2.InstanceType.T2_Micro,\n ami: \"ami-2757f631\",\n userData: bootstrapScript.then(bootstrapScript =\u003e bootstrapScript.body),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbootstrap_script = aws.s3.get_bucket_object(bucket=\"ourcorp-deploy-config\",\n key=\"ec2-bootstrap-script.sh\")\nexample = aws.ec2.Instance(\"example\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n ami=\"ami-2757f631\",\n user_data=bootstrap_script.body)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bootstrapScript = Aws.S3.GetBucketObject.Invoke(new()\n {\n Bucket = \"ourcorp-deploy-config\",\n Key = \"ec2-bootstrap-script.sh\",\n });\n\n var example = new Aws.Ec2.Instance(\"example\", new()\n {\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n Ami = \"ami-2757f631\",\n UserData = bootstrapScript.Apply(getBucketObjectResult =\u003e getBucketObjectResult.Body),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbootstrapScript, err := s3.LookupBucketObject(ctx, \u0026s3.LookupBucketObjectArgs{\n\t\t\tBucket: \"ourcorp-deploy-config\",\n\t\t\tKey: \"ec2-bootstrap-script.sh\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tAmi: pulumi.String(\"ami-2757f631\"),\n\t\t\tUserData: pulumi.String(bootstrapScript.Body),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketObjectArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var bootstrapScript = S3Functions.getBucketObject(GetBucketObjectArgs.builder()\n .bucket(\"ourcorp-deploy-config\")\n .key(\"ec2-bootstrap-script.sh\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .instanceType(\"t2.micro\")\n .ami(\"ami-2757f631\")\n .userData(bootstrapScript.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.body()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Instance\n properties:\n instanceType: t2.micro\n ami: ami-2757f631\n userData: ${bootstrapScript.body}\nvariables:\n bootstrapScript:\n fn::invoke:\n Function: aws:s3:getBucketObject\n Arguments:\n bucket: ourcorp-deploy-config\n key: ec2-bootstrap-script.sh\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe following, more-complex example retrieves only the metadata for a zip\nfile stored in S3, which is then used to pass the most recent `version_id`\nto AWS Lambda for use as a function implementation. More information about\nLambda functions is available in the documentation for\n`aws.lambda.Function`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda = aws.s3.getBucketObject({\n bucket: \"ourcorp-lambda-functions\",\n key: \"hello-world.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n s3Bucket: lambda.then(lambda =\u003e lambda.id),\n s3Key: lambda.then(lambda =\u003e lambda.key),\n s3ObjectVersion: lambda.then(lambda =\u003e lambda.versionId),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"exports.test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_ = aws.s3.get_bucket_object(bucket=\"ourcorp-lambda-functions\",\n key=\"hello-world.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n s3_bucket=lambda_.id,\n s3_key=lambda_.key,\n s3_object_version=lambda_.version_id,\n name=\"lambda_function_name\",\n role=iam_for_lambda[\"arn\"],\n handler=\"exports.test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lambda = Aws.S3.GetBucketObject.Invoke(new()\n {\n Bucket = \"ourcorp-lambda-functions\",\n Key = \"hello-world.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n S3Bucket = lambda.Apply(getBucketObjectResult =\u003e getBucketObjectResult.Id),\n S3Key = lambda.Apply(getBucketObjectResult =\u003e getBucketObjectResult.Key),\n S3ObjectVersion = lambda.Apply(getBucketObjectResult =\u003e getBucketObjectResult.VersionId),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlambda, err := s3.LookupBucketObject(ctx, \u0026s3.LookupBucketObjectArgs{\n\t\t\tBucket: \"ourcorp-lambda-functions\",\n\t\t\tKey: \"hello-world.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tS3Bucket: pulumi.String(lambda.Id),\n\t\t\tS3Key: pulumi.String(lambda.Key),\n\t\t\tS3ObjectVersion: pulumi.String(lambda.VersionId),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: pulumi.Any(iamForLambda.Arn),\n\t\t\tHandler: pulumi.String(\"exports.test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketObjectArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var lambda = S3Functions.getBucketObject(GetBucketObjectArgs.builder()\n .bucket(\"ourcorp-lambda-functions\")\n .key(\"hello-world.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .s3Bucket(lambda.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.id()))\n .s3Key(lambda.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.key()))\n .s3ObjectVersion(lambda.applyValue(getBucketObjectResult -\u003e getBucketObjectResult.versionId()))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n s3Bucket: ${lambda.id}\n s3Key: ${lambda.key}\n s3ObjectVersion: ${lambda.versionId}\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: exports.test\nvariables:\n lambda:\n fn::invoke:\n Function: aws:s3:getBucketObject\n Arguments:\n bucket: ourcorp-lambda-functions\n key: hello-world.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getBucketObject.\n", "properties": { @@ -385074,7 +385074,7 @@ } }, "aws:s3/getObject:getObject": { - "description": "The S3 object data source allows access to the metadata and\n_optionally_ (see below) content of an object stored inside S3 bucket.\n\n\u003e **Note:** The content of an object (`body` field) is available only for objects which have a human-readable `Content-Type` (`text/*` and `application/json`). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.\n\n## Example Usage\n\nThe following example retrieves a text object (which must have a `Content-Type`\nvalue starting with `text/`) and uses it as the `user_data` for an EC2 instance:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bootstrapScript = aws.s3.getObject({\n bucket: \"ourcorp-deploy-config\",\n key: \"ec2-bootstrap-script.sh\",\n});\nconst example = new aws.ec2.Instance(\"example\", {\n instanceType: \"t2.micro\",\n ami: \"ami-2757f631\",\n userData: bootstrapScript.then(bootstrapScript =\u003e bootstrapScript.body),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbootstrap_script = aws.s3.get_object(bucket=\"ourcorp-deploy-config\",\n key=\"ec2-bootstrap-script.sh\")\nexample = aws.ec2.Instance(\"example\",\n instance_type=\"t2.micro\",\n ami=\"ami-2757f631\",\n user_data=bootstrap_script.body)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bootstrapScript = Aws.S3.GetObject.Invoke(new()\n {\n Bucket = \"ourcorp-deploy-config\",\n Key = \"ec2-bootstrap-script.sh\",\n });\n\n var example = new Aws.Ec2.Instance(\"example\", new()\n {\n InstanceType = \"t2.micro\",\n Ami = \"ami-2757f631\",\n UserData = bootstrapScript.Apply(getObjectResult =\u003e getObjectResult.Body),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbootstrapScript, err := s3.GetObject(ctx, \u0026s3.GetObjectArgs{\n\t\t\tBucket: \"ourcorp-deploy-config\",\n\t\t\tKey: \"ec2-bootstrap-script.sh\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tAmi: pulumi.String(\"ami-2757f631\"),\n\t\t\tUserData: *pulumi.String(bootstrapScript.Body),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetObjectArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var bootstrapScript = S3Functions.getObject(GetObjectArgs.builder()\n .bucket(\"ourcorp-deploy-config\")\n .key(\"ec2-bootstrap-script.sh\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .instanceType(\"t2.micro\")\n .ami(\"ami-2757f631\")\n .userData(bootstrapScript.applyValue(getObjectResult -\u003e getObjectResult.body()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Instance\n properties:\n instanceType: t2.micro\n ami: ami-2757f631\n userData: ${bootstrapScript.body}\nvariables:\n bootstrapScript:\n fn::invoke:\n Function: aws:s3:getObject\n Arguments:\n bucket: ourcorp-deploy-config\n key: ec2-bootstrap-script.sh\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe following, more-complex example retrieves only the metadata for a zip\nfile stored in S3, which is then used to pass the most recent `version_id`\nto AWS Lambda for use as a function implementation. More information about\nLambda functions is available in the documentation for\n`aws.lambda.Function`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda = aws.s3.getObject({\n bucket: \"ourcorp-lambda-functions\",\n key: \"hello-world.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n s3Bucket: lambda.then(lambda =\u003e lambda.bucket),\n s3Key: lambda.then(lambda =\u003e lambda.key),\n s3ObjectVersion: lambda.then(lambda =\u003e lambda.versionId),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"exports.test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_ = aws.s3.get_object(bucket=\"ourcorp-lambda-functions\",\n key=\"hello-world.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n s3_bucket=lambda_.bucket,\n s3_key=lambda_.key,\n s3_object_version=lambda_.version_id,\n name=\"lambda_function_name\",\n role=iam_for_lambda[\"arn\"],\n handler=\"exports.test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lambda = Aws.S3.GetObject.Invoke(new()\n {\n Bucket = \"ourcorp-lambda-functions\",\n Key = \"hello-world.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n S3Bucket = lambda.Apply(getObjectResult =\u003e getObjectResult.Bucket),\n S3Key = lambda.Apply(getObjectResult =\u003e getObjectResult.Key),\n S3ObjectVersion = lambda.Apply(getObjectResult =\u003e getObjectResult.VersionId),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlambda, err := s3.GetObject(ctx, \u0026s3.GetObjectArgs{\n\t\t\tBucket: \"ourcorp-lambda-functions\",\n\t\t\tKey: \"hello-world.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tS3Bucket: *pulumi.String(lambda.Bucket),\n\t\t\tS3Key: *pulumi.String(lambda.Key),\n\t\t\tS3ObjectVersion: *pulumi.String(lambda.VersionId),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: pulumi.Any(iamForLambda.Arn),\n\t\t\tHandler: pulumi.String(\"exports.test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetObjectArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var lambda = S3Functions.getObject(GetObjectArgs.builder()\n .bucket(\"ourcorp-lambda-functions\")\n .key(\"hello-world.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .s3Bucket(lambda.applyValue(getObjectResult -\u003e getObjectResult.bucket()))\n .s3Key(lambda.applyValue(getObjectResult -\u003e getObjectResult.key()))\n .s3ObjectVersion(lambda.applyValue(getObjectResult -\u003e getObjectResult.versionId()))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n s3Bucket: ${lambda.bucket}\n s3Key: ${lambda.key}\n s3ObjectVersion: ${lambda.versionId}\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: exports.test\nvariables:\n lambda:\n fn::invoke:\n Function: aws:s3:getObject\n Arguments:\n bucket: ourcorp-lambda-functions\n key: hello-world.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The S3 object data source allows access to the metadata and\n_optionally_ (see below) content of an object stored inside S3 bucket.\n\n\u003e **Note:** The content of an object (`body` field) is available only for objects which have a human-readable `Content-Type` (`text/*` and `application/json`). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.\n\n## Example Usage\n\nThe following example retrieves a text object (which must have a `Content-Type`\nvalue starting with `text/`) and uses it as the `user_data` for an EC2 instance:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bootstrapScript = aws.s3.getObject({\n bucket: \"ourcorp-deploy-config\",\n key: \"ec2-bootstrap-script.sh\",\n});\nconst example = new aws.ec2.Instance(\"example\", {\n instanceType: aws.ec2.InstanceType.T2_Micro,\n ami: \"ami-2757f631\",\n userData: bootstrapScript.then(bootstrapScript =\u003e bootstrapScript.body),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbootstrap_script = aws.s3.get_object(bucket=\"ourcorp-deploy-config\",\n key=\"ec2-bootstrap-script.sh\")\nexample = aws.ec2.Instance(\"example\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n ami=\"ami-2757f631\",\n user_data=bootstrap_script.body)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bootstrapScript = Aws.S3.GetObject.Invoke(new()\n {\n Bucket = \"ourcorp-deploy-config\",\n Key = \"ec2-bootstrap-script.sh\",\n });\n\n var example = new Aws.Ec2.Instance(\"example\", new()\n {\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n Ami = \"ami-2757f631\",\n UserData = bootstrapScript.Apply(getObjectResult =\u003e getObjectResult.Body),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbootstrapScript, err := s3.GetObject(ctx, \u0026s3.GetObjectArgs{\n\t\t\tBucket: \"ourcorp-deploy-config\",\n\t\t\tKey: \"ec2-bootstrap-script.sh\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tAmi: pulumi.String(\"ami-2757f631\"),\n\t\t\tUserData: pulumi.String(bootstrapScript.Body),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetObjectArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var bootstrapScript = S3Functions.getObject(GetObjectArgs.builder()\n .bucket(\"ourcorp-deploy-config\")\n .key(\"ec2-bootstrap-script.sh\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .instanceType(\"t2.micro\")\n .ami(\"ami-2757f631\")\n .userData(bootstrapScript.applyValue(getObjectResult -\u003e getObjectResult.body()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Instance\n properties:\n instanceType: t2.micro\n ami: ami-2757f631\n userData: ${bootstrapScript.body}\nvariables:\n bootstrapScript:\n fn::invoke:\n Function: aws:s3:getObject\n Arguments:\n bucket: ourcorp-deploy-config\n key: ec2-bootstrap-script.sh\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nThe following, more-complex example retrieves only the metadata for a zip\nfile stored in S3, which is then used to pass the most recent `version_id`\nto AWS Lambda for use as a function implementation. More information about\nLambda functions is available in the documentation for\n`aws.lambda.Function`.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda = aws.s3.getObject({\n bucket: \"ourcorp-lambda-functions\",\n key: \"hello-world.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n s3Bucket: lambda.then(lambda =\u003e lambda.bucket),\n s3Key: lambda.then(lambda =\u003e lambda.key),\n s3ObjectVersion: lambda.then(lambda =\u003e lambda.versionId),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"exports.test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_ = aws.s3.get_object(bucket=\"ourcorp-lambda-functions\",\n key=\"hello-world.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n s3_bucket=lambda_.bucket,\n s3_key=lambda_.key,\n s3_object_version=lambda_.version_id,\n name=\"lambda_function_name\",\n role=iam_for_lambda[\"arn\"],\n handler=\"exports.test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lambda = Aws.S3.GetObject.Invoke(new()\n {\n Bucket = \"ourcorp-lambda-functions\",\n Key = \"hello-world.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n S3Bucket = lambda.Apply(getObjectResult =\u003e getObjectResult.Bucket),\n S3Key = lambda.Apply(getObjectResult =\u003e getObjectResult.Key),\n S3ObjectVersion = lambda.Apply(getObjectResult =\u003e getObjectResult.VersionId),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"exports.test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlambda, err := s3.GetObject(ctx, \u0026s3.GetObjectArgs{\n\t\t\tBucket: \"ourcorp-lambda-functions\",\n\t\t\tKey: \"hello-world.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tS3Bucket: pulumi.String(lambda.Bucket),\n\t\t\tS3Key: pulumi.String(lambda.Key),\n\t\t\tS3ObjectVersion: pulumi.String(lambda.VersionId),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: pulumi.Any(iamForLambda.Arn),\n\t\t\tHandler: pulumi.String(\"exports.test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetObjectArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var lambda = S3Functions.getObject(GetObjectArgs.builder()\n .bucket(\"ourcorp-lambda-functions\")\n .key(\"hello-world.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .s3Bucket(lambda.applyValue(getObjectResult -\u003e getObjectResult.bucket()))\n .s3Key(lambda.applyValue(getObjectResult -\u003e getObjectResult.key()))\n .s3ObjectVersion(lambda.applyValue(getObjectResult -\u003e getObjectResult.versionId()))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"exports.test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n s3Bucket: ${lambda.bucket}\n s3Key: ${lambda.key}\n s3ObjectVersion: ${lambda.versionId}\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: exports.test\nvariables:\n lambda:\n fn::invoke:\n Function: aws:s3:getObject\n Arguments:\n bucket: ourcorp-lambda-functions\n key: hello-world.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getObject.\n", "properties": { @@ -385880,7 +385880,7 @@ } }, "aws:serverlessrepository/getApplication:getApplication": { - "description": "Use this data source to get information about an AWS Serverless Application Repository application. For example, this can be used to determine the required `capabilities` for an application.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.serverlessrepository.getApplication({\n applicationId: \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n});\nconst exampleCloudFormationStack = new aws.serverlessrepository.CloudFormationStack(\"example\", {\n name: \"Example\",\n applicationId: example.then(example =\u003e example.applicationId),\n semanticVersion: example.then(example =\u003e example.semanticVersion),\n capabilities: example.then(example =\u003e example.requiredCapabilities),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.serverlessrepository.get_application(application_id=\"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\")\nexample_cloud_formation_stack = aws.serverlessrepository.CloudFormationStack(\"example\",\n name=\"Example\",\n application_id=example.application_id,\n semantic_version=example.semantic_version,\n capabilities=example.required_capabilities)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.ServerlessRepository.GetApplication.Invoke(new()\n {\n ApplicationId = \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n });\n\n var exampleCloudFormationStack = new Aws.ServerlessRepository.CloudFormationStack(\"example\", new()\n {\n Name = \"Example\",\n ApplicationId = example.Apply(getApplicationResult =\u003e getApplicationResult.ApplicationId),\n SemanticVersion = example.Apply(getApplicationResult =\u003e getApplicationResult.SemanticVersion),\n Capabilities = example.Apply(getApplicationResult =\u003e getApplicationResult.RequiredCapabilities),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/serverlessrepository\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := serverlessrepository.GetApplication(ctx, \u0026serverlessrepository.GetApplicationArgs{\n\t\t\tApplicationId: \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serverlessrepository.NewCloudFormationStack(ctx, \"example\", \u0026serverlessrepository.CloudFormationStackArgs{\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t\tApplicationId: *pulumi.String(example.ApplicationId),\n\t\t\tSemanticVersion: *pulumi.String(example.SemanticVersion),\n\t\t\tCapabilities: interface{}(example.RequiredCapabilities),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.serverlessrepository.ServerlessrepositoryFunctions;\nimport com.pulumi.aws.serverlessrepository.inputs.GetApplicationArgs;\nimport com.pulumi.aws.serverlessrepository.CloudFormationStack;\nimport com.pulumi.aws.serverlessrepository.CloudFormationStackArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = ServerlessrepositoryFunctions.getApplication(GetApplicationArgs.builder()\n .applicationId(\"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\")\n .build());\n\n var exampleCloudFormationStack = new CloudFormationStack(\"exampleCloudFormationStack\", CloudFormationStackArgs.builder() \n .name(\"Example\")\n .applicationId(example.applyValue(getApplicationResult -\u003e getApplicationResult.applicationId()))\n .semanticVersion(example.applyValue(getApplicationResult -\u003e getApplicationResult.semanticVersion()))\n .capabilities(example.applyValue(getApplicationResult -\u003e getApplicationResult.requiredCapabilities()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCloudFormationStack:\n type: aws:serverlessrepository:CloudFormationStack\n name: example\n properties:\n name: Example\n applicationId: ${example.applicationId}\n semanticVersion: ${example.semanticVersion}\n capabilities: ${example.requiredCapabilities}\nvariables:\n example:\n fn::invoke:\n Function: aws:serverlessrepository:getApplication\n Arguments:\n applicationId: arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to get information about an AWS Serverless Application Repository application. For example, this can be used to determine the required `capabilities` for an application.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.serverlessrepository.getApplication({\n applicationId: \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n});\nconst exampleCloudFormationStack = new aws.serverlessrepository.CloudFormationStack(\"example\", {\n name: \"Example\",\n applicationId: example.then(example =\u003e example.applicationId),\n semanticVersion: example.then(example =\u003e example.semanticVersion),\n capabilities: example.then(example =\u003e example.requiredCapabilities),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.serverlessrepository.get_application(application_id=\"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\")\nexample_cloud_formation_stack = aws.serverlessrepository.CloudFormationStack(\"example\",\n name=\"Example\",\n application_id=example.application_id,\n semantic_version=example.semantic_version,\n capabilities=example.required_capabilities)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.ServerlessRepository.GetApplication.Invoke(new()\n {\n ApplicationId = \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n });\n\n var exampleCloudFormationStack = new Aws.ServerlessRepository.CloudFormationStack(\"example\", new()\n {\n Name = \"Example\",\n ApplicationId = example.Apply(getApplicationResult =\u003e getApplicationResult.ApplicationId),\n SemanticVersion = example.Apply(getApplicationResult =\u003e getApplicationResult.SemanticVersion),\n Capabilities = example.Apply(getApplicationResult =\u003e getApplicationResult.RequiredCapabilities),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/serverlessrepository\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := serverlessrepository.GetApplication(ctx, \u0026serverlessrepository.GetApplicationArgs{\n\t\t\tApplicationId: \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serverlessrepository.NewCloudFormationStack(ctx, \"example\", \u0026serverlessrepository.CloudFormationStackArgs{\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t\tApplicationId: pulumi.String(example.ApplicationId),\n\t\t\tSemanticVersion: pulumi.String(example.SemanticVersion),\n\t\t\tCapabilities: interface{}(example.RequiredCapabilities),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.serverlessrepository.ServerlessrepositoryFunctions;\nimport com.pulumi.aws.serverlessrepository.inputs.GetApplicationArgs;\nimport com.pulumi.aws.serverlessrepository.CloudFormationStack;\nimport com.pulumi.aws.serverlessrepository.CloudFormationStackArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = ServerlessrepositoryFunctions.getApplication(GetApplicationArgs.builder()\n .applicationId(\"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\")\n .build());\n\n var exampleCloudFormationStack = new CloudFormationStack(\"exampleCloudFormationStack\", CloudFormationStackArgs.builder() \n .name(\"Example\")\n .applicationId(example.applyValue(getApplicationResult -\u003e getApplicationResult.applicationId()))\n .semanticVersion(example.applyValue(getApplicationResult -\u003e getApplicationResult.semanticVersion()))\n .capabilities(example.applyValue(getApplicationResult -\u003e getApplicationResult.requiredCapabilities()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCloudFormationStack:\n type: aws:serverlessrepository:CloudFormationStack\n name: example\n properties:\n name: Example\n applicationId: ${example.applicationId}\n semanticVersion: ${example.semanticVersion}\n capabilities: ${example.requiredCapabilities}\nvariables:\n example:\n fn::invoke:\n Function: aws:serverlessrepository:getApplication\n Arguments:\n applicationId: arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getApplication.\n", "properties": { @@ -389714,7 +389714,7 @@ } }, "aws:waf/getSubscribedRuleGroup:getSubscribedRuleGroup": { - "description": "`aws.waf.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace (needs to be subscribed to first).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.waf.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.waf.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\nconst acl = new aws.waf.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.waf.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.waf.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\nacl = aws.waf.WebAcl(\"acl\", rules=[\n aws.waf.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.waf.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n var acl = new Aws.Waf.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewWebAcl(ctx, \"acl\", \u0026waf.WebAclArgs{\n\t\t\tRules: waf.WebAclRuleArray{\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: *pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: *pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.waf.WafFunctions;\nimport com.pulumi.aws.waf.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.waf.WebAcl;\nimport com.pulumi.aws.waf.WebAclArgs;\nimport com.pulumi.aws.waf.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:waf:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.waf.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace (needs to be subscribed to first).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.waf.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.waf.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\nconst acl = new aws.waf.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.waf.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.waf.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\nacl = aws.waf.WebAcl(\"acl\", rules=[\n aws.waf.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.waf.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n var acl = new Aws.Waf.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewWebAcl(ctx, \"acl\", \u0026waf.WebAclArgs{\n\t\t\tRules: waf.WebAclRuleArray{\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.waf.WafFunctions;\nimport com.pulumi.aws.waf.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.waf.WebAcl;\nimport com.pulumi.aws.waf.WebAclArgs;\nimport com.pulumi.aws.waf.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:waf:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubscribedRuleGroup.\n", "properties": { @@ -389882,7 +389882,7 @@ } }, "aws:wafregional/getSubscribedRuleGroup:getSubscribedRuleGroup": { - "description": "`aws.wafregional.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace for use in WAF Regional (needs to be subscribed to first).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.wafregional.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.wafregional.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\nconst acl = new aws.wafregional.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.wafregional.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.wafregional.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\nacl = aws.wafregional.WebAcl(\"acl\", rules=[\n aws.wafregional.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.wafregional.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n var acl = new Aws.WafRegional.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAcl(ctx, \"acl\", \u0026wafregional.WebAclArgs{\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: *pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: *pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WafregionalFunctions;\nimport com.pulumi.aws.wafregional.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:wafregional:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.wafregional.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace for use in WAF Regional (needs to be subscribed to first).\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.wafregional.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.wafregional.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\nconst acl = new aws.wafregional.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.wafregional.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.wafregional.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\nacl = aws.wafregional.WebAcl(\"acl\", rules=[\n aws.wafregional.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.wafregional.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n var acl = new Aws.WafRegional.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAcl(ctx, \"acl\", \u0026wafregional.WebAclArgs{\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WafregionalFunctions;\nimport com.pulumi.aws.wafregional.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:wafregional:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSubscribedRuleGroup.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 46101ce229a..1caf1f36174 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -9,10 +9,10 @@ require ( github.com/hashicorp/terraform-provider-aws v1.60.1-0.20220923175450-ca71523cdc36 github.com/mitchellh/go-homedir v1.1.0 github.com/pulumi/providertest v0.0.11 - github.com/pulumi/pulumi-terraform-bridge/pf v0.30.1-0.20240311191722-54802d5b003c - github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.1-0.20240311191722-54802d5b003c - github.com/pulumi/pulumi/pkg/v3 v3.108.1 - github.com/pulumi/pulumi/sdk/v3 v3.108.1 + github.com/pulumi/pulumi-terraform-bridge/pf v0.30.0 + github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.0 + github.com/pulumi/pulumi/pkg/v3 v3.109.0 + github.com/pulumi/pulumi/sdk/v3 v3.111.1 github.com/stretchr/testify v1.8.4 pgregory.net/rapid v0.6.1 ) @@ -358,7 +358,7 @@ require ( github.com/pulumi/esc v0.6.2 // indirect github.com/pulumi/pulumi-java/pkg v0.9.9 // indirect github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 // indirect - github.com/pulumi/pulumi-yaml v1.5.0 // indirect + github.com/pulumi/pulumi-yaml v1.6.0 // indirect github.com/pulumi/schema-tools v0.1.2 // indirect github.com/pulumi/terraform-diff-reader v0.0.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect @@ -425,3 +425,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 diff --git a/provider/go.sum b/provider/go.sum index f4e93be4528..a85079358af 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -3119,18 +3119,18 @@ github.com/pulumi/providertest v0.0.11 h1:mg8MQ7Cq7+9XlHIkBD+aCqQO4mwAJEISngZgVd github.com/pulumi/providertest v0.0.11/go.mod h1:HsxjVsytcMIuNj19w1lT2W0QXY0oReXl1+h6eD2JXP8= github.com/pulumi/pulumi-java/pkg v0.9.9 h1:F3xJUtMFDVrTGCxb7Rh2Q8s6tj7gMfM5pcoUthz7vFY= github.com/pulumi/pulumi-java/pkg v0.9.9/go.mod h1:LVF1zeg3UkToHWxb67V+zEIxQc3EdMnlot5NWSt+FpA= -github.com/pulumi/pulumi-terraform-bridge/pf v0.30.1-0.20240311191722-54802d5b003c h1:i/T0t2pqJrrQVye5dBhiOLR70W3Wgz4tYBOrfL0QK3Y= -github.com/pulumi/pulumi-terraform-bridge/pf v0.30.1-0.20240311191722-54802d5b003c/go.mod h1:6MjVHzJy4MVmb/19nbRv7p9VkcKcpjl8a8uEp1CDKwo= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.1-0.20240311191722-54802d5b003c h1:MJebHQUy02ayw8/UJG5+COyxj+DPy9KHJjeBmIU6LyI= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.1-0.20240311191722-54802d5b003c/go.mod h1:OCfjEGPU2fbBlda8UZhN/N3FljW6R08SK6lXPXzahwA= +github.com/pulumi/pulumi-terraform-bridge/pf v0.30.0 h1:2Jn0lXcfid0E2gbbpPwtRBWkJxGmOiUenTYP07A8b+U= +github.com/pulumi/pulumi-terraform-bridge/pf v0.30.0/go.mod h1:6MjVHzJy4MVmb/19nbRv7p9VkcKcpjl8a8uEp1CDKwo= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.0 h1:BZhD7yNZz7O5MWeM4WofY6XBLjtiA3qH2UJJTg8+Nts= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.0/go.mod h1:OCfjEGPU2fbBlda8UZhN/N3FljW6R08SK6lXPXzahwA= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8 h1:mav2tSitA9BPJPLLahKgepHyYsMzwaTm4cvp0dcTMYw= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.8/go.mod h1:qUYk2c9i/yqMGNj9/bQyXpS39BxNDSXYjVN1njnq0zY= -github.com/pulumi/pulumi-yaml v1.5.0 h1:HfXu+WSFNpycref9CK935cViYJzXwSgHGWM/RepyrW0= -github.com/pulumi/pulumi-yaml v1.5.0/go.mod h1:AvKSmEQv2EkPbpvAQroR1eP1LkJGC8z5NDM34rVWOtg= -github.com/pulumi/pulumi/pkg/v3 v3.108.1 h1:K1UK40v5IpEPIaJ2un3WNOTBbLQaKR26HbLLh5EmMHY= -github.com/pulumi/pulumi/pkg/v3 v3.108.1/go.mod h1:48uCfxkPXUq/XTBqei9VuR0CRWObnSVlqcLkD6DhII8= -github.com/pulumi/pulumi/sdk/v3 v3.108.1 h1:5idjc3JmzToYVizRPbFyjJ5UU4AbExd04pcSP9AhPEc= -github.com/pulumi/pulumi/sdk/v3 v3.108.1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= +github.com/pulumi/pulumi-yaml v1.6.0 h1:mb/QkebWXTa1fR+P3ZkCCHGXOYC6iTN8X8By9eNz8xM= +github.com/pulumi/pulumi-yaml v1.6.0/go.mod h1:RyEPo4MhL363sbAiFMVKRsQmXpQPDCY1S8pGv3E6Ij0= +github.com/pulumi/pulumi/pkg/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 h1:11bg+OBoiYcd5nuCD026T/DxFha/s02XGse3OD/OmMs= +github.com/pulumi/pulumi/pkg/v3 v3.111.2-0.20240317125735-c3c4b4986ac1/go.mod h1:ZWsq8Y0EMHZ5E2ju92jC+POz97TEXs3BbQ6r2o0U4SA= +github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 h1:u2iPyoj2xIbPW/Nt0gS3z4+KiORNwQJTS+YvC7hg4OQ= +github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= diff --git a/sdk/go.mod b/sdk/go.mod index dd11753852d..26ccca44b61 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -95,3 +95,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 diff --git a/sdk/go.sum b/sdk/go.sum index e53867434b3..0a52c232c97 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -150,8 +150,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/pulumi/sdk/v3 v3.108.1 h1:5idjc3JmzToYVizRPbFyjJ5UU4AbExd04pcSP9AhPEc= -github.com/pulumi/pulumi/sdk/v3 v3.108.1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= +github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1 h1:u2iPyoj2xIbPW/Nt0gS3z4+KiORNwQJTS+YvC7hg4OQ= +github.com/pulumi/pulumi/sdk/v3 v3.111.2-0.20240317125735-c3c4b4986ac1/go.mod h1:5A6GHUwAJlRY1SSLZh84aDIbsBShcrfcmHzI50ecSBg= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= From 21f15fd308947bd33aed690da59a62f74604b2bc Mon Sep 17 00:00:00 2001 From: pulumi-bot Date: Sun, 17 Mar 2024 14:13:44 +0000 Subject: [PATCH 2/2] make build_sdks --- sdk/dotnet/Acm/Certificate.cs | 2 +- sdk/dotnet/ApiGateway/DomainName.cs | 4 +-- sdk/dotnet/ApiGateway/Integration.cs | 2 +- sdk/dotnet/ApiGatewayV2/DomainName.cs | 2 +- sdk/dotnet/ApiGatewayV2/Integration.cs | 2 +- sdk/dotnet/AutoScaling/Group.cs | 2 +- sdk/dotnet/Batch/ComputeEnvironment.cs | 2 +- sdk/dotnet/CloudFormation/GetExport.cs | 4 +-- sdk/dotnet/CloudFormation/GetStack.cs | 4 +-- sdk/dotnet/Cognito/UserPoolDomain.cs | 2 +- sdk/dotnet/Ec2/CapacityReservation.cs | 4 +-- sdk/dotnet/Ec2/Eip.cs | 2 +- sdk/dotnet/Ec2/EipAssociation.cs | 2 +- sdk/dotnet/Ec2/Instance.cs | 10 +++--- ...NetworkInterfaceSecurityGroupAttachment.cs | 2 +- sdk/dotnet/Ec2/PlacementGroup.cs | 2 +- sdk/dotnet/Ec2/SecurityGroup.cs | 2 +- sdk/dotnet/Ec2/SecurityGroupRule.cs | 4 +-- sdk/dotnet/Ec2/VolumeAttachment.cs | 2 +- sdk/dotnet/Ec2TransitGateway/InstanceState.cs | 2 +- .../Ec2TransitGateway/MulticastDomain.cs | 6 ++-- sdk/dotnet/Elb/GetHostedZoneId.cs | 4 +-- sdk/dotnet/Kinesis/FirehoseDeliveryStream.cs | 2 +- sdk/dotnet/LB/GetHostedZoneId.cs | 4 +-- sdk/dotnet/Lambda/Function.cs | 4 +-- sdk/dotnet/Lambda/Permission.cs | 6 ++-- sdk/dotnet/LicenseManager/Association.cs | 2 +- sdk/dotnet/Rds/Cluster.cs | 10 +++--- sdk/dotnet/Rds/ClusterActivityStream.cs | 4 +-- sdk/dotnet/Rds/ClusterEndpoint.cs | 6 ++-- sdk/dotnet/Rds/ClusterInstance.cs | 2 +- sdk/dotnet/Rds/EventSubscription.cs | 2 +- sdk/dotnet/Rds/ExportTask.cs | 2 +- sdk/dotnet/Rds/GetClusterSnapshot.cs | 4 +-- sdk/dotnet/Rds/GetSnapshot.cs | 8 ++--- sdk/dotnet/Rds/GlobalCluster.cs | 10 +++--- sdk/dotnet/Rds/Instance.cs | 14 ++++---- .../InstanceAutomatedBackupsReplication.cs | 2 +- sdk/dotnet/Rds/Snapshot.cs | 2 +- sdk/dotnet/Rds/SnapshotCopy.cs | 2 +- sdk/dotnet/Route53/GetZone.cs | 4 +-- sdk/dotnet/Route53/Record.cs | 12 +++---- sdk/dotnet/Route53/Zone.cs | 2 +- sdk/dotnet/S3/Bucket.cs | 18 +++++----- sdk/dotnet/S3/BucketNotification.cs | 4 +-- sdk/dotnet/S3/GetBucket.cs | 4 +-- sdk/dotnet/S3/GetBucketObject.cs | 4 +-- sdk/dotnet/S3/GetObject.cs | 4 +-- sdk/dotnet/Ses/DomainDkim.cs | 2 +- sdk/dotnet/Ses/DomainIdentity.cs | 2 +- sdk/dotnet/Ses/DomainIdentityVerification.cs | 2 +- sdk/dotnet/Ses/MailFrom.cs | 4 +-- sdk/dotnet/Ssm/Parameter.cs | 8 ++--- .../StorageGateway/FileSystemAssociation.cs | 2 +- sdk/go/aws/acmpca/policy.go | 2 +- sdk/go/aws/apigateway/account.go | 4 +-- sdk/go/aws/apigateway/authorizer.go | 4 +-- sdk/go/aws/apigateway/domainName.go | 4 +-- sdk/go/aws/apigateway/integration.go | 4 +-- sdk/go/aws/apigateway/restApi.go | 2 +- sdk/go/aws/apigatewayv2/domainName.go | 2 +- sdk/go/aws/apigatewayv2/integration.go | 2 +- sdk/go/aws/appconfig/extension.go | 2 +- sdk/go/aws/appconfig/extensionAssociation.go | 2 +- sdk/go/aws/appflow/flow.go | 4 +-- sdk/go/aws/appsync/dataSource.go | 2 +- sdk/go/aws/auditmanager/getControl.go | 4 +-- sdk/go/aws/autoscaling/group.go | 4 +-- sdk/go/aws/backup/selection.go | 2 +- sdk/go/aws/batch/computeEnvironment.go | 6 ++-- sdk/go/aws/batch/jobDefinition.go | 2 +- sdk/go/aws/bedrock/customModel.go | 2 +- sdk/go/aws/budgets/budgetAction.go | 4 +-- sdk/go/aws/cfg/configurationAggregator.go | 2 +- sdk/go/aws/cfg/deliveryChannel.go | 2 +- sdk/go/aws/cfg/recorder.go | 2 +- sdk/go/aws/cfg/recorderStatus.go | 2 +- sdk/go/aws/cfg/rule.go | 4 +-- sdk/go/aws/chime/voiceConnectorStreaming.go | 2 +- .../mediaInsightsPipelineConfiguration.go | 4 +-- sdk/go/aws/cloudformation/getExport.go | 4 +-- sdk/go/aws/cloudformation/getStack.go | 4 +-- sdk/go/aws/cloudformation/stackSet.go | 2 +- sdk/go/aws/cloudformation/stackSetInstance.go | 4 +-- .../getLogDeliveryCanonicalUserId.go | 2 +- sdk/go/aws/cloudfront/originAccessIdentity.go | 2 +- sdk/go/aws/cloudfront/realtimeLogConfig.go | 4 +-- sdk/go/aws/cloudhsmv2/hsm.go | 4 +-- .../cloudsearch/domainServiceAccessPolicy.go | 2 +- sdk/go/aws/cloudtrail/eventDataStore.go | 2 +- sdk/go/aws/cloudwatch/eventBus.go | 4 +-- sdk/go/aws/cloudwatch/eventBusPolicy.go | 6 ++-- sdk/go/aws/cloudwatch/eventTarget.go | 10 +++--- .../getLogDataProtectionPolicyDocument.go | 2 +- sdk/go/aws/cloudwatch/logResourcePolicy.go | 4 +-- sdk/go/aws/cloudwatch/metricStream.go | 4 +-- sdk/go/aws/codebuild/project.go | 2 +- sdk/go/aws/codebuild/reportGroup.go | 2 +- sdk/go/aws/codedeploy/deploymentGroup.go | 2 +- sdk/go/aws/codepipeline/pipeline.go | 4 +-- sdk/go/aws/cognito/getUserPools.go | 2 +- sdk/go/aws/cognito/managedUserPoolClient.go | 2 +- sdk/go/aws/cognito/userGroup.go | 2 +- sdk/go/aws/cognito/userPoolClient.go | 2 +- sdk/go/aws/cognito/userPoolDomain.go | 4 +-- sdk/go/aws/connect/botAssociation.go | 2 +- .../hostedPrivateVirtualInterfaceAccepter.go | 2 +- .../hostedPublicVirtualInterfaceAccepter.go | 2 +- .../hostedTransitVirtualInterfaceAcceptor.go | 2 +- .../aws/directconnect/macsecKeyAssociation.go | 6 ++-- sdk/go/aws/directoryservice/serviceRegion.go | 2 +- sdk/go/aws/dlm/lifecyclePolicy.go | 10 +++--- sdk/go/aws/dms/replicationInstance.go | 6 ++-- sdk/go/aws/dynamodb/table.go | 4 +-- sdk/go/aws/dynamodb/tag.go | 2 +- sdk/go/aws/ebs/getDefaultKmsKey.go | 2 +- sdk/go/aws/ec2/amiLaunchPermission.go | 2 +- sdk/go/aws/ec2/capacityReservation.go | 4 +-- sdk/go/aws/ec2/eip.go | 2 +- sdk/go/aws/ec2/eipAssociation.go | 2 +- sdk/go/aws/ec2/flowLog.go | 4 +-- sdk/go/aws/ec2/getCustomerGateway.go | 4 +-- sdk/go/aws/ec2/getIpamPreviewNextCidr.go | 2 +- sdk/go/aws/ec2/getRouteTable.go | 2 +- sdk/go/aws/ec2/getSecurityGroup.go | 2 +- sdk/go/aws/ec2/getSubnet.go | 4 +-- sdk/go/aws/ec2/getVpc.go | 2 +- sdk/go/aws/ec2/getVpcEndpoint.go | 2 +- sdk/go/aws/ec2/getVpcEndpointService.go | 2 +- sdk/go/aws/ec2/getVpcIamPool.go | 2 +- sdk/go/aws/ec2/getVpcIpamPool.go | 2 +- sdk/go/aws/ec2/getVpcPeeringConnection.go | 4 +-- sdk/go/aws/ec2/instance.go | 16 ++++----- sdk/go/aws/ec2/launchConfiguration.go | 6 ++-- .../localGatewayRouteTableVpcAssociation.go | 2 +- ...networkInterfaceSecurityGroupAttachment.go | 6 ++-- sdk/go/aws/ec2/peeringConnectionOptions.go | 2 +- sdk/go/aws/ec2/placementGroup.go | 2 +- sdk/go/aws/ec2/securityGroup.go | 4 +-- sdk/go/aws/ec2/securityGroupRule.go | 6 ++-- sdk/go/aws/ec2/spotFleetRequest.go | 6 ++-- sdk/go/aws/ec2/volumeAttachment.go | 2 +- sdk/go/aws/ec2/vpc.go | 4 +-- sdk/go/aws/ec2/vpcEndpoint.go | 2 +- .../ec2/vpcEndpointConnectionNotification.go | 2 +- sdk/go/aws/ec2/vpcEndpointPolicy.go | 2 +- .../ec2/vpcEndpointServiceAllowedPrinciple.go | 2 +- sdk/go/aws/ec2/vpcIpam.go | 2 +- .../ec2/vpcIpamOrganizationAdminAccount.go | 2 +- sdk/go/aws/ec2/vpcIpamPool.go | 8 ++--- sdk/go/aws/ec2/vpcIpamPoolCidr.go | 6 ++-- sdk/go/aws/ec2/vpcIpamPoolCidrAllocation.go | 8 ++--- sdk/go/aws/ec2/vpcIpamPreviewNextCidr.go | 4 +-- sdk/go/aws/ec2/vpcIpamResourceDiscovery.go | 2 +- sdk/go/aws/ec2/vpcIpamScope.go | 2 +- .../aws/ec2/vpcPeeringConnectionAccepter.go | 2 +- sdk/go/aws/ec2transitgateway/instanceState.go | 4 +-- .../aws/ec2transitgateway/multicastDomain.go | 18 +++++----- .../ec2transitgateway/peeringAttachment.go | 2 +- sdk/go/aws/ecr/replicationConfiguration.go | 16 ++++----- sdk/go/aws/ecr/repositoryPolicy.go | 2 +- sdk/go/aws/ecrpublic/repositoryPolicy.go | 2 +- sdk/go/aws/eks/cluster.go | 2 +- sdk/go/aws/eks/getAddonVersion.go | 2 +- sdk/go/aws/eks/podIdentityAssociation.go | 2 +- sdk/go/aws/elasticsearch/domain.go | 10 +++--- sdk/go/aws/elb/getHostedZoneId.go | 4 +-- sdk/go/aws/gamelift/gameServerGroup.go | 2 +- sdk/go/aws/getAvailabilityZones.go | 4 +-- sdk/go/aws/getIpRanges.go | 4 +-- sdk/go/aws/glacier/vault.go | 2 +- sdk/go/aws/glue/devEndpoint.go | 2 +- sdk/go/aws/glue/resourcePolicy.go | 2 +- sdk/go/aws/guardduty/publishingDestination.go | 2 +- sdk/go/aws/iam/accessKey.go | 2 +- sdk/go/aws/iam/getPolicyDocument.go | 2 +- sdk/go/aws/iam/getServerCertificate.go | 2 +- sdk/go/aws/iam/instanceProfile.go | 2 +- sdk/go/aws/iam/policyAttachment.go | 4 +-- sdk/go/aws/iam/role.go | 4 +-- sdk/go/aws/iam/rolePolicyAttachment.go | 4 +-- sdk/go/aws/iam/user.go | 2 +- .../aws/inspector2/delegatedAdminAccount.go | 2 +- sdk/go/aws/inspector2/enabler.go | 2 +- sdk/go/aws/iot/caCertificate.go | 2 +- sdk/go/aws/iot/getRegistrationCode.go | 2 +- sdk/go/aws/iot/policyAttachment.go | 2 +- sdk/go/aws/iot/provisioningTemplate.go | 4 +-- sdk/go/aws/iot/topicRule.go | 2 +- sdk/go/aws/ivschat/loggingConfiguration.go | 2 +- sdk/go/aws/kinesis/firehoseDeliveryStream.go | 6 ++-- sdk/go/aws/lakeformation/permissions.go | 2 +- sdk/go/aws/lakeformation/resource.go | 2 +- sdk/go/aws/lambda/function.go | 12 +++---- sdk/go/aws/lambda/permission.go | 8 ++--- sdk/go/aws/lb/getHostedZoneId.go | 4 +-- sdk/go/aws/licensemanager/association.go | 4 +-- sdk/go/aws/lightsail/disk.go | 2 +- sdk/go/aws/lightsail/disk_attachment.go | 4 +-- sdk/go/aws/lightsail/distribution.go | 8 ++--- sdk/go/aws/lightsail/lbAttachment.go | 2 +- sdk/go/aws/medialive/multiplex.go | 4 +-- sdk/go/aws/medialive/multiplexProgram.go | 4 +-- sdk/go/aws/msk/cluster.go | 8 ++--- sdk/go/aws/networkmanager/coreNetwork.go | 4 +-- .../coreNetworkPolicyAttachment.go | 4 +-- sdk/go/aws/opensearch/domain.go | 14 ++++---- .../opensearch/inboundConnectionAccepter.go | 8 ++--- sdk/go/aws/opensearch/outboundConnection.go | 8 ++--- sdk/go/aws/organizations/policy.go | 2 +- sdk/go/aws/pinpoint/emailChannel.go | 4 +-- sdk/go/aws/pinpoint/eventStream.go | 4 +-- sdk/go/aws/ram/resourceShareAccepter.go | 2 +- sdk/go/aws/rds/cluster.go | 12 +++---- sdk/go/aws/rds/clusterActivityStream.go | 4 +-- sdk/go/aws/rds/clusterEndpoint.go | 6 ++-- sdk/go/aws/rds/clusterInstance.go | 2 +- sdk/go/aws/rds/eventSubscription.go | 2 +- sdk/go/aws/rds/exportTask.go | 2 +- sdk/go/aws/rds/getClusterSnapshot.go | 4 +-- sdk/go/aws/rds/getSnapshot.go | 4 +-- sdk/go/aws/rds/globalCluster.go | 10 +++--- sdk/go/aws/rds/instance.go | 28 +++++++-------- .../instanceAutomatedBackupsReplication.go | 2 +- sdk/go/aws/rds/reservedInstance.go | 2 +- sdk/go/aws/rds/snapshot.go | 2 +- sdk/go/aws/rds/snapshotCopy.go | 2 +- sdk/go/aws/redshift/scheduledAction.go | 4 +-- .../aws/route53/getTrafficPolicyDocument.go | 4 +-- sdk/go/aws/route53/getZone.go | 4 +-- sdk/go/aws/route53/queryLog.go | 2 +- sdk/go/aws/route53/record.go | 12 +++---- sdk/go/aws/route53/zone.go | 2 +- sdk/go/aws/s3/bucket.go | 20 +++++------ sdk/go/aws/s3/bucketAclV2.go | 4 +-- sdk/go/aws/s3/bucketNotification.go | 8 ++--- sdk/go/aws/s3/bucketReplicationConfig.go | 2 +- sdk/go/aws/s3/getBucket.go | 10 +++--- sdk/go/aws/s3/getBucketObject.go | 10 +++--- sdk/go/aws/s3/getObject.go | 10 +++--- .../aws/s3control/storageLensConfiguration.go | 2 +- sdk/go/aws/sagemaker/domain.go | 2 +- sdk/go/aws/sagemaker/model.go | 4 +-- sdk/go/aws/schemas/registryPolicy.go | 2 +- sdk/go/aws/secretsmanager/secretPolicy.go | 2 +- .../serverlessrepository/getApplication.go | 4 +-- sdk/go/aws/ses/domainDkim.go | 2 +- sdk/go/aws/ses/domainIdentity.go | 2 +- sdk/go/aws/ses/domainIdentityVerification.go | 2 +- sdk/go/aws/ses/mailFrom.go | 4 +-- sdk/go/aws/sns/topicSubscription.go | 4 +-- sdk/go/aws/ssm/activation.go | 2 +- sdk/go/aws/ssm/parameter.go | 8 ++--- sdk/go/aws/ssm/resourceDataSync.go | 2 +- .../storagegateway/fileSystemAssociation.go | 2 +- sdk/go/aws/storagegateway/gateway.go | 2 +- sdk/go/aws/storagegateway/uploadBuffer.go | 2 +- sdk/go/aws/transcribe/languageModel.go | 2 +- sdk/go/aws/transfer/server.go | 2 +- sdk/go/aws/transfer/sshKey.go | 4 +-- sdk/go/aws/transfer/user.go | 4 +-- sdk/go/aws/waf/getSubscribedRuleGroup.go | 4 +-- .../aws/wafregional/getSubscribedRuleGroup.go | 4 +-- sdk/go/aws/wafregional/webAclAssociation.go | 4 +-- sdk/go/aws/workspaces/directory.go | 2 +- sdk/go/aws/workspaces/workspace.go | 4 +-- sdk/go/aws/xray/encryptionConfig.go | 2 +- sdk/nodejs/acm/certificate.ts | 2 +- sdk/nodejs/apigateway/domainName.ts | 4 +-- sdk/nodejs/apigateway/integration.ts | 2 +- sdk/nodejs/apigatewayv2/domainName.ts | 2 +- sdk/nodejs/apigatewayv2/integration.ts | 2 +- sdk/nodejs/autoscaling/group.ts | 2 +- sdk/nodejs/batch/computeEnvironment.ts | 2 +- sdk/nodejs/cloudformation/getExport.ts | 4 +-- sdk/nodejs/cloudformation/getStack.ts | 4 +-- sdk/nodejs/cognito/userPoolDomain.ts | 2 +- sdk/nodejs/ec2/capacityReservation.ts | 4 +-- sdk/nodejs/ec2/eip.ts | 2 +- sdk/nodejs/ec2/eipAssociation.ts | 2 +- sdk/nodejs/ec2/instance.ts | 10 +++--- ...networkInterfaceSecurityGroupAttachment.ts | 2 +- sdk/nodejs/ec2/placementGroup.ts | 2 +- sdk/nodejs/ec2/securityGroup.ts | 2 +- sdk/nodejs/ec2/securityGroupRule.ts | 4 +-- sdk/nodejs/ec2/volumeAttachment.ts | 2 +- sdk/nodejs/ec2transitgateway/instanceState.ts | 2 +- .../ec2transitgateway/multicastDomain.ts | 6 ++-- sdk/nodejs/elb/getHostedZoneId.ts | 4 +-- sdk/nodejs/kinesis/firehoseDeliveryStream.ts | 2 +- sdk/nodejs/lambda/function.ts | 4 +-- sdk/nodejs/lambda/permission.ts | 6 ++-- sdk/nodejs/lb/getHostedZoneId.ts | 4 +-- sdk/nodejs/licensemanager/association.ts | 2 +- sdk/nodejs/rds/cluster.ts | 10 +++--- sdk/nodejs/rds/clusterActivityStream.ts | 4 +-- sdk/nodejs/rds/clusterEndpoint.ts | 6 ++-- sdk/nodejs/rds/clusterInstance.ts | 2 +- sdk/nodejs/rds/eventSubscription.ts | 2 +- sdk/nodejs/rds/exportTask.ts | 2 +- sdk/nodejs/rds/getClusterSnapshot.ts | 4 +-- sdk/nodejs/rds/getSnapshot.ts | 8 ++--- sdk/nodejs/rds/globalCluster.ts | 10 +++--- sdk/nodejs/rds/instance.ts | 14 ++++---- .../instanceAutomatedBackupsReplication.ts | 2 +- sdk/nodejs/rds/snapshot.ts | 2 +- sdk/nodejs/rds/snapshotCopy.ts | 2 +- sdk/nodejs/route53/getZone.ts | 4 +-- sdk/nodejs/route53/record.ts | 12 +++---- sdk/nodejs/route53/zone.ts | 2 +- sdk/nodejs/s3/bucket.ts | 18 +++++----- sdk/nodejs/s3/bucketNotification.ts | 4 +-- sdk/nodejs/s3/getBucket.ts | 4 +-- sdk/nodejs/s3/getBucketObject.ts | 4 +-- sdk/nodejs/s3/getObject.ts | 4 +-- sdk/nodejs/ses/domainDkim.ts | 2 +- sdk/nodejs/ses/domainIdentity.ts | 2 +- sdk/nodejs/ses/domainIdentityVerification.ts | 2 +- sdk/nodejs/ses/mailFrom.ts | 4 +-- sdk/nodejs/ssm/parameter.ts | 8 ++--- .../storagegateway/fileSystemAssociation.ts | 2 +- sdk/python/pulumi_aws/acm/certificate.py | 4 +-- .../pulumi_aws/apigateway/domain_name.py | 8 ++--- .../pulumi_aws/apigateway/integration.py | 4 +-- .../pulumi_aws/apigatewayv2/domain_name.py | 4 +-- .../pulumi_aws/apigatewayv2/integration.py | 4 +-- sdk/python/pulumi_aws/autoscaling/group.py | 4 +-- .../pulumi_aws/batch/compute_environment.py | 4 +-- .../pulumi_aws/cloudformation/get_export.py | 4 +-- .../pulumi_aws/cloudformation/get_stack.py | 4 +-- .../pulumi_aws/cognito/user_pool_domain.py | 4 +-- .../pulumi_aws/ec2/capacity_reservation.py | 8 ++--- sdk/python/pulumi_aws/ec2/eip.py | 4 +-- sdk/python/pulumi_aws/ec2/eip_association.py | 4 +-- sdk/python/pulumi_aws/ec2/instance.py | 20 +++++------ ...ork_interface_security_group_attachment.py | 4 +-- sdk/python/pulumi_aws/ec2/placement_group.py | 4 +-- sdk/python/pulumi_aws/ec2/security_group.py | 4 +-- .../pulumi_aws/ec2/security_group_rule.py | 8 ++--- .../pulumi_aws/ec2/volume_attachment.py | 4 +-- .../ec2transitgateway/instance_state.py | 4 +-- .../ec2transitgateway/multicast_domain.py | 12 +++---- .../pulumi_aws/elb/get_hosted_zone_id.py | 4 +-- .../kinesis/firehose_delivery_stream.py | 4 +-- sdk/python/pulumi_aws/lambda_/function.py | 8 ++--- sdk/python/pulumi_aws/lambda_/permission.py | 12 +++---- .../pulumi_aws/lb/get_hosted_zone_id.py | 4 +-- .../pulumi_aws/licensemanager/association.py | 4 +-- sdk/python/pulumi_aws/rds/cluster.py | 20 +++++------ .../pulumi_aws/rds/cluster_activity_stream.py | 8 ++--- sdk/python/pulumi_aws/rds/cluster_endpoint.py | 12 +++---- sdk/python/pulumi_aws/rds/cluster_instance.py | 4 +-- .../pulumi_aws/rds/event_subscription.py | 4 +-- sdk/python/pulumi_aws/rds/export_task.py | 4 +-- .../pulumi_aws/rds/get_cluster_snapshot.py | 4 +-- sdk/python/pulumi_aws/rds/get_snapshot.py | 8 ++--- sdk/python/pulumi_aws/rds/global_cluster.py | 20 +++++------ sdk/python/pulumi_aws/rds/instance.py | 28 +++++++-------- .../instance_automated_backups_replication.py | 4 +-- sdk/python/pulumi_aws/rds/snapshot.py | 4 +-- sdk/python/pulumi_aws/rds/snapshot_copy.py | 4 +-- sdk/python/pulumi_aws/route53/get_zone.py | 4 +-- sdk/python/pulumi_aws/route53/record.py | 24 ++++++------- sdk/python/pulumi_aws/route53/zone.py | 4 +-- sdk/python/pulumi_aws/s3/bucket.py | 36 +++++++++---------- .../pulumi_aws/s3/bucket_notification.py | 8 ++--- sdk/python/pulumi_aws/s3/get_bucket.py | 4 +-- sdk/python/pulumi_aws/s3/get_bucket_object.py | 4 +-- sdk/python/pulumi_aws/s3/get_object.py | 4 +-- sdk/python/pulumi_aws/ses/domain_dkim.py | 4 +-- sdk/python/pulumi_aws/ses/domain_identity.py | 4 +-- .../ses/domain_identity_verification.py | 4 +-- sdk/python/pulumi_aws/ses/mail_from.py | 8 ++--- sdk/python/pulumi_aws/ssm/parameter.py | 16 ++++----- .../storagegateway/file_system_association.py | 4 +-- 375 files changed, 848 insertions(+), 848 deletions(-) diff --git a/sdk/dotnet/Acm/Certificate.cs b/sdk/dotnet/Acm/Certificate.cs index 51bfc6ec524..09be525514c 100644 --- a/sdk/dotnet/Acm/Certificate.cs +++ b/sdk/dotnet/Acm/Certificate.cs @@ -185,7 +185,7 @@ namespace Pulumi.Aws.Acm /// range.Value.Record, /// }, /// Ttl = 60, - /// Type = System.Enum.Parse<Aws.Route53.RecordType.RecordType>(range.Value.Type), + /// Type = System.Enum.Parse<Aws.Route53.RecordType>(range.Value.Type), /// ZoneId = exampleAwsRoute53Zone.ZoneId, /// })); /// } diff --git a/sdk/dotnet/ApiGateway/DomainName.cs b/sdk/dotnet/ApiGateway/DomainName.cs index 47c134610ca..848b14bec5e 100644 --- a/sdk/dotnet/ApiGateway/DomainName.cs +++ b/sdk/dotnet/ApiGateway/DomainName.cs @@ -61,7 +61,7 @@ namespace Pulumi.Aws.ApiGateway /// var exampleRecord = new Aws.Route53.Record("example", new() /// { /// Name = example.Domain, - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// ZoneId = exampleAwsRoute53Zone.Id, /// Aliases = new[] /// { @@ -104,7 +104,7 @@ namespace Pulumi.Aws.ApiGateway /// var exampleRecord = new Aws.Route53.Record("example", new() /// { /// Name = example.Domain, - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// ZoneId = exampleAwsRoute53Zone.Id, /// Aliases = new[] /// { diff --git a/sdk/dotnet/ApiGateway/Integration.cs b/sdk/dotnet/ApiGateway/Integration.cs index 675c666e1fa..7626cb02e67 100644 --- a/sdk/dotnet/ApiGateway/Integration.cs +++ b/sdk/dotnet/ApiGateway/Integration.cs @@ -148,7 +148,7 @@ namespace Pulumi.Aws.ApiGateway /// Name = "mylambda", /// Role = role.Arn, /// Handler = "lambda.lambda_handler", - /// Runtime = "python3.7", + /// Runtime = Aws.Lambda.Runtime.Python3d7, /// SourceCodeHash = Std.Filebase64sha256.Invoke(new() /// { /// Input = "lambda.zip", diff --git a/sdk/dotnet/ApiGatewayV2/DomainName.cs b/sdk/dotnet/ApiGatewayV2/DomainName.cs index 9fa202a5f89..70ffaec3f87 100644 --- a/sdk/dotnet/ApiGatewayV2/DomainName.cs +++ b/sdk/dotnet/ApiGatewayV2/DomainName.cs @@ -69,7 +69,7 @@ namespace Pulumi.Aws.ApiGatewayV2 /// var exampleRecord = new Aws.Route53.Record("example", new() /// { /// Name = example.Domain, - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// ZoneId = exampleAwsRoute53Zone.ZoneId, /// Aliases = new[] /// { diff --git a/sdk/dotnet/ApiGatewayV2/Integration.cs b/sdk/dotnet/ApiGatewayV2/Integration.cs index f2a174fa281..81d1d5746c9 100644 --- a/sdk/dotnet/ApiGatewayV2/Integration.cs +++ b/sdk/dotnet/ApiGatewayV2/Integration.cs @@ -53,7 +53,7 @@ namespace Pulumi.Aws.ApiGatewayV2 /// Name = "Example", /// Role = exampleAwsIamRole.Arn, /// Handler = "index.handler", - /// Runtime = "nodejs16.x", + /// Runtime = Aws.Lambda.Runtime.NodeJS16dX, /// }); /// /// var exampleIntegration = new Aws.ApiGatewayV2.Integration("example", new() diff --git a/sdk/dotnet/AutoScaling/Group.cs b/sdk/dotnet/AutoScaling/Group.cs index b8812cf0316..dafa14ff9b8 100644 --- a/sdk/dotnet/AutoScaling/Group.cs +++ b/sdk/dotnet/AutoScaling/Group.cs @@ -31,7 +31,7 @@ namespace Pulumi.Aws.AutoScaling /// var test = new Aws.Ec2.PlacementGroup("test", new() /// { /// Name = "test", - /// Strategy = "cluster", + /// Strategy = Aws.Ec2.PlacementStrategy.Cluster, /// }); /// /// var bar = new Aws.AutoScaling.Group("bar", new() diff --git a/sdk/dotnet/Batch/ComputeEnvironment.cs b/sdk/dotnet/Batch/ComputeEnvironment.cs index 4eea4d40c8a..597276b4e82 100644 --- a/sdk/dotnet/Batch/ComputeEnvironment.cs +++ b/sdk/dotnet/Batch/ComputeEnvironment.cs @@ -145,7 +145,7 @@ namespace Pulumi.Aws.Batch /// var samplePlacementGroup = new Aws.Ec2.PlacementGroup("sample", new() /// { /// Name = "sample", - /// Strategy = "cluster", + /// Strategy = Aws.Ec2.PlacementStrategy.Cluster, /// }); /// /// var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment("sample", new() diff --git a/sdk/dotnet/CloudFormation/GetExport.cs b/sdk/dotnet/CloudFormation/GetExport.cs index 99224a24f76..f1f7e3c4e18 100644 --- a/sdk/dotnet/CloudFormation/GetExport.cs +++ b/sdk/dotnet/CloudFormation/GetExport.cs @@ -36,7 +36,7 @@ public static class GetExport /// var web = new Aws.Ec2.Instance("web", new() /// { /// Ami = "ami-abb07bcb", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// SubnetId = subnetId.Apply(getExportResult => getExportResult.Value), /// }); /// @@ -72,7 +72,7 @@ public static Task InvokeAsync(GetExportArgs args, InvokeOption /// var web = new Aws.Ec2.Instance("web", new() /// { /// Ami = "ami-abb07bcb", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// SubnetId = subnetId.Apply(getExportResult => getExportResult.Value), /// }); /// diff --git a/sdk/dotnet/CloudFormation/GetStack.cs b/sdk/dotnet/CloudFormation/GetStack.cs index c19d89fae2f..8d2e5c56dfb 100644 --- a/sdk/dotnet/CloudFormation/GetStack.cs +++ b/sdk/dotnet/CloudFormation/GetStack.cs @@ -34,7 +34,7 @@ public static class GetStack /// var web = new Aws.Ec2.Instance("web", new() /// { /// Ami = "ami-abb07bcb", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// SubnetId = network.Apply(getStackResult => getStackResult.Outputs?.SubnetId), /// Tags = /// { @@ -72,7 +72,7 @@ public static Task InvokeAsync(GetStackArgs args, InvokeOptions? /// var web = new Aws.Ec2.Instance("web", new() /// { /// Ami = "ami-abb07bcb", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// SubnetId = network.Apply(getStackResult => getStackResult.Outputs?.SubnetId), /// Tags = /// { diff --git a/sdk/dotnet/Cognito/UserPoolDomain.cs b/sdk/dotnet/Cognito/UserPoolDomain.cs index 1708de71c5f..9bd8509a5bc 100644 --- a/sdk/dotnet/Cognito/UserPoolDomain.cs +++ b/sdk/dotnet/Cognito/UserPoolDomain.cs @@ -71,7 +71,7 @@ namespace Pulumi.Aws.Cognito /// var auth_cognito_A = new Aws.Route53.Record("auth-cognito-A", new() /// { /// Name = main.Domain, - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// ZoneId = example.Apply(getZoneResult => getZoneResult.ZoneId), /// Aliases = new[] /// { diff --git a/sdk/dotnet/Ec2/CapacityReservation.cs b/sdk/dotnet/Ec2/CapacityReservation.cs index 265d1f8b3f7..de0275f62d9 100644 --- a/sdk/dotnet/Ec2/CapacityReservation.cs +++ b/sdk/dotnet/Ec2/CapacityReservation.cs @@ -25,8 +25,8 @@ namespace Pulumi.Aws.Ec2 /// { /// var @default = new Aws.Ec2.CapacityReservation("default", new() /// { - /// InstanceType = "t2.micro", - /// InstancePlatform = "Linux/UNIX", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, + /// InstancePlatform = Aws.Ec2.InstancePlatform.LinuxUnix, /// AvailabilityZone = "eu-west-1a", /// InstanceCount = 1, /// }); diff --git a/sdk/dotnet/Ec2/Eip.cs b/sdk/dotnet/Ec2/Eip.cs index e411490a0bd..a4f02b7204a 100644 --- a/sdk/dotnet/Ec2/Eip.cs +++ b/sdk/dotnet/Ec2/Eip.cs @@ -110,7 +110,7 @@ namespace Pulumi.Aws.Ec2 /// var foo = new Aws.Ec2.Instance("foo", new() /// { /// Ami = "ami-5189a661", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// PrivateIp = "10.0.0.12", /// SubnetId = myTestSubnet.Id, /// }); diff --git a/sdk/dotnet/Ec2/EipAssociation.cs b/sdk/dotnet/Ec2/EipAssociation.cs index 35c9ae8e6b8..e489de2103c 100644 --- a/sdk/dotnet/Ec2/EipAssociation.cs +++ b/sdk/dotnet/Ec2/EipAssociation.cs @@ -33,7 +33,7 @@ namespace Pulumi.Aws.Ec2 /// { /// Ami = "ami-21f78e11", /// AvailabilityZone = "us-west-2a", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// Tags = /// { /// { "Name", "HelloWorld" }, diff --git a/sdk/dotnet/Ec2/Instance.cs b/sdk/dotnet/Ec2/Instance.cs index aae3e05bbb6..c7aebe338c5 100644 --- a/sdk/dotnet/Ec2/Instance.cs +++ b/sdk/dotnet/Ec2/Instance.cs @@ -56,7 +56,7 @@ namespace Pulumi.Aws.Ec2 /// var web = new Aws.Ec2.Instance("web", new() /// { /// Ami = ubuntu.Apply(getAmiResult => getAmiResult.Id), - /// InstanceType = "t3.micro", + /// InstanceType = Aws.Ec2.InstanceType.T3_Micro, /// Tags = /// { /// { "Name", "HelloWorld" }, @@ -116,7 +116,7 @@ namespace Pulumi.Aws.Ec2 /// MaxPrice = "0.0031", /// }, /// }, - /// InstanceType = "t4g.nano", + /// InstanceType = Aws.Ec2.InstanceType.T4g_Nano, /// Tags = /// { /// { "Name", "test-spot" }, @@ -174,7 +174,7 @@ namespace Pulumi.Aws.Ec2 /// var fooInstance = new Aws.Ec2.Instance("foo", new() /// { /// Ami = "ami-005e54dee72cc1d00", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// NetworkInterfaces = new[] /// { /// new Aws.Ec2.Inputs.InstanceNetworkInterfaceArgs @@ -247,7 +247,7 @@ namespace Pulumi.Aws.Ec2 /// var exampleInstance = new Aws.Ec2.Instance("example", new() /// { /// Ami = amzn_linux_2023_ami.Apply(amzn_linux_2023_ami => amzn_linux_2023_ami.Apply(getAmiResult => getAmiResult.Id)), - /// InstanceType = "c6a.2xlarge", + /// InstanceType = Aws.Ec2.InstanceType.C6a_2XLarge, /// SubnetId = exampleSubnet.Id, /// CpuOptions = new Aws.Ec2.Inputs.InstanceCpuOptionsArgs /// { @@ -282,7 +282,7 @@ namespace Pulumi.Aws.Ec2 /// var @this = new Aws.Ec2.Instance("this", new() /// { /// Ami = "ami-0dcc1e21636832c5d", - /// InstanceType = "m5.large", + /// InstanceType = Aws.Ec2.InstanceType.M5_Large, /// HostResourceGroupArn = "arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost", /// Tenancy = "host", /// }); diff --git a/sdk/dotnet/Ec2/NetworkInterfaceSecurityGroupAttachment.cs b/sdk/dotnet/Ec2/NetworkInterfaceSecurityGroupAttachment.cs index 496ae66436c..0c8898d45f2 100644 --- a/sdk/dotnet/Ec2/NetworkInterfaceSecurityGroupAttachment.cs +++ b/sdk/dotnet/Ec2/NetworkInterfaceSecurityGroupAttachment.cs @@ -60,7 +60,7 @@ namespace Pulumi.Aws.Ec2 /// /// var instance = new Aws.Ec2.Instance("instance", new() /// { - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// Ami = ami.Apply(getAmiResult => getAmiResult.Id), /// Tags = /// { diff --git a/sdk/dotnet/Ec2/PlacementGroup.cs b/sdk/dotnet/Ec2/PlacementGroup.cs index 0c7efc52044..4d12949cc4c 100644 --- a/sdk/dotnet/Ec2/PlacementGroup.cs +++ b/sdk/dotnet/Ec2/PlacementGroup.cs @@ -27,7 +27,7 @@ namespace Pulumi.Aws.Ec2 /// var web = new Aws.Ec2.PlacementGroup("web", new() /// { /// Name = "hunky-dory-pg", - /// Strategy = "cluster", + /// Strategy = Aws.Ec2.PlacementStrategy.Cluster, /// }); /// /// }); diff --git a/sdk/dotnet/Ec2/SecurityGroup.cs b/sdk/dotnet/Ec2/SecurityGroup.cs index 5173a2a8fc3..ce2f099f004 100644 --- a/sdk/dotnet/Ec2/SecurityGroup.cs +++ b/sdk/dotnet/Ec2/SecurityGroup.cs @@ -240,7 +240,7 @@ namespace Pulumi.Aws.Ec2 /// /// var exampleInstance = new Aws.Ec2.Instance("example", new() /// { - /// InstanceType = "t3.small", + /// InstanceType = Aws.Ec2.InstanceType.T3_Small, /// VpcSecurityGroupIds = new[] /// { /// test.Id, diff --git a/sdk/dotnet/Ec2/SecurityGroupRule.cs b/sdk/dotnet/Ec2/SecurityGroupRule.cs index fcea7fb308e..a1a5589be13 100644 --- a/sdk/dotnet/Ec2/SecurityGroupRule.cs +++ b/sdk/dotnet/Ec2/SecurityGroupRule.cs @@ -40,7 +40,7 @@ namespace Pulumi.Aws.Ec2 /// Type = "ingress", /// FromPort = 0, /// ToPort = 65535, - /// Protocol = "tcp", + /// Protocol = Aws.Ec2.ProtocolType.TCP, /// CidrBlocks = new[] /// { /// exampleAwsVpc.CidrBlock, @@ -119,7 +119,7 @@ namespace Pulumi.Aws.Ec2 /// SecurityGroupId = "sg-123456", /// FromPort = 443, /// ToPort = 443, - /// Protocol = "tcp", + /// Protocol = Aws.Ec2.ProtocolType.TCP, /// PrefixListIds = new[] /// { /// s3.Apply(getPrefixListResult => getPrefixListResult.Id), diff --git a/sdk/dotnet/Ec2/VolumeAttachment.cs b/sdk/dotnet/Ec2/VolumeAttachment.cs index 1295d510b70..66e296ad2b6 100644 --- a/sdk/dotnet/Ec2/VolumeAttachment.cs +++ b/sdk/dotnet/Ec2/VolumeAttachment.cs @@ -30,7 +30,7 @@ namespace Pulumi.Aws.Ec2 /// { /// Ami = "ami-21f78e11", /// AvailabilityZone = "us-west-2a", - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// Tags = /// { /// { "Name", "HelloWorld" }, diff --git a/sdk/dotnet/Ec2TransitGateway/InstanceState.cs b/sdk/dotnet/Ec2TransitGateway/InstanceState.cs index 267ae9e5d17..e4c84a4edd4 100644 --- a/sdk/dotnet/Ec2TransitGateway/InstanceState.cs +++ b/sdk/dotnet/Ec2TransitGateway/InstanceState.cs @@ -56,7 +56,7 @@ namespace Pulumi.Aws.Ec2TransitGateway /// var test = new Aws.Ec2.Instance("test", new() /// { /// Ami = ubuntu.Apply(getAmiResult => getAmiResult.Id), - /// InstanceType = "t3.micro", + /// InstanceType = Aws.Ec2.InstanceType.T3_Micro, /// Tags = /// { /// { "Name", "HelloWorld" }, diff --git a/sdk/dotnet/Ec2TransitGateway/MulticastDomain.cs b/sdk/dotnet/Ec2TransitGateway/MulticastDomain.cs index 0c2e425fadb..a1164565681 100644 --- a/sdk/dotnet/Ec2TransitGateway/MulticastDomain.cs +++ b/sdk/dotnet/Ec2TransitGateway/MulticastDomain.cs @@ -90,21 +90,21 @@ namespace Pulumi.Aws.Ec2TransitGateway /// var instance1 = new Aws.Ec2.Instance("instance1", new() /// { /// Ami = amazonLinux.Apply(getAmiResult => getAmiResult.Id), - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// SubnetId = subnet1.Id, /// }); /// /// var instance2 = new Aws.Ec2.Instance("instance2", new() /// { /// Ami = amazonLinux.Apply(getAmiResult => getAmiResult.Id), - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// SubnetId = subnet2.Id, /// }); /// /// var instance3 = new Aws.Ec2.Instance("instance3", new() /// { /// Ami = amazonLinux.Apply(getAmiResult => getAmiResult.Id), - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// SubnetId = subnet3.Id, /// }); /// diff --git a/sdk/dotnet/Elb/GetHostedZoneId.cs b/sdk/dotnet/Elb/GetHostedZoneId.cs index 24acbb79b9c..4810c2871b7 100644 --- a/sdk/dotnet/Elb/GetHostedZoneId.cs +++ b/sdk/dotnet/Elb/GetHostedZoneId.cs @@ -32,7 +32,7 @@ public static class GetHostedZoneId /// { /// ZoneId = primary.ZoneId, /// Name = "example.com", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Aliases = new[] /// { /// new Aws.Route53.Inputs.RecordAliasArgs @@ -72,7 +72,7 @@ public static Task InvokeAsync(GetHostedZoneIdArgs? args /// { /// ZoneId = primary.ZoneId, /// Name = "example.com", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Aliases = new[] /// { /// new Aws.Route53.Inputs.RecordAliasArgs diff --git a/sdk/dotnet/Kinesis/FirehoseDeliveryStream.cs b/sdk/dotnet/Kinesis/FirehoseDeliveryStream.cs index 063ea52d76b..df036a053d3 100644 --- a/sdk/dotnet/Kinesis/FirehoseDeliveryStream.cs +++ b/sdk/dotnet/Kinesis/FirehoseDeliveryStream.cs @@ -102,7 +102,7 @@ namespace Pulumi.Aws.Kinesis /// Name = "firehose_lambda_processor", /// Role = lambdaIam.Arn, /// Handler = "exports.handler", - /// Runtime = "nodejs16.x", + /// Runtime = Aws.Lambda.Runtime.NodeJS16dX, /// }); /// /// var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream("extended_s3_stream", new() diff --git a/sdk/dotnet/LB/GetHostedZoneId.cs b/sdk/dotnet/LB/GetHostedZoneId.cs index ee98d349408..0e7f6e5087d 100644 --- a/sdk/dotnet/LB/GetHostedZoneId.cs +++ b/sdk/dotnet/LB/GetHostedZoneId.cs @@ -31,7 +31,7 @@ public static class GetHostedZoneId /// { /// ZoneId = primary.ZoneId, /// Name = "example.com", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Aliases = new[] /// { /// new Aws.Route53.Inputs.RecordAliasArgs @@ -70,7 +70,7 @@ public static Task InvokeAsync(GetHostedZoneIdArgs? args /// { /// ZoneId = primary.ZoneId, /// Name = "example.com", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Aliases = new[] /// { /// new Aws.Route53.Inputs.RecordAliasArgs diff --git a/sdk/dotnet/Lambda/Function.cs b/sdk/dotnet/Lambda/Function.cs index 11e7feddc15..244b07eadd7 100644 --- a/sdk/dotnet/Lambda/Function.cs +++ b/sdk/dotnet/Lambda/Function.cs @@ -80,7 +80,7 @@ namespace Pulumi.Aws.Lambda /// Role = iamForLambda.Arn, /// Handler = "index.test", /// SourceCodeHash = lambda.Apply(getFileResult => getFileResult.OutputBase64sha256), - /// Runtime = "nodejs18.x", + /// Runtime = Aws.Lambda.Runtime.NodeJS18dX, /// Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs /// { /// Variables = @@ -170,7 +170,7 @@ namespace Pulumi.Aws.Lambda /// Name = "lambda_function_name", /// Role = iamForLambda.Arn, /// Handler = "index.test", - /// Runtime = "nodejs18.x", + /// Runtime = Aws.Lambda.Runtime.NodeJS18dX, /// EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs /// { /// Size = 10240, diff --git a/sdk/dotnet/Lambda/Permission.cs b/sdk/dotnet/Lambda/Permission.cs index 5a9cee03ac3..e2a35be0356 100644 --- a/sdk/dotnet/Lambda/Permission.cs +++ b/sdk/dotnet/Lambda/Permission.cs @@ -54,7 +54,7 @@ namespace Pulumi.Aws.Lambda /// Name = "lambda_function_name", /// Role = iamForLambda.Arn, /// Handler = "exports.handler", - /// Runtime = "nodejs16.x", + /// Runtime = Aws.Lambda.Runtime.NodeJS16dX, /// }); /// /// var testAlias = new Aws.Lambda.Alias("test_alias", new() @@ -124,7 +124,7 @@ namespace Pulumi.Aws.Lambda /// Name = "lambda_called_from_sns", /// Role = defaultRole.Arn, /// Handler = "exports.handler", - /// Runtime = "python3.7", + /// Runtime = Aws.Lambda.Runtime.Python3d7, /// }); /// /// var withSns = new Aws.Lambda.Permission("with_sns", new() @@ -231,7 +231,7 @@ namespace Pulumi.Aws.Lambda /// Name = "lambda_called_from_cloudwatch_logs", /// Handler = "exports.handler", /// Role = defaultRole.Arn, - /// Runtime = "python3.7", + /// Runtime = Aws.Lambda.Runtime.Python3d7, /// }); /// /// var logging = new Aws.Lambda.Permission("logging", new() diff --git a/sdk/dotnet/LicenseManager/Association.cs b/sdk/dotnet/LicenseManager/Association.cs index 487641059d2..ae6d2646bca 100644 --- a/sdk/dotnet/LicenseManager/Association.cs +++ b/sdk/dotnet/LicenseManager/Association.cs @@ -48,7 +48,7 @@ namespace Pulumi.Aws.LicenseManager /// var exampleInstance = new Aws.Ec2.Instance("example", new() /// { /// Ami = example.Apply(getAmiResult => getAmiResult.Id), - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// }); /// /// var exampleLicenseConfiguration = new Aws.LicenseManager.LicenseConfiguration("example", new() diff --git a/sdk/dotnet/Rds/Cluster.cs b/sdk/dotnet/Rds/Cluster.cs index fa5181a5e42..c28eb4010b4 100644 --- a/sdk/dotnet/Rds/Cluster.cs +++ b/sdk/dotnet/Rds/Cluster.cs @@ -43,7 +43,7 @@ namespace Pulumi.Aws.Rds /// var @default = new Aws.Rds.Cluster("default", new() /// { /// ClusterIdentifier = "aurora-cluster-demo", - /// Engine = "aurora-mysql", + /// Engine = Aws.Rds.EngineType.AuroraMysql, /// EngineVersion = "5.7.mysql_aurora.2.03.2", /// AvailabilityZones = new[] /// { @@ -107,7 +107,7 @@ namespace Pulumi.Aws.Rds /// var postgresql = new Aws.Rds.Cluster("postgresql", new() /// { /// ClusterIdentifier = "aurora-cluster-demo", - /// Engine = "aurora-postgresql", + /// Engine = Aws.Rds.EngineType.AuroraPostgresql, /// AvailabilityZones = new[] /// { /// "us-west-2a", @@ -183,8 +183,8 @@ namespace Pulumi.Aws.Rds /// var example = new Aws.Rds.Cluster("example", new() /// { /// ClusterIdentifier = "example", - /// Engine = "aurora-postgresql", - /// EngineMode = "provisioned", + /// Engine = Aws.Rds.EngineType.AuroraPostgresql, + /// EngineMode = Aws.Rds.EngineMode.Provisioned, /// EngineVersion = "13.6", /// DatabaseName = "test", /// MasterUsername = "test", @@ -288,7 +288,7 @@ namespace Pulumi.Aws.Rds /// /// var exampleCluster = new Aws.Rds.Cluster("example", new() /// { - /// Engine = "aurora", + /// Engine = Aws.Rds.EngineType.Aurora, /// EngineVersion = "5.6.mysql_aurora.1.22.4", /// ClusterIdentifier = "example", /// SnapshotIdentifier = example.Apply(getClusterSnapshotResult => getClusterSnapshotResult.Id), diff --git a/sdk/dotnet/Rds/ClusterActivityStream.cs b/sdk/dotnet/Rds/ClusterActivityStream.cs index 2c9e9a69a5b..3becc35e830 100644 --- a/sdk/dotnet/Rds/ClusterActivityStream.cs +++ b/sdk/dotnet/Rds/ClusterActivityStream.cs @@ -43,7 +43,7 @@ namespace Pulumi.Aws.Rds /// DatabaseName = "mydb", /// MasterUsername = "foo", /// MasterPassword = "mustbeeightcharaters", - /// Engine = "aurora-postgresql", + /// Engine = Aws.Rds.EngineType.AuroraPostgresql, /// EngineVersion = "13.4", /// }); /// @@ -52,7 +52,7 @@ namespace Pulumi.Aws.Rds /// Identifier = "aurora-instance-demo", /// ClusterIdentifier = @default.ClusterIdentifier, /// Engine = @default.Engine, - /// InstanceClass = "db.r6g.large", + /// InstanceClass = Aws.Rds.InstanceType.R6G_Large, /// }); /// /// var defaultKey = new Aws.Kms.Key("default", new() diff --git a/sdk/dotnet/Rds/ClusterEndpoint.cs b/sdk/dotnet/Rds/ClusterEndpoint.cs index 8efa26c4697..03d266f5a49 100644 --- a/sdk/dotnet/Rds/ClusterEndpoint.cs +++ b/sdk/dotnet/Rds/ClusterEndpoint.cs @@ -45,7 +45,7 @@ namespace Pulumi.Aws.Rds /// ApplyImmediately = true, /// ClusterIdentifier = @default.Id, /// Identifier = "test1", - /// InstanceClass = "db.t2.small", + /// InstanceClass = Aws.Rds.InstanceType.T2_Small, /// Engine = @default.Engine, /// EngineVersion = @default.EngineVersion, /// }); @@ -55,7 +55,7 @@ namespace Pulumi.Aws.Rds /// ApplyImmediately = true, /// ClusterIdentifier = @default.Id, /// Identifier = "test2", - /// InstanceClass = "db.t2.small", + /// InstanceClass = Aws.Rds.InstanceType.T2_Small, /// Engine = @default.Engine, /// EngineVersion = @default.EngineVersion, /// }); @@ -65,7 +65,7 @@ namespace Pulumi.Aws.Rds /// ApplyImmediately = true, /// ClusterIdentifier = @default.Id, /// Identifier = "test3", - /// InstanceClass = "db.t2.small", + /// InstanceClass = Aws.Rds.InstanceType.T2_Small, /// Engine = @default.Engine, /// EngineVersion = @default.EngineVersion, /// }); diff --git a/sdk/dotnet/Rds/ClusterInstance.cs b/sdk/dotnet/Rds/ClusterInstance.cs index e02e312f9c5..c724ce53daa 100644 --- a/sdk/dotnet/Rds/ClusterInstance.cs +++ b/sdk/dotnet/Rds/ClusterInstance.cs @@ -60,7 +60,7 @@ namespace Pulumi.Aws.Rds /// { /// Identifier = $"aurora-cluster-demo-{range.Value}", /// ClusterIdentifier = @default.Id, - /// InstanceClass = "db.r4.large", + /// InstanceClass = Aws.Rds.InstanceType.R4_Large, /// Engine = @default.Engine, /// EngineVersion = @default.EngineVersion, /// })); diff --git a/sdk/dotnet/Rds/EventSubscription.cs b/sdk/dotnet/Rds/EventSubscription.cs index 7a093c1c76f..f79abcbdd19 100644 --- a/sdk/dotnet/Rds/EventSubscription.cs +++ b/sdk/dotnet/Rds/EventSubscription.cs @@ -28,7 +28,7 @@ namespace Pulumi.Aws.Rds /// AllocatedStorage = 10, /// Engine = "mysql", /// EngineVersion = "5.6.17", - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "mydb", /// Username = "foo", /// Password = "bar", diff --git a/sdk/dotnet/Rds/ExportTask.cs b/sdk/dotnet/Rds/ExportTask.cs index 138e90af6ab..4e96c2e4772 100644 --- a/sdk/dotnet/Rds/ExportTask.cs +++ b/sdk/dotnet/Rds/ExportTask.cs @@ -151,7 +151,7 @@ namespace Pulumi.Aws.Rds /// DbName = "test", /// Engine = "mysql", /// EngineVersion = "5.7", - /// InstanceClass = "db.t3.micro", + /// InstanceClass = Aws.Rds.InstanceType.T3_Micro, /// Username = "foo", /// Password = "foobarbaz", /// ParameterGroupName = "default.mysql5.7", diff --git a/sdk/dotnet/Rds/GetClusterSnapshot.cs b/sdk/dotnet/Rds/GetClusterSnapshot.cs index ff77a9e7583..e2dbce002b9 100644 --- a/sdk/dotnet/Rds/GetClusterSnapshot.cs +++ b/sdk/dotnet/Rds/GetClusterSnapshot.cs @@ -46,7 +46,7 @@ public static class GetClusterSnapshot /// var auroraClusterInstance = new Aws.Rds.ClusterInstance("aurora", new() /// { /// ClusterIdentifier = aurora.Id, - /// InstanceClass = "db.t2.small", + /// InstanceClass = Aws.Rds.InstanceType.T2_Small, /// DbSubnetGroupName = "my_db_subnet_group", /// }); /// @@ -92,7 +92,7 @@ public static Task InvokeAsync(GetClusterSnapshotArgs? /// var auroraClusterInstance = new Aws.Rds.ClusterInstance("aurora", new() /// { /// ClusterIdentifier = aurora.Id, - /// InstanceClass = "db.t2.small", + /// InstanceClass = Aws.Rds.InstanceType.T2_Small, /// DbSubnetGroupName = "my_db_subnet_group", /// }); /// diff --git a/sdk/dotnet/Rds/GetSnapshot.cs b/sdk/dotnet/Rds/GetSnapshot.cs index 8dfd79d0918..0c8b393e94b 100644 --- a/sdk/dotnet/Rds/GetSnapshot.cs +++ b/sdk/dotnet/Rds/GetSnapshot.cs @@ -33,7 +33,7 @@ public static class GetSnapshot /// AllocatedStorage = 10, /// Engine = "mysql", /// EngineVersion = "5.6.17", - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "mydb", /// Username = "foo", /// Password = "bar", @@ -50,7 +50,7 @@ public static class GetSnapshot /// // Use the latest production snapshot to create a dev instance. /// var dev = new Aws.Rds.Instance("dev", new() /// { - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "mydbdev", /// SnapshotIdentifier = latestProdSnapshot.Apply(getSnapshotResult => getSnapshotResult.Id), /// }); @@ -84,7 +84,7 @@ public static Task InvokeAsync(GetSnapshotArgs? args = null, /// AllocatedStorage = 10, /// Engine = "mysql", /// EngineVersion = "5.6.17", - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "mydb", /// Username = "foo", /// Password = "bar", @@ -101,7 +101,7 @@ public static Task InvokeAsync(GetSnapshotArgs? args = null, /// // Use the latest production snapshot to create a dev instance. /// var dev = new Aws.Rds.Instance("dev", new() /// { - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "mydbdev", /// SnapshotIdentifier = latestProdSnapshot.Apply(getSnapshotResult => getSnapshotResult.Id), /// }); diff --git a/sdk/dotnet/Rds/GlobalCluster.cs b/sdk/dotnet/Rds/GlobalCluster.cs index 3652be3619e..c4530d230a0 100644 --- a/sdk/dotnet/Rds/GlobalCluster.cs +++ b/sdk/dotnet/Rds/GlobalCluster.cs @@ -53,7 +53,7 @@ namespace Pulumi.Aws.Rds /// EngineVersion = example.EngineVersion, /// Identifier = "test-primary-cluster-instance", /// ClusterIdentifier = primary.Id, - /// InstanceClass = "db.r4.large", + /// InstanceClass = Aws.Rds.InstanceType.R4_Large, /// DbSubnetGroupName = "default", /// }); /// @@ -72,7 +72,7 @@ namespace Pulumi.Aws.Rds /// EngineVersion = example.EngineVersion, /// Identifier = "test-secondary-cluster-instance", /// ClusterIdentifier = secondary.Id, - /// InstanceClass = "db.r4.large", + /// InstanceClass = Aws.Rds.InstanceType.R4_Large, /// DbSubnetGroupName = "default", /// }); /// @@ -117,7 +117,7 @@ namespace Pulumi.Aws.Rds /// EngineVersion = example.EngineVersion, /// Identifier = "test-primary-cluster-instance", /// ClusterIdentifier = primary.Id, - /// InstanceClass = "db.r4.large", + /// InstanceClass = Aws.Rds.InstanceType.R4_Large, /// DbSubnetGroupName = "default", /// }); /// @@ -137,7 +137,7 @@ namespace Pulumi.Aws.Rds /// EngineVersion = example.EngineVersion, /// Identifier = "test-secondary-cluster-instance", /// ClusterIdentifier = secondary.Id, - /// InstanceClass = "db.r4.large", + /// InstanceClass = Aws.Rds.InstanceType.R4_Large, /// DbSubnetGroupName = "default", /// }); /// @@ -210,7 +210,7 @@ namespace Pulumi.Aws.Rds /// Engine = primary.Engine, /// EngineVersion = primary.EngineVersion, /// Identifier = "donetsklviv", - /// InstanceClass = "db.r4.large", + /// InstanceClass = Aws.Rds.InstanceType.R4_Large, /// }); /// /// }); diff --git a/sdk/dotnet/Rds/Instance.cs b/sdk/dotnet/Rds/Instance.cs index f290b689936..1bb384e0df7 100644 --- a/sdk/dotnet/Rds/Instance.cs +++ b/sdk/dotnet/Rds/Instance.cs @@ -66,7 +66,7 @@ namespace Pulumi.Aws.Rds /// DbName = "mydb", /// Engine = "mysql", /// EngineVersion = "5.7", - /// InstanceClass = "db.t3.micro", + /// InstanceClass = Aws.Rds.InstanceType.T3_Micro, /// Username = "foo", /// Password = "foobarbaz", /// ParameterGroupName = "default.mysql5.7", @@ -119,7 +119,7 @@ namespace Pulumi.Aws.Rds /// Engine = custom_oracle.Apply(custom_oracle => custom_oracle.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.Engine)), /// EngineVersion = custom_oracle.Apply(custom_oracle => custom_oracle.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.EngineVersion)), /// Identifier = "ee-instance-demo", - /// InstanceClass = custom_oracle.Apply(custom_oracle => custom_oracle.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse<Aws.Rds.InstanceType.InstanceType>), + /// InstanceClass = custom_oracle.Apply(custom_oracle => custom_oracle.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse<Aws.Rds.InstanceType>), /// KmsKeyId = byId.Apply(getKeyResult => getKeyResult.Arn), /// LicenseModel = custom_oracle.Apply(custom_oracle => custom_oracle.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.LicenseModel)), /// MultiAz = false, @@ -136,7 +136,7 @@ namespace Pulumi.Aws.Rds /// CustomIamInstanceProfile = "AWSRDSCustomInstanceProfile", /// BackupRetentionPeriod = 7, /// Identifier = "ee-instance-replica", - /// InstanceClass = custom_oracle.Apply(custom_oracle => custom_oracle.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse<Aws.Rds.InstanceType.InstanceType>), + /// InstanceClass = custom_oracle.Apply(custom_oracle => custom_oracle.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse<Aws.Rds.InstanceType>), /// KmsKeyId = byId.Apply(getKeyResult => getKeyResult.Arn), /// MultiAz = false, /// SkipFinalSnapshot = true, @@ -188,7 +188,7 @@ namespace Pulumi.Aws.Rds /// Engine = custom_sqlserver.Apply(custom_sqlserver => custom_sqlserver.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.Engine)), /// EngineVersion = custom_sqlserver.Apply(custom_sqlserver => custom_sqlserver.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.EngineVersion)), /// Identifier = "sql-instance-demo", - /// InstanceClass = custom_sqlserver.Apply(custom_sqlserver => custom_sqlserver.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse<Aws.Rds.InstanceType.InstanceType>), + /// InstanceClass = custom_sqlserver.Apply(custom_sqlserver => custom_sqlserver.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse<Aws.Rds.InstanceType>), /// KmsKeyId = byId.Apply(getKeyResult => getKeyResult.Arn), /// MultiAz = false, /// Password = "avoid-plaintext-passwords", @@ -263,7 +263,7 @@ namespace Pulumi.Aws.Rds /// Engine = example.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.Engine), /// EngineVersion = example.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.EngineVersion), /// Identifier = "db2-instance-demo", - /// InstanceClass = example.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse<Aws.Rds.InstanceType.InstanceType>), + /// InstanceClass = example.Apply(getOrderableDbInstanceResult => getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse<Aws.Rds.InstanceType>), /// ParameterGroupName = exampleParameterGroup.Name, /// Password = "avoid-plaintext-passwords", /// Username = "test", @@ -317,7 +317,7 @@ namespace Pulumi.Aws.Rds /// DbName = "mydb", /// Engine = "mysql", /// EngineVersion = "5.7", - /// InstanceClass = "db.t3.micro", + /// InstanceClass = Aws.Rds.InstanceType.T3_Micro, /// ManageMasterUserPassword = true, /// Username = "foo", /// ParameterGroupName = "default.mysql5.7", @@ -353,7 +353,7 @@ namespace Pulumi.Aws.Rds /// DbName = "mydb", /// Engine = "mysql", /// EngineVersion = "5.7", - /// InstanceClass = "db.t3.micro", + /// InstanceClass = Aws.Rds.InstanceType.T3_Micro, /// ManageMasterUserPassword = true, /// MasterUserSecretKmsKeyId = example.KeyId, /// Username = "foo", diff --git a/sdk/dotnet/Rds/InstanceAutomatedBackupsReplication.cs b/sdk/dotnet/Rds/InstanceAutomatedBackupsReplication.cs index 97bc1609171..dfb026ced00 100644 --- a/sdk/dotnet/Rds/InstanceAutomatedBackupsReplication.cs +++ b/sdk/dotnet/Rds/InstanceAutomatedBackupsReplication.cs @@ -75,7 +75,7 @@ namespace Pulumi.Aws.Rds /// Identifier = "mydb", /// Engine = "postgres", /// EngineVersion = "13.4", - /// InstanceClass = "db.t3.micro", + /// InstanceClass = Aws.Rds.InstanceType.T3_Micro, /// DbName = "mydb", /// Username = "masterusername", /// Password = "mustbeeightcharacters", diff --git a/sdk/dotnet/Rds/Snapshot.cs b/sdk/dotnet/Rds/Snapshot.cs index 4e2869a8874..1963ecaaecd 100644 --- a/sdk/dotnet/Rds/Snapshot.cs +++ b/sdk/dotnet/Rds/Snapshot.cs @@ -28,7 +28,7 @@ namespace Pulumi.Aws.Rds /// AllocatedStorage = 10, /// Engine = "mysql", /// EngineVersion = "5.6.21", - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "baz", /// Password = "barbarbarbar", /// Username = "foo", diff --git a/sdk/dotnet/Rds/SnapshotCopy.cs b/sdk/dotnet/Rds/SnapshotCopy.cs index c920655f8a0..b3931de8177 100644 --- a/sdk/dotnet/Rds/SnapshotCopy.cs +++ b/sdk/dotnet/Rds/SnapshotCopy.cs @@ -28,7 +28,7 @@ namespace Pulumi.Aws.Rds /// AllocatedStorage = 10, /// Engine = "mysql", /// EngineVersion = "5.6.21", - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "baz", /// Password = "barbarbarbar", /// Username = "foo", diff --git a/sdk/dotnet/Route53/GetZone.cs b/sdk/dotnet/Route53/GetZone.cs index bf96f109c92..af9ffae0970 100644 --- a/sdk/dotnet/Route53/GetZone.cs +++ b/sdk/dotnet/Route53/GetZone.cs @@ -39,7 +39,7 @@ public static class GetZone /// { /// ZoneId = selected.Apply(getZoneResult => getZoneResult.ZoneId), /// Name = $"www.{selected.Apply(getZoneResult => getZoneResult.Name)}", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Ttl = 300, /// Records = new[] /// { @@ -82,7 +82,7 @@ public static Task InvokeAsync(GetZoneArgs? args = null, InvokeOp /// { /// ZoneId = selected.Apply(getZoneResult => getZoneResult.ZoneId), /// Name = $"www.{selected.Apply(getZoneResult => getZoneResult.Name)}", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Ttl = 300, /// Records = new[] /// { diff --git a/sdk/dotnet/Route53/Record.cs b/sdk/dotnet/Route53/Record.cs index a6708ebb5e4..c00ff1d6446 100644 --- a/sdk/dotnet/Route53/Record.cs +++ b/sdk/dotnet/Route53/Record.cs @@ -29,7 +29,7 @@ namespace Pulumi.Aws.Route53 /// { /// ZoneId = primary.ZoneId, /// Name = "www.example.com", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Ttl = 300, /// Records = new[] /// { @@ -58,7 +58,7 @@ namespace Pulumi.Aws.Route53 /// { /// ZoneId = primary.ZoneId, /// Name = "www", - /// Type = "CNAME", + /// Type = Aws.Route53.RecordType.CNAME, /// Ttl = 5, /// WeightedRoutingPolicies = new[] /// { @@ -78,7 +78,7 @@ namespace Pulumi.Aws.Route53 /// { /// ZoneId = primary.ZoneId, /// Name = "www", - /// Type = "CNAME", + /// Type = Aws.Route53.RecordType.CNAME, /// Ttl = 5, /// WeightedRoutingPolicies = new[] /// { @@ -113,7 +113,7 @@ namespace Pulumi.Aws.Route53 /// { /// ZoneId = primary.ZoneId, /// Name = "www.example.com", - /// Type = "CNAME", + /// Type = Aws.Route53.RecordType.CNAME, /// Ttl = 300, /// GeoproximityRoutingPolicy = new Aws.Route53.Inputs.RecordGeoproximityRoutingPolicyArgs /// { @@ -177,7 +177,7 @@ namespace Pulumi.Aws.Route53 /// { /// ZoneId = primary.ZoneId, /// Name = "example.com", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Aliases = new[] /// { /// new Aws.Route53.Inputs.RecordAliasArgs @@ -216,7 +216,7 @@ namespace Pulumi.Aws.Route53 /// AllowOverwrite = true, /// Name = "test.example.com", /// Ttl = 172800, - /// Type = "NS", + /// Type = Aws.Route53.RecordType.NS, /// ZoneId = example.ZoneId, /// Records = new[] /// { diff --git a/sdk/dotnet/Route53/Zone.cs b/sdk/dotnet/Route53/Zone.cs index 43c0ccf3ccb..fc3b7fb4d15 100644 --- a/sdk/dotnet/Route53/Zone.cs +++ b/sdk/dotnet/Route53/Zone.cs @@ -67,7 +67,7 @@ namespace Pulumi.Aws.Route53 /// { /// ZoneId = main.ZoneId, /// Name = "dev.example.com", - /// Type = "NS", + /// Type = Aws.Route53.RecordType.NS, /// Ttl = 30, /// Records = dev.NameServers, /// }); diff --git a/sdk/dotnet/S3/Bucket.cs b/sdk/dotnet/S3/Bucket.cs index e7094ff04ce..523ea33bb41 100644 --- a/sdk/dotnet/S3/Bucket.cs +++ b/sdk/dotnet/S3/Bucket.cs @@ -32,7 +32,7 @@ namespace Pulumi.Aws.S3 /// var b = new Aws.S3.Bucket("b", new() /// { /// BucketName = "my-tf-test-bucket", - /// Acl = "private", + /// Acl = Aws.S3.CannedAcl.Private, /// Tags = /// { /// { "Name", "My bucket" }, @@ -59,7 +59,7 @@ namespace Pulumi.Aws.S3 /// var b = new Aws.S3.Bucket("b", new() /// { /// BucketName = "s3-website-test.mydomain.com", - /// Acl = "public-read", + /// Acl = Aws.S3.CannedAcl.PublicRead, /// Policy = Std.File.Invoke(new() /// { /// Input = "policy.json", @@ -98,7 +98,7 @@ namespace Pulumi.Aws.S3 /// var b = new Aws.S3.Bucket("b", new() /// { /// BucketName = "s3-website-test.mydomain.com", - /// Acl = "public-read", + /// Acl = Aws.S3.CannedAcl.PublicRead, /// CorsRules = new[] /// { /// new Aws.S3.Inputs.BucketCorsRuleArgs @@ -143,7 +143,7 @@ namespace Pulumi.Aws.S3 /// var b = new Aws.S3.Bucket("b", new() /// { /// BucketName = "my-tf-test-bucket", - /// Acl = "private", + /// Acl = Aws.S3.CannedAcl.Private, /// Versioning = new Aws.S3.Inputs.BucketVersioningArgs /// { /// Enabled = true, @@ -168,13 +168,13 @@ namespace Pulumi.Aws.S3 /// var logBucket = new Aws.S3.Bucket("log_bucket", new() /// { /// BucketName = "my-tf-log-bucket", - /// Acl = "log-delivery-write", + /// Acl = Aws.S3.CannedAcl.LogDeliveryWrite, /// }); /// /// var b = new Aws.S3.Bucket("b", new() /// { /// BucketName = "my-tf-test-bucket", - /// Acl = "private", + /// Acl = Aws.S3.CannedAcl.Private, /// Loggings = new[] /// { /// new Aws.S3.Inputs.BucketLoggingArgs @@ -203,7 +203,7 @@ namespace Pulumi.Aws.S3 /// var bucket = new Aws.S3.Bucket("bucket", new() /// { /// BucketName = "my-bucket", - /// Acl = "private", + /// Acl = Aws.S3.CannedAcl.Private, /// LifecycleRules = new[] /// { /// new Aws.S3.Inputs.BucketLifecycleRuleArgs @@ -250,7 +250,7 @@ namespace Pulumi.Aws.S3 /// var versioningBucket = new Aws.S3.Bucket("versioning_bucket", new() /// { /// BucketName = "my-versioning-bucket", - /// Acl = "private", + /// Acl = Aws.S3.CannedAcl.Private, /// Versioning = new Aws.S3.Inputs.BucketVersioningArgs /// { /// Enabled = true, @@ -330,7 +330,7 @@ namespace Pulumi.Aws.S3 /// var source = new Aws.S3.Bucket("source", new() /// { /// BucketName = "tf-test-bucket-source-12345", - /// Acl = "private", + /// Acl = Aws.S3.CannedAcl.Private, /// Versioning = new Aws.S3.Inputs.BucketVersioningArgs /// { /// Enabled = true, diff --git a/sdk/dotnet/S3/BucketNotification.cs b/sdk/dotnet/S3/BucketNotification.cs index 8512f8c7a10..76e31103edf 100644 --- a/sdk/dotnet/S3/BucketNotification.cs +++ b/sdk/dotnet/S3/BucketNotification.cs @@ -237,7 +237,7 @@ namespace Pulumi.Aws.S3 /// Name = "example_lambda_name", /// Role = iamForLambda.Arn, /// Handler = "exports.example", - /// Runtime = "go1.x", + /// Runtime = Aws.Lambda.Runtime.Go1dx, /// }); /// /// var bucket = new Aws.S3.BucketV2("bucket", new() @@ -325,7 +325,7 @@ namespace Pulumi.Aws.S3 /// Name = "example_lambda_name1", /// Role = iamForLambda.Arn, /// Handler = "exports.example", - /// Runtime = "go1.x", + /// Runtime = Aws.Lambda.Runtime.Go1dx, /// }); /// /// var bucket = new Aws.S3.BucketV2("bucket", new() diff --git a/sdk/dotnet/S3/GetBucket.cs b/sdk/dotnet/S3/GetBucket.cs index 34068bc4ef8..1c7fcddc061 100644 --- a/sdk/dotnet/S3/GetBucket.cs +++ b/sdk/dotnet/S3/GetBucket.cs @@ -44,7 +44,7 @@ public static class GetBucket /// { /// ZoneId = testZone.Apply(getZoneResult => getZoneResult.Id), /// Name = "bucket", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Aliases = new[] /// { /// new Aws.Route53.Inputs.RecordAliasArgs @@ -127,7 +127,7 @@ public static Task InvokeAsync(GetBucketArgs args, InvokeOption /// { /// ZoneId = testZone.Apply(getZoneResult => getZoneResult.Id), /// Name = "bucket", - /// Type = "A", + /// Type = Aws.Route53.RecordType.A, /// Aliases = new[] /// { /// new Aws.Route53.Inputs.RecordAliasArgs diff --git a/sdk/dotnet/S3/GetBucketObject.cs b/sdk/dotnet/S3/GetBucketObject.cs index 61c3fc97969..9a885303fe7 100644 --- a/sdk/dotnet/S3/GetBucketObject.cs +++ b/sdk/dotnet/S3/GetBucketObject.cs @@ -41,7 +41,7 @@ public static class GetBucketObject /// /// var example = new Aws.Ec2.Instance("example", new() /// { - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// Ami = "ami-2757f631", /// UserData = bootstrapScript.Apply(getBucketObjectResult => getBucketObjectResult.Body), /// }); @@ -118,7 +118,7 @@ public static Task InvokeAsync(GetBucketObjectArgs args, /// /// var example = new Aws.Ec2.Instance("example", new() /// { - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// Ami = "ami-2757f631", /// UserData = bootstrapScript.Apply(getBucketObjectResult => getBucketObjectResult.Body), /// }); diff --git a/sdk/dotnet/S3/GetObject.cs b/sdk/dotnet/S3/GetObject.cs index 7c94c09040f..768ae91a258 100644 --- a/sdk/dotnet/S3/GetObject.cs +++ b/sdk/dotnet/S3/GetObject.cs @@ -39,7 +39,7 @@ public static class GetObject /// /// var example = new Aws.Ec2.Instance("example", new() /// { - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// Ami = "ami-2757f631", /// UserData = bootstrapScript.Apply(getObjectResult => getObjectResult.Body), /// }); @@ -114,7 +114,7 @@ public static Task InvokeAsync(GetObjectArgs args, InvokeOption /// /// var example = new Aws.Ec2.Instance("example", new() /// { - /// InstanceType = "t2.micro", + /// InstanceType = Aws.Ec2.InstanceType.T2_Micro, /// Ami = "ami-2757f631", /// UserData = bootstrapScript.Apply(getObjectResult => getObjectResult.Body), /// }); diff --git a/sdk/dotnet/Ses/DomainDkim.cs b/sdk/dotnet/Ses/DomainDkim.cs index 08a877dc86c..e8935274a07 100644 --- a/sdk/dotnet/Ses/DomainDkim.cs +++ b/sdk/dotnet/Ses/DomainDkim.cs @@ -43,7 +43,7 @@ namespace Pulumi.Aws.Ses /// { /// ZoneId = "ABCDEFGHIJ123", /// Name = exampleDomainDkim.DkimTokens.Apply(dkimTokens => $"{dkimTokens[range.Value]}._domainkey"), - /// Type = "CNAME", + /// Type = Aws.Route53.RecordType.CNAME, /// Ttl = 600, /// Records = new[] /// { diff --git a/sdk/dotnet/Ses/DomainIdentity.cs b/sdk/dotnet/Ses/DomainIdentity.cs index b93a4f3d5ec..2135780fec2 100644 --- a/sdk/dotnet/Ses/DomainIdentity.cs +++ b/sdk/dotnet/Ses/DomainIdentity.cs @@ -54,7 +54,7 @@ namespace Pulumi.Aws.Ses /// { /// ZoneId = "ABCDEFGHIJ123", /// Name = "_amazonses.example.com", - /// Type = "TXT", + /// Type = Aws.Route53.RecordType.TXT, /// Ttl = 600, /// Records = new[] /// { diff --git a/sdk/dotnet/Ses/DomainIdentityVerification.cs b/sdk/dotnet/Ses/DomainIdentityVerification.cs index 7fdc37203b5..698dc798579 100644 --- a/sdk/dotnet/Ses/DomainIdentityVerification.cs +++ b/sdk/dotnet/Ses/DomainIdentityVerification.cs @@ -38,7 +38,7 @@ namespace Pulumi.Aws.Ses /// { /// ZoneId = exampleAwsRoute53Zone.ZoneId, /// Name = example.Id.Apply(id => $"_amazonses.{id}"), - /// Type = "TXT", + /// Type = Aws.Route53.RecordType.TXT, /// Ttl = 600, /// Records = new[] /// { diff --git a/sdk/dotnet/Ses/MailFrom.cs b/sdk/dotnet/Ses/MailFrom.cs index cb5da7159a9..00b9cc35c6d 100644 --- a/sdk/dotnet/Ses/MailFrom.cs +++ b/sdk/dotnet/Ses/MailFrom.cs @@ -44,7 +44,7 @@ namespace Pulumi.Aws.Ses /// { /// ZoneId = exampleAwsRoute53Zone.Id, /// Name = example.MailFromDomain, - /// Type = "MX", + /// Type = Aws.Route53.RecordType.MX, /// Ttl = 600, /// Records = new[] /// { @@ -57,7 +57,7 @@ namespace Pulumi.Aws.Ses /// { /// ZoneId = exampleAwsRoute53Zone.Id, /// Name = example.MailFromDomain, - /// Type = "TXT", + /// Type = Aws.Route53.RecordType.TXT, /// Ttl = 600, /// Records = new[] /// { diff --git a/sdk/dotnet/Ssm/Parameter.cs b/sdk/dotnet/Ssm/Parameter.cs index b78c8d1a783..4bf95e18435 100644 --- a/sdk/dotnet/Ssm/Parameter.cs +++ b/sdk/dotnet/Ssm/Parameter.cs @@ -30,7 +30,7 @@ namespace Pulumi.Aws.Ssm /// var foo = new Aws.Ssm.Parameter("foo", new() /// { /// Name = "foo", - /// Type = "String", + /// Type = Aws.Ssm.ParameterType.String, /// Value = "bar", /// }); /// @@ -52,10 +52,10 @@ namespace Pulumi.Aws.Ssm /// var @default = new Aws.Rds.Instance("default", new() /// { /// AllocatedStorage = 10, - /// StorageType = "gp2", + /// StorageType = Aws.Rds.StorageType.GP2, /// Engine = "mysql", /// EngineVersion = "5.7.16", - /// InstanceClass = "db.t2.micro", + /// InstanceClass = Aws.Rds.InstanceType.T2_Micro, /// DbName = "mydb", /// Username = "foo", /// Password = databaseMasterPassword, @@ -67,7 +67,7 @@ namespace Pulumi.Aws.Ssm /// { /// Name = "/production/database/password/master", /// Description = "The parameter description", - /// Type = "SecureString", + /// Type = Aws.Ssm.ParameterType.SecureString, /// Value = databaseMasterPassword, /// Tags = /// { diff --git a/sdk/dotnet/StorageGateway/FileSystemAssociation.cs b/sdk/dotnet/StorageGateway/FileSystemAssociation.cs index f700784bfed..70ed2159798 100644 --- a/sdk/dotnet/StorageGateway/FileSystemAssociation.cs +++ b/sdk/dotnet/StorageGateway/FileSystemAssociation.cs @@ -58,7 +58,7 @@ namespace Pulumi.Aws.StorageGateway /// { /// Ami = awsServiceStoragegatewayAmiFILES3Latest.Apply(getParameterResult => getParameterResult.Value), /// AssociatePublicIpAddress = true, - /// InstanceType = System.Enum.Parse<Aws.Ec2.InstanceType.InstanceType>(available.InstanceType), + /// InstanceType = System.Enum.Parse<Aws.Ec2.InstanceType>(available.InstanceType), /// VpcSecurityGroupIds = new[] /// { /// testAwsSecurityGroup.Id, diff --git a/sdk/go/aws/acmpca/policy.go b/sdk/go/aws/acmpca/policy.go index 4d9a4536cc4..fa9bb70a2cd 100644 --- a/sdk/go/aws/acmpca/policy.go +++ b/sdk/go/aws/acmpca/policy.go @@ -89,7 +89,7 @@ import ( // } // _, err = acmpca.NewPolicy(ctx, "example", &acmpca.PolicyArgs{ // ResourceArn: pulumi.Any(exampleAwsAcmpcaCertificateAuthority.Arn), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/apigateway/account.go b/sdk/go/aws/apigateway/account.go index 92fabb81a3e..2a7f2571dee 100644 --- a/sdk/go/aws/apigateway/account.go +++ b/sdk/go/aws/apigateway/account.go @@ -54,7 +54,7 @@ import ( // } // cloudwatchRole, err := iam.NewRole(ctx, "cloudwatch", &iam.RoleArgs{ // Name: pulumi.String("api_gateway_cloudwatch_global"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -90,7 +90,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "cloudwatch", &iam.RolePolicyArgs{ // Name: pulumi.String("default"), // Role: cloudwatchRole.ID(), -// Policy: *pulumi.String(cloudwatch.Json), +// Policy: pulumi.String(cloudwatch.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/apigateway/authorizer.go b/sdk/go/aws/apigateway/authorizer.go index 82727aba0ad..8cb60d2033e 100644 --- a/sdk/go/aws/apigateway/authorizer.go +++ b/sdk/go/aws/apigateway/authorizer.go @@ -62,7 +62,7 @@ import ( // invocationRole, err := iam.NewRole(ctx, "invocation_role", &iam.RoleArgs{ // Name: pulumi.String("api_gateway_auth_invocation"), // Path: pulumi.String("/"), -// AssumeRolePolicy: *pulumi.String(invocationAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(invocationAssumeRole.Json), // }) // if err != nil { // return err @@ -90,7 +90,7 @@ import ( // } // lambda, err := iam.NewRole(ctx, "lambda", &iam.RoleArgs{ // Name: pulumi.String("demo-lambda"), -// AssumeRolePolicy: *pulumi.String(lambdaAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(lambdaAssumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/apigateway/domainName.go b/sdk/go/aws/apigateway/domainName.go index baafa3cc0f5..ffafcb9f6d2 100644 --- a/sdk/go/aws/apigateway/domainName.go +++ b/sdk/go/aws/apigateway/domainName.go @@ -68,7 +68,7 @@ import ( // // Route53 is not specifically required; any DNS host can be used. // _, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{ // Name: example.DomainName, -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ @@ -118,7 +118,7 @@ import ( // // Route53 is not specifically required; any DNS host can be used. // _, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{ // Name: example.DomainName, -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ diff --git a/sdk/go/aws/apigateway/integration.go b/sdk/go/aws/apigateway/integration.go index b2d82700006..11f1fc1105e 100644 --- a/sdk/go/aws/apigateway/integration.go +++ b/sdk/go/aws/apigateway/integration.go @@ -152,7 +152,7 @@ import ( // } // role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ // Name: pulumi.String("myrole"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -168,7 +168,7 @@ import ( // Name: pulumi.String("mylambda"), // Role: role.Arn, // Handler: pulumi.String("lambda.lambda_handler"), -// Runtime: pulumi.String("python3.7"), +// Runtime: pulumi.String(lambda.RuntimePython3d7), // SourceCodeHash: invokeFilebase64sha256.Result, // }) // if err != nil { diff --git a/sdk/go/aws/apigateway/restApi.go b/sdk/go/aws/apigateway/restApi.go index dc7d0a18653..754bfd915ad 100644 --- a/sdk/go/aws/apigateway/restApi.go +++ b/sdk/go/aws/apigateway/restApi.go @@ -162,7 +162,7 @@ import ( // return err // } // exampleSubnet, err := ec2.NewSubnet(ctx, "example", &ec2.SubnetArgs{ -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // CidrBlock: example.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) { // return std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{ // Input: cidrBlock, diff --git a/sdk/go/aws/apigatewayv2/domainName.go b/sdk/go/aws/apigatewayv2/domainName.go index 40265bf9a19..0296edb5b0a 100644 --- a/sdk/go/aws/apigatewayv2/domainName.go +++ b/sdk/go/aws/apigatewayv2/domainName.go @@ -82,7 +82,7 @@ import ( // } // _, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{ // Name: example.DomainName, -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // ZoneId: pulumi.Any(exampleAwsRoute53Zone.ZoneId), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ diff --git a/sdk/go/aws/apigatewayv2/integration.go b/sdk/go/aws/apigatewayv2/integration.go index f63b1da0dd2..ad76db56464 100644 --- a/sdk/go/aws/apigatewayv2/integration.go +++ b/sdk/go/aws/apigatewayv2/integration.go @@ -68,7 +68,7 @@ import ( // Name: pulumi.String("Example"), // Role: pulumi.Any(exampleAwsIamRole.Arn), // Handler: pulumi.String("index.handler"), -// Runtime: pulumi.String("nodejs16.x"), +// Runtime: pulumi.String(lambda.RuntimeNodeJS16dX), // }) // if err != nil { // return err diff --git a/sdk/go/aws/appconfig/extension.go b/sdk/go/aws/appconfig/extension.go index b3a645af8ef..8e24dfbd6c1 100644 --- a/sdk/go/aws/appconfig/extension.go +++ b/sdk/go/aws/appconfig/extension.go @@ -59,7 +59,7 @@ import ( // } // testRole, err := iam.NewRole(ctx, "test", &iam.RoleArgs{ // Name: pulumi.String("test"), -// AssumeRolePolicy: *pulumi.String(test.Json), +// AssumeRolePolicy: pulumi.String(test.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/appconfig/extensionAssociation.go b/sdk/go/aws/appconfig/extensionAssociation.go index 621213ec74f..8da4ab330b5 100644 --- a/sdk/go/aws/appconfig/extensionAssociation.go +++ b/sdk/go/aws/appconfig/extensionAssociation.go @@ -59,7 +59,7 @@ import ( // } // testRole, err := iam.NewRole(ctx, "test", &iam.RoleArgs{ // Name: pulumi.String("test"), -// AssumeRolePolicy: *pulumi.String(test.Json), +// AssumeRolePolicy: pulumi.String(test.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/appflow/flow.go b/sdk/go/aws/appflow/flow.go index 9120fed2e78..42fc24c4599 100644 --- a/sdk/go/aws/appflow/flow.go +++ b/sdk/go/aws/appflow/flow.go @@ -66,7 +66,7 @@ import ( // } // exampleSourceBucketPolicy, err := s3.NewBucketPolicy(ctx, "example_source", &s3.BucketPolicyArgs{ // Bucket: exampleSourceBucketV2.ID(), -// Policy: *pulumi.String(exampleSource.Json), +// Policy: pulumi.String(exampleSource.Json), // }) // if err != nil { // return err @@ -118,7 +118,7 @@ import ( // } // exampleDestinationBucketPolicy, err := s3.NewBucketPolicy(ctx, "example_destination", &s3.BucketPolicyArgs{ // Bucket: exampleDestinationBucketV2.ID(), -// Policy: *pulumi.String(exampleDestination.Json), +// Policy: pulumi.String(exampleDestination.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/appsync/dataSource.go b/sdk/go/aws/appsync/dataSource.go index 83707dfbd3e..8863611b49f 100644 --- a/sdk/go/aws/appsync/dataSource.go +++ b/sdk/go/aws/appsync/dataSource.go @@ -69,7 +69,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/auditmanager/getControl.go b/sdk/go/aws/auditmanager/getControl.go index 5938b3bf621..d109dbf891b 100644 --- a/sdk/go/aws/auditmanager/getControl.go +++ b/sdk/go/aws/auditmanager/getControl.go @@ -80,7 +80,7 @@ import ( // Name: pulumi.String("example"), // Controls: auditmanager.FrameworkControlSetControlArray{ // &auditmanager.FrameworkControlSetControlArgs{ -// Id: *pulumi.String(example.Id), +// Id: pulumi.String(example.Id), // }, // }, // }, @@ -88,7 +88,7 @@ import ( // Name: pulumi.String("example2"), // Controls: auditmanager.FrameworkControlSetControlArray{ // &auditmanager.FrameworkControlSetControlArgs{ -// Id: *pulumi.String(example2.Id), +// Id: pulumi.String(example2.Id), // }, // }, // }, diff --git a/sdk/go/aws/autoscaling/group.go b/sdk/go/aws/autoscaling/group.go index 1218d917368..727df500c68 100644 --- a/sdk/go/aws/autoscaling/group.go +++ b/sdk/go/aws/autoscaling/group.go @@ -38,7 +38,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // test, err := ec2.NewPlacementGroup(ctx, "test", &ec2.PlacementGroupArgs{ // Name: pulumi.String("test"), -// Strategy: pulumi.String("cluster"), +// Strategy: pulumi.String(ec2.PlacementStrategyCluster), // }) // if err != nil { // return err @@ -506,7 +506,7 @@ import ( // return err // } // exampleLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, "example", &ec2.LaunchTemplateArgs{ -// ImageId: *pulumi.String(example.Id), +// ImageId: pulumi.String(example.Id), // InstanceType: pulumi.String("t3.nano"), // }) // if err != nil { diff --git a/sdk/go/aws/backup/selection.go b/sdk/go/aws/backup/selection.go index 568ffc3b8c7..68cf3ef0f49 100644 --- a/sdk/go/aws/backup/selection.go +++ b/sdk/go/aws/backup/selection.go @@ -59,7 +59,7 @@ import ( // } // example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/batch/computeEnvironment.go b/sdk/go/aws/batch/computeEnvironment.go index 4e1fad5411c..d3810c5cfad 100644 --- a/sdk/go/aws/batch/computeEnvironment.go +++ b/sdk/go/aws/batch/computeEnvironment.go @@ -62,7 +62,7 @@ import ( // } // ecsInstanceRole, err := iam.NewRole(ctx, "ecs_instance_role", &iam.RoleArgs{ // Name: pulumi.String("ecs_instance_role"), -// AssumeRolePolicy: *pulumi.String(ec2AssumeRole.Json), +// AssumeRolePolicy: pulumi.String(ec2AssumeRole.Json), // }) // if err != nil { // return err @@ -104,7 +104,7 @@ import ( // } // awsBatchServiceRole, err := iam.NewRole(ctx, "aws_batch_service_role", &iam.RoleArgs{ // Name: pulumi.String("aws_batch_service_role"), -// AssumeRolePolicy: *pulumi.String(batchAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(batchAssumeRole.Json), // }) // if err != nil { // return err @@ -147,7 +147,7 @@ import ( // } // samplePlacementGroup, err := ec2.NewPlacementGroup(ctx, "sample", &ec2.PlacementGroupArgs{ // Name: pulumi.String("sample"), -// Strategy: pulumi.String("cluster"), +// Strategy: pulumi.String(ec2.PlacementStrategyCluster), // }) // if err != nil { // return err diff --git a/sdk/go/aws/batch/jobDefinition.go b/sdk/go/aws/batch/jobDefinition.go index 403007ddc2d..f2879c0bf72 100644 --- a/sdk/go/aws/batch/jobDefinition.go +++ b/sdk/go/aws/batch/jobDefinition.go @@ -255,7 +255,7 @@ import ( // } // ecsTaskExecutionRole, err := iam.NewRole(ctx, "ecs_task_execution_role", &iam.RoleArgs{ // Name: pulumi.String("my_test_batch_exec_role"), -// AssumeRolePolicy: *pulumi.String(assumeRolePolicy.Json), +// AssumeRolePolicy: pulumi.String(assumeRolePolicy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/bedrock/customModel.go b/sdk/go/aws/bedrock/customModel.go index 114e64f1268..ede05dabf2d 100644 --- a/sdk/go/aws/bedrock/customModel.go +++ b/sdk/go/aws/bedrock/customModel.go @@ -39,7 +39,7 @@ import ( // _, err = bedrock.NewCustomModel(ctx, "example", &bedrock.CustomModelArgs{ // CustomModelName: pulumi.String("example-model"), // JobName: pulumi.String("example-job-1"), -// BaseModelIdentifier: *pulumi.String(example.ModelArn), +// BaseModelIdentifier: pulumi.String(example.ModelArn), // RoleArn: pulumi.Any(exampleAwsIamRole.Arn), // Hyperparameters: pulumi.StringMap{ // "epochCount": pulumi.String("1"), diff --git a/sdk/go/aws/budgets/budgetAction.go b/sdk/go/aws/budgets/budgetAction.go index ca8be5ce4c8..ba993a11906 100644 --- a/sdk/go/aws/budgets/budgetAction.go +++ b/sdk/go/aws/budgets/budgetAction.go @@ -52,7 +52,7 @@ import ( // examplePolicy, err := iam.NewPolicy(ctx, "example", &iam.PolicyArgs{ // Name: pulumi.String("example"), // Description: pulumi.String("My example policy"), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err @@ -84,7 +84,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cfg/configurationAggregator.go b/sdk/go/aws/cfg/configurationAggregator.go index 449665b1959..9ca7a369189 100644 --- a/sdk/go/aws/cfg/configurationAggregator.go +++ b/sdk/go/aws/cfg/configurationAggregator.go @@ -90,7 +90,7 @@ import ( // } // organizationRole, err := iam.NewRole(ctx, "organization", &iam.RoleArgs{ // Name: pulumi.String("example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cfg/deliveryChannel.go b/sdk/go/aws/cfg/deliveryChannel.go index 1b7bc9a8480..3d6234db468 100644 --- a/sdk/go/aws/cfg/deliveryChannel.go +++ b/sdk/go/aws/cfg/deliveryChannel.go @@ -72,7 +72,7 @@ import ( // } // r, err := iam.NewRole(ctx, "r", &iam.RoleArgs{ // Name: pulumi.String("awsconfig-example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cfg/recorder.go b/sdk/go/aws/cfg/recorder.go index 541d3bbb7f8..e6d9730063e 100644 --- a/sdk/go/aws/cfg/recorder.go +++ b/sdk/go/aws/cfg/recorder.go @@ -57,7 +57,7 @@ import ( // } // r, err := iam.NewRole(ctx, "r", &iam.RoleArgs{ // Name: pulumi.String("awsconfig-example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cfg/recorderStatus.go b/sdk/go/aws/cfg/recorderStatus.go index b977e8409ab..a655b77b46c 100644 --- a/sdk/go/aws/cfg/recorderStatus.go +++ b/sdk/go/aws/cfg/recorderStatus.go @@ -58,7 +58,7 @@ import ( // } // r, err := iam.NewRole(ctx, "r", &iam.RoleArgs{ // Name: pulumi.String("example-awsconfig"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cfg/rule.go b/sdk/go/aws/cfg/rule.go index d0e70d5d20a..c54202c1dd8 100644 --- a/sdk/go/aws/cfg/rule.go +++ b/sdk/go/aws/cfg/rule.go @@ -69,7 +69,7 @@ import ( // } // rRole, err := iam.NewRole(ctx, "r", &iam.RoleArgs{ // Name: pulumi.String("my-awsconfig-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -100,7 +100,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "p", &iam.RolePolicyArgs{ // Name: pulumi.String("my-awsconfig-policy"), // Role: rRole.ID(), -// Policy: *pulumi.String(p.Json), +// Policy: pulumi.String(p.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/chime/voiceConnectorStreaming.go b/sdk/go/aws/chime/voiceConnectorStreaming.go index 62288b9141c..948e7edcbdb 100644 --- a/sdk/go/aws/chime/voiceConnectorStreaming.go +++ b/sdk/go/aws/chime/voiceConnectorStreaming.go @@ -103,7 +103,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("ExampleResourceAccessRole"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/chimesdkmediapipelines/mediaInsightsPipelineConfiguration.go b/sdk/go/aws/chimesdkmediapipelines/mediaInsightsPipelineConfiguration.go index 28491c20c45..635ec9e7a6f 100644 --- a/sdk/go/aws/chimesdkmediapipelines/mediaInsightsPipelineConfiguration.go +++ b/sdk/go/aws/chimesdkmediapipelines/mediaInsightsPipelineConfiguration.go @@ -64,7 +64,7 @@ import ( // } // callAnalyticsRole, err := iam.NewRole(ctx, "call_analytics_role", &iam.RoleArgs{ // Name: pulumi.String("CallAnalyticsRole"), -// AssumeRolePolicy: *pulumi.String(mediaPipelinesAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(mediaPipelinesAssumeRole.Json), // }) // if err != nil { // return err @@ -142,7 +142,7 @@ import ( // } // postCallRole, err := iam.NewRole(ctx, "post_call_role", &iam.RoleArgs{ // Name: pulumi.String("PostCallAccessRole"), -// AssumeRolePolicy: *pulumi.String(transcribeAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(transcribeAssumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudformation/getExport.go b/sdk/go/aws/cloudformation/getExport.go index 1eedd26d971..bc627f94955 100644 --- a/sdk/go/aws/cloudformation/getExport.go +++ b/sdk/go/aws/cloudformation/getExport.go @@ -40,8 +40,8 @@ import ( // } // _, err = ec2.NewInstance(ctx, "web", &ec2.InstanceArgs{ // Ami: pulumi.String("ami-abb07bcb"), -// InstanceType: pulumi.String("t2.micro"), -// SubnetId: *pulumi.String(subnetId.Value), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), +// SubnetId: pulumi.String(subnetId.Value), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudformation/getStack.go b/sdk/go/aws/cloudformation/getStack.go index d667c91ce6d..5ed8918e618 100644 --- a/sdk/go/aws/cloudformation/getStack.go +++ b/sdk/go/aws/cloudformation/getStack.go @@ -38,8 +38,8 @@ import ( // } // _, err = ec2.NewInstance(ctx, "web", &ec2.InstanceArgs{ // Ami: pulumi.String("ami-abb07bcb"), -// InstanceType: pulumi.String("t2.micro"), -// SubnetId: *pulumi.String(network.Outputs.SubnetId), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), +// SubnetId: pulumi.String(network.Outputs.SubnetId), // Tags: pulumi.StringMap{ // "Name": pulumi.String("HelloWorld"), // }, diff --git a/sdk/go/aws/cloudformation/stackSet.go b/sdk/go/aws/cloudformation/stackSet.go index 90fea9478f9..300b46b69c8 100644 --- a/sdk/go/aws/cloudformation/stackSet.go +++ b/sdk/go/aws/cloudformation/stackSet.go @@ -58,7 +58,7 @@ import ( // return err // } // aWSCloudFormationStackSetAdministrationRole, err := iam.NewRole(ctx, "AWSCloudFormationStackSetAdministrationRole", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json), +// AssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json), // Name: pulumi.String("AWSCloudFormationStackSetAdministrationRole"), // }) // if err != nil { diff --git a/sdk/go/aws/cloudformation/stackSetInstance.go b/sdk/go/aws/cloudformation/stackSetInstance.go index 523740d621c..652417b0196 100644 --- a/sdk/go/aws/cloudformation/stackSetInstance.go +++ b/sdk/go/aws/cloudformation/stackSetInstance.go @@ -86,7 +86,7 @@ import ( // return err // } // aWSCloudFormationStackSetExecutionRole, err := iam.NewRole(ctx, "AWSCloudFormationStackSetExecutionRole", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json), +// AssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json), // Name: pulumi.String("AWSCloudFormationStackSetExecutionRole"), // }) // if err != nil { @@ -114,7 +114,7 @@ import ( // } // _, err = iam.NewRolePolicy(ctx, "AWSCloudFormationStackSetExecutionRole_MinimumExecutionPolicy", &iam.RolePolicyArgs{ // Name: pulumi.String("MinimumExecutionPolicy"), -// Policy: *pulumi.String(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.Json), +// Policy: pulumi.String(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicy.Json), // Role: aWSCloudFormationStackSetExecutionRole.Name, // }) // if err != nil { diff --git a/sdk/go/aws/cloudfront/getLogDeliveryCanonicalUserId.go b/sdk/go/aws/cloudfront/getLogDeliveryCanonicalUserId.go index 74cc8f01b2f..c2dce57a41e 100644 --- a/sdk/go/aws/cloudfront/getLogDeliveryCanonicalUserId.go +++ b/sdk/go/aws/cloudfront/getLogDeliveryCanonicalUserId.go @@ -46,7 +46,7 @@ import ( // Grants: s3.BucketAclV2AccessControlPolicyGrantArray{ // &s3.BucketAclV2AccessControlPolicyGrantArgs{ // Grantee: &s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{ -// Id: *pulumi.String(example.Id), +// Id: pulumi.String(example.Id), // Type: pulumi.String("CanonicalUser"), // }, // Permission: pulumi.String("FULL_CONTROL"), diff --git a/sdk/go/aws/cloudfront/originAccessIdentity.go b/sdk/go/aws/cloudfront/originAccessIdentity.go index c3aecb1989a..eb0d5c2295a 100644 --- a/sdk/go/aws/cloudfront/originAccessIdentity.go +++ b/sdk/go/aws/cloudfront/originAccessIdentity.go @@ -135,7 +135,7 @@ import ( // } // _, err = s3.NewBucketPolicy(ctx, "example", &s3.BucketPolicyArgs{ // Bucket: pulumi.Any(exampleAwsS3Bucket.Id), -// Policy: *pulumi.String(s3Policy.Json), +// Policy: pulumi.String(s3Policy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudfront/realtimeLogConfig.go b/sdk/go/aws/cloudfront/realtimeLogConfig.go index 25e400eca16..cc73820e158 100644 --- a/sdk/go/aws/cloudfront/realtimeLogConfig.go +++ b/sdk/go/aws/cloudfront/realtimeLogConfig.go @@ -52,7 +52,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("cloudfront-realtime-log-config-example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -79,7 +79,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{ // Name: pulumi.String("cloudfront-realtime-log-config-example"), // Role: exampleRole.ID(), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudhsmv2/hsm.go b/sdk/go/aws/cloudhsmv2/hsm.go index 32ddfb52d9d..b9a102cfd4d 100644 --- a/sdk/go/aws/cloudhsmv2/hsm.go +++ b/sdk/go/aws/cloudhsmv2/hsm.go @@ -38,8 +38,8 @@ import ( // return err // } // _, err = cloudhsmv2.NewHsm(ctx, "cloudhsm_v2_hsm", &cloudhsmv2.HsmArgs{ -// SubnetId: *pulumi.String(cluster.SubnetIds[0]), -// ClusterId: *pulumi.String(cluster.ClusterId), +// SubnetId: pulumi.String(cluster.SubnetIds[0]), +// ClusterId: pulumi.String(cluster.ClusterId), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudsearch/domainServiceAccessPolicy.go b/sdk/go/aws/cloudsearch/domainServiceAccessPolicy.go index c85fceb7dcb..4f1eef077c0 100644 --- a/sdk/go/aws/cloudsearch/domainServiceAccessPolicy.go +++ b/sdk/go/aws/cloudsearch/domainServiceAccessPolicy.go @@ -72,7 +72,7 @@ import ( // } // _, err = cloudsearch.NewDomainServiceAccessPolicy(ctx, "example", &cloudsearch.DomainServiceAccessPolicyArgs{ // DomainName: exampleDomain.ID(), -// AccessPolicy: *pulumi.String(example.Json), +// AccessPolicy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudtrail/eventDataStore.go b/sdk/go/aws/cloudtrail/eventDataStore.go index 69c20d1ca54..37ef1c9b939 100644 --- a/sdk/go/aws/cloudtrail/eventDataStore.go +++ b/sdk/go/aws/cloudtrail/eventDataStore.go @@ -103,7 +103,7 @@ import ( // &cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{ // Field: pulumi.String("resources.ARN"), // Equals: pulumi.StringArray{ -// *pulumi.String(table.Arn), +// pulumi.String(table.Arn), // }, // }, // }, diff --git a/sdk/go/aws/cloudwatch/eventBus.go b/sdk/go/aws/cloudwatch/eventBus.go index edce4ee998b..5c670a80c2e 100644 --- a/sdk/go/aws/cloudwatch/eventBus.go +++ b/sdk/go/aws/cloudwatch/eventBus.go @@ -63,8 +63,8 @@ import ( // return err // } // _, err = cloudwatch.NewEventBus(ctx, "examplepartner", &cloudwatch.EventBusArgs{ -// Name: *pulumi.String(examplepartner.Name), -// EventSourceName: *pulumi.String(examplepartner.Name), +// Name: pulumi.String(examplepartner.Name), +// EventSourceName: pulumi.String(examplepartner.Name), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudwatch/eventBusPolicy.go b/sdk/go/aws/cloudwatch/eventBusPolicy.go index 8f5600790c9..743a3fc9462 100644 --- a/sdk/go/aws/cloudwatch/eventBusPolicy.go +++ b/sdk/go/aws/cloudwatch/eventBusPolicy.go @@ -62,7 +62,7 @@ import ( // return err // } // _, err = cloudwatch.NewEventBusPolicy(ctx, "test", &cloudwatch.EventBusPolicyArgs{ -// Policy: *pulumi.String(test.Json), +// Policy: pulumi.String(test.Json), // EventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name), // }) // if err != nil { @@ -129,7 +129,7 @@ import ( // return err // } // _, err = cloudwatch.NewEventBusPolicy(ctx, "test", &cloudwatch.EventBusPolicyArgs{ -// Policy: *pulumi.String(test.Json), +// Policy: pulumi.String(test.Json), // EventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name), // }) // if err != nil { @@ -213,7 +213,7 @@ import ( // return err // } // _, err = cloudwatch.NewEventBusPolicy(ctx, "test", &cloudwatch.EventBusPolicyArgs{ -// Policy: *pulumi.String(test.Json), +// Policy: pulumi.String(test.Json), // EventBusName: pulumi.Any(testAwsCloudwatchEventBus.Name), // }) // if err != nil { diff --git a/sdk/go/aws/cloudwatch/eventTarget.go b/sdk/go/aws/cloudwatch/eventTarget.go index 22c55e2d4ae..acaf8a2c83c 100644 --- a/sdk/go/aws/cloudwatch/eventTarget.go +++ b/sdk/go/aws/cloudwatch/eventTarget.go @@ -196,7 +196,7 @@ import ( // }, nil) // ssmLifecycleRole, err := iam.NewRole(ctx, "ssm_lifecycle", &iam.RoleArgs{ // Name: pulumi.String("SSMLifecycle"), -// AssumeRolePolicy: *pulumi.String(ssmLifecycleTrust.Json), +// AssumeRolePolicy: pulumi.String(ssmLifecycleTrust.Json), // }) // if err != nil { // return err @@ -340,7 +340,7 @@ import ( // } // ecsEvents, err := iam.NewRole(ctx, "ecs_events", &iam.RoleArgs{ // Name: pulumi.String("ecs_events"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -381,7 +381,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "ecs_events_run_task_with_any_role", &iam.RolePolicyArgs{ // Name: pulumi.String("ecs_events_run_task_with_any_role"), // Role: ecsEvents.ID(), -// Policy: *pulumi.String(ecsEventsRunTaskWithAnyRole.Json), +// Policy: pulumi.String(ecsEventsRunTaskWithAnyRole.Json), // }) // if err != nil { // return err @@ -519,7 +519,7 @@ import ( // } // eventBusInvokeRemoteEventBusRole, err := iam.NewRole(ctx, "event_bus_invoke_remote_event_bus", &iam.RoleArgs{ // Name: pulumi.String("event-bus-invoke-remote-event-bus"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -542,7 +542,7 @@ import ( // } // eventBusInvokeRemoteEventBusPolicy, err := iam.NewPolicy(ctx, "event_bus_invoke_remote_event_bus", &iam.PolicyArgs{ // Name: pulumi.String("event_bus_invoke_remote_event_bus"), -// Policy: *pulumi.String(eventBusInvokeRemoteEventBus.Json), +// Policy: pulumi.String(eventBusInvokeRemoteEventBus.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudwatch/getLogDataProtectionPolicyDocument.go b/sdk/go/aws/cloudwatch/getLogDataProtectionPolicyDocument.go index 20b62c94030..f48f66de297 100644 --- a/sdk/go/aws/cloudwatch/getLogDataProtectionPolicyDocument.go +++ b/sdk/go/aws/cloudwatch/getLogDataProtectionPolicyDocument.go @@ -74,7 +74,7 @@ import ( // } // _, err = cloudwatch.NewLogDataProtectionPolicy(ctx, "example", &cloudwatch.LogDataProtectionPolicyArgs{ // LogGroupName: pulumi.Any(exampleAwsCloudwatchLogGroup.Name), -// PolicyDocument: *pulumi.String(example.Json), +// PolicyDocument: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cloudwatch/logResourcePolicy.go b/sdk/go/aws/cloudwatch/logResourcePolicy.go index fbf695f3061..d8f70ae9ad0 100644 --- a/sdk/go/aws/cloudwatch/logResourcePolicy.go +++ b/sdk/go/aws/cloudwatch/logResourcePolicy.go @@ -58,7 +58,7 @@ import ( // return err // } // _, err = cloudwatch.NewLogResourcePolicy(ctx, "elasticsearch-log-publishing-policy", &cloudwatch.LogResourcePolicyArgs{ -// PolicyDocument: *pulumi.String(elasticsearch_log_publishing_policy.Json), +// PolicyDocument: pulumi.String(elasticsearch_log_publishing_policy.Json), // PolicyName: pulumi.String("elasticsearch-log-publishing-policy"), // }) // if err != nil { @@ -112,7 +112,7 @@ import ( // return err // } // _, err = cloudwatch.NewLogResourcePolicy(ctx, "route53-query-logging-policy", &cloudwatch.LogResourcePolicyArgs{ -// PolicyDocument: *pulumi.String(route53_query_logging_policy.Json), +// PolicyDocument: pulumi.String(route53_query_logging_policy.Json), // PolicyName: pulumi.String("route53-query-logging-policy"), // }) // if err != nil { diff --git a/sdk/go/aws/cloudwatch/metricStream.go b/sdk/go/aws/cloudwatch/metricStream.go index 281e45de0a5..bc885f5e193 100644 --- a/sdk/go/aws/cloudwatch/metricStream.go +++ b/sdk/go/aws/cloudwatch/metricStream.go @@ -60,7 +60,7 @@ import ( // } // metricStreamToFirehoseRole, err := iam.NewRole(ctx, "metric_stream_to_firehose", &iam.RoleArgs{ // Name: pulumi.String("metric_stream_to_firehose_role"), -// AssumeRolePolicy: *pulumi.String(streamsAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(streamsAssumeRole.Json), // }) // if err != nil { // return err @@ -93,7 +93,7 @@ import ( // return err // } // firehoseToS3Role, err := iam.NewRole(ctx, "firehose_to_s3", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(firehoseAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(firehoseAssumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/codebuild/project.go b/sdk/go/aws/codebuild/project.go index ffa6ac5b506..bfb39c42efe 100644 --- a/sdk/go/aws/codebuild/project.go +++ b/sdk/go/aws/codebuild/project.go @@ -68,7 +68,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/codebuild/reportGroup.go b/sdk/go/aws/codebuild/reportGroup.go index dfa0d58cbef..ec32ecf75a1 100644 --- a/sdk/go/aws/codebuild/reportGroup.go +++ b/sdk/go/aws/codebuild/reportGroup.go @@ -67,7 +67,7 @@ import ( // exampleKey, err := kms.NewKey(ctx, "example", &kms.KeyArgs{ // Description: pulumi.String("my test kms key"), // DeletionWindowInDays: pulumi.Int(7), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/codedeploy/deploymentGroup.go b/sdk/go/aws/codedeploy/deploymentGroup.go index f47c0322917..ff09de7fa57 100644 --- a/sdk/go/aws/codedeploy/deploymentGroup.go +++ b/sdk/go/aws/codedeploy/deploymentGroup.go @@ -56,7 +56,7 @@ import ( // } // example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/codepipeline/pipeline.go b/sdk/go/aws/codepipeline/pipeline.go index 309213c577a..7ddde2dbed0 100644 --- a/sdk/go/aws/codepipeline/pipeline.go +++ b/sdk/go/aws/codepipeline/pipeline.go @@ -71,7 +71,7 @@ import ( // } // codepipelineRole, err := iam.NewRole(ctx, "codepipeline_role", &iam.RoleArgs{ // Name: pulumi.String("test-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -90,7 +90,7 @@ import ( // Location: codepipelineBucket.Bucket, // Type: pulumi.String("S3"), // EncryptionKey: &codepipeline.PipelineArtifactStoreEncryptionKeyArgs{ -// Id: *pulumi.String(s3kmskey.Arn), +// Id: pulumi.String(s3kmskey.Arn), // Type: pulumi.String("KMS"), // }, // }, diff --git a/sdk/go/aws/cognito/getUserPools.go b/sdk/go/aws/cognito/getUserPools.go index 92486deda69..994df075dd1 100644 --- a/sdk/go/aws/cognito/getUserPools.go +++ b/sdk/go/aws/cognito/getUserPools.go @@ -44,7 +44,7 @@ import ( // _, err = apigateway.NewAuthorizer(ctx, "cognito", &apigateway.AuthorizerArgs{ // Name: pulumi.String("cognito"), // Type: pulumi.String("COGNITO_USER_POOLS"), -// RestApi: *pulumi.String(selected.Id), +// RestApi: pulumi.String(selected.Id), // ProviderArns: interface{}(selectedGetUserPools.Arns), // }) // if err != nil { diff --git a/sdk/go/aws/cognito/managedUserPoolClient.go b/sdk/go/aws/cognito/managedUserPoolClient.go index 9f55d0e8971..fed6256148d 100644 --- a/sdk/go/aws/cognito/managedUserPoolClient.go +++ b/sdk/go/aws/cognito/managedUserPoolClient.go @@ -88,7 +88,7 @@ import ( // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example-role"), // Path: pulumi.String("/service-role/"), -// AssumeRolePolicy: *pulumi.String(example.Json), +// AssumeRolePolicy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cognito/userGroup.go b/sdk/go/aws/cognito/userGroup.go index 6db3b29e894..3e6aed04312 100644 --- a/sdk/go/aws/cognito/userGroup.go +++ b/sdk/go/aws/cognito/userGroup.go @@ -75,7 +75,7 @@ import ( // } // groupRoleRole, err := iam.NewRole(ctx, "group_role", &iam.RoleArgs{ // Name: pulumi.String("user-group-role"), -// AssumeRolePolicy: *pulumi.String(groupRole.Json), +// AssumeRolePolicy: pulumi.String(groupRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cognito/userPoolClient.go b/sdk/go/aws/cognito/userPoolClient.go index 194d4b8f0cc..3ac196e4672 100644 --- a/sdk/go/aws/cognito/userPoolClient.go +++ b/sdk/go/aws/cognito/userPoolClient.go @@ -148,7 +148,7 @@ import ( // } // testRole, err := iam.NewRole(ctx, "test", &iam.RoleArgs{ // Name: pulumi.String("role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/cognito/userPoolDomain.go b/sdk/go/aws/cognito/userPoolDomain.go index e658f6c27c1..6d8fa10fec6 100644 --- a/sdk/go/aws/cognito/userPoolDomain.go +++ b/sdk/go/aws/cognito/userPoolDomain.go @@ -89,8 +89,8 @@ import ( // } // _, err = route53.NewRecord(ctx, "auth-cognito-A", &route53.RecordArgs{ // Name: main.Domain, -// Type: pulumi.String("A"), -// ZoneId: *pulumi.String(example.ZoneId), +// Type: pulumi.String(route53.RecordTypeA), +// ZoneId: pulumi.String(example.ZoneId), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ // EvaluateTargetHealth: pulumi.Bool(false), diff --git a/sdk/go/aws/connect/botAssociation.go b/sdk/go/aws/connect/botAssociation.go index 37e911ace59..6645110cd8f 100644 --- a/sdk/go/aws/connect/botAssociation.go +++ b/sdk/go/aws/connect/botAssociation.go @@ -119,7 +119,7 @@ import ( // _, err = connect.NewBotAssociation(ctx, "example", &connect.BotAssociationArgs{ // InstanceId: pulumi.Any(exampleAwsConnectInstance.Id), // LexBot: &connect.BotAssociationLexBotArgs{ -// LexRegion: *pulumi.String(current.Name), +// LexRegion: pulumi.String(current.Name), // Name: exampleBot.Name, // }, // }) diff --git a/sdk/go/aws/directconnect/hostedPrivateVirtualInterfaceAccepter.go b/sdk/go/aws/directconnect/hostedPrivateVirtualInterfaceAccepter.go index e253162f052..1772682cf75 100644 --- a/sdk/go/aws/directconnect/hostedPrivateVirtualInterfaceAccepter.go +++ b/sdk/go/aws/directconnect/hostedPrivateVirtualInterfaceAccepter.go @@ -39,7 +39,7 @@ import ( // // Creator's side of the VIF // creator, err := directconnect.NewHostedPrivateVirtualInterface(ctx, "creator", &directconnect.HostedPrivateVirtualInterfaceArgs{ // ConnectionId: pulumi.String("dxcon-zzzzzzzz"), -// OwnerAccountId: *pulumi.String(accepter.AccountId), +// OwnerAccountId: pulumi.String(accepter.AccountId), // Name: pulumi.String("vif-foo"), // Vlan: pulumi.Int(4094), // AddressFamily: pulumi.String("ipv4"), diff --git a/sdk/go/aws/directconnect/hostedPublicVirtualInterfaceAccepter.go b/sdk/go/aws/directconnect/hostedPublicVirtualInterfaceAccepter.go index 17483d582ab..da336cd1350 100644 --- a/sdk/go/aws/directconnect/hostedPublicVirtualInterfaceAccepter.go +++ b/sdk/go/aws/directconnect/hostedPublicVirtualInterfaceAccepter.go @@ -38,7 +38,7 @@ import ( // // Creator's side of the VIF // creator, err := directconnect.NewHostedPublicVirtualInterface(ctx, "creator", &directconnect.HostedPublicVirtualInterfaceArgs{ // ConnectionId: pulumi.String("dxcon-zzzzzzzz"), -// OwnerAccountId: *pulumi.String(accepter.AccountId), +// OwnerAccountId: pulumi.String(accepter.AccountId), // Name: pulumi.String("vif-foo"), // Vlan: pulumi.Int(4094), // AddressFamily: pulumi.String("ipv4"), diff --git a/sdk/go/aws/directconnect/hostedTransitVirtualInterfaceAcceptor.go b/sdk/go/aws/directconnect/hostedTransitVirtualInterfaceAcceptor.go index e54d08e4a37..6e1c84c4dc9 100644 --- a/sdk/go/aws/directconnect/hostedTransitVirtualInterfaceAcceptor.go +++ b/sdk/go/aws/directconnect/hostedTransitVirtualInterfaceAcceptor.go @@ -40,7 +40,7 @@ import ( // // Creator's side of the VIF // creator, err := directconnect.NewHostedTransitVirtualInterface(ctx, "creator", &directconnect.HostedTransitVirtualInterfaceArgs{ // ConnectionId: pulumi.String("dxcon-zzzzzzzz"), -// OwnerAccountId: *pulumi.String(accepter.AccountId), +// OwnerAccountId: pulumi.String(accepter.AccountId), // Name: pulumi.String("tf-transit-vif-example"), // Vlan: pulumi.Int(4094), // AddressFamily: pulumi.String("ipv4"), diff --git a/sdk/go/aws/directconnect/macsecKeyAssociation.go b/sdk/go/aws/directconnect/macsecKeyAssociation.go index e8a51a93aea..db35238e02f 100644 --- a/sdk/go/aws/directconnect/macsecKeyAssociation.go +++ b/sdk/go/aws/directconnect/macsecKeyAssociation.go @@ -43,7 +43,7 @@ import ( // return err // } // _, err = directconnect.NewMacsecKeyAssociation(ctx, "test", &directconnect.MacsecKeyAssociationArgs{ -// ConnectionId: *pulumi.String(example.Id), +// ConnectionId: pulumi.String(example.Id), // Ckn: pulumi.String("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"), // Cak: pulumi.String("abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"), // }) @@ -86,8 +86,8 @@ import ( // return err // } // _, err = directconnect.NewMacsecKeyAssociation(ctx, "test", &directconnect.MacsecKeyAssociationArgs{ -// ConnectionId: *pulumi.String(example.Id), -// SecretArn: *pulumi.String(exampleGetSecret.Arn), +// ConnectionId: pulumi.String(example.Id), +// SecretArn: pulumi.String(exampleGetSecret.Arn), // }) // if err != nil { // return err diff --git a/sdk/go/aws/directoryservice/serviceRegion.go b/sdk/go/aws/directoryservice/serviceRegion.go index 6a1f8e49178..9fa537e9aa9 100644 --- a/sdk/go/aws/directoryservice/serviceRegion.go +++ b/sdk/go/aws/directoryservice/serviceRegion.go @@ -150,7 +150,7 @@ import ( // } // _, err = directoryservice.NewServiceRegion(ctx, "example", &directoryservice.ServiceRegionArgs{ // DirectoryId: exampleDirectory.ID(), -// RegionName: *pulumi.String(example.Name), +// RegionName: pulumi.String(example.Name), // VpcSettings: &directoryservice.ServiceRegionVpcSettingsArgs{ // VpcId: example_secondary.ID(), // SubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:87,17-46), diff --git a/sdk/go/aws/dlm/lifecyclePolicy.go b/sdk/go/aws/dlm/lifecyclePolicy.go index 60a5919e9f6..763b1d892d1 100644 --- a/sdk/go/aws/dlm/lifecyclePolicy.go +++ b/sdk/go/aws/dlm/lifecyclePolicy.go @@ -55,7 +55,7 @@ import ( // } // dlmLifecycleRole, err := iam.NewRole(ctx, "dlm_lifecycle_role", &iam.RoleArgs{ // Name: pulumi.String("dlm-lifecycle-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -93,7 +93,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "dlm_lifecycle", &iam.RolePolicyArgs{ // Name: pulumi.String("dlm-lifecycle-policy"), // Role: dlmLifecycleRole.ID(), -// Policy: *pulumi.String(dlmLifecycle.Json), +// Policy: pulumi.String(dlmLifecycle.Json), // }) // if err != nil { // return err @@ -188,7 +188,7 @@ import ( // } // dlmCrossRegionCopyCmk, err := kms.NewKey(ctx, "dlm_cross_region_copy_cmk", &kms.KeyArgs{ // Description: pulumi.String("Example Alternate Region KMS Key"), -// Policy: *pulumi.String(key.Json), +// Policy: pulumi.String(key.Json), // }) // if err != nil { // return err @@ -288,7 +288,7 @@ import ( // DescriptionRegex: pulumi.String("^.*Created for policy: policy-1234567890abcdef0.*$"), // EventType: pulumi.String("shareSnapshot"), // SnapshotOwners: pulumi.StringArray{ -// *pulumi.String(current.AccountId), +// pulumi.String(current.AccountId), // }, // }, // }, @@ -305,7 +305,7 @@ import ( // } // _, err = iam.NewRolePolicyAttachment(ctx, "example", &iam.RolePolicyAttachmentArgs{ // Role: pulumi.Any(exampleAwsIamRole.Id), -// PolicyArn: *pulumi.String(example.Arn), +// PolicyArn: pulumi.String(example.Arn), // }) // if err != nil { // return err diff --git a/sdk/go/aws/dms/replicationInstance.go b/sdk/go/aws/dms/replicationInstance.go index e38e9097291..9d9919e74fb 100644 --- a/sdk/go/aws/dms/replicationInstance.go +++ b/sdk/go/aws/dms/replicationInstance.go @@ -59,7 +59,7 @@ import ( // return err // } // _, err = iam.NewRole(ctx, "dms-access-for-endpoint", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(dmsAssumeRole.Json), // Name: pulumi.String("dms-access-for-endpoint"), // }) // if err != nil { @@ -73,7 +73,7 @@ import ( // return err // } // _, err = iam.NewRole(ctx, "dms-cloudwatch-logs-role", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(dmsAssumeRole.Json), // Name: pulumi.String("dms-cloudwatch-logs-role"), // }) // if err != nil { @@ -87,7 +87,7 @@ import ( // return err // } // _, err = iam.NewRole(ctx, "dms-vpc-role", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(dmsAssumeRole.Json), // Name: pulumi.String("dms-vpc-role"), // }) // if err != nil { diff --git a/sdk/go/aws/dynamodb/table.go b/sdk/go/aws/dynamodb/table.go index 6b670894f25..060abcc275f 100644 --- a/sdk/go/aws/dynamodb/table.go +++ b/sdk/go/aws/dynamodb/table.go @@ -193,10 +193,10 @@ import ( // }, // Replicas: dynamodb.TableReplicaTypeArray{ // &dynamodb.TableReplicaTypeArgs{ -// RegionName: *pulumi.String(alternate.Name), +// RegionName: pulumi.String(alternate.Name), // }, // &dynamodb.TableReplicaTypeArgs{ -// RegionName: *pulumi.String(third.Name), +// RegionName: pulumi.String(third.Name), // PropagateTags: pulumi.Bool(true), // }, // }, diff --git a/sdk/go/aws/dynamodb/tag.go b/sdk/go/aws/dynamodb/tag.go index dacbfbc3938..690bd137803 100644 --- a/sdk/go/aws/dynamodb/tag.go +++ b/sdk/go/aws/dynamodb/tag.go @@ -46,7 +46,7 @@ import ( // example, err := dynamodb.NewTable(ctx, "example", &dynamodb.TableArgs{ // Replicas: dynamodb.TableReplicaTypeArray{ // &dynamodb.TableReplicaTypeArgs{ -// RegionName: *pulumi.String(replica.Name), +// RegionName: pulumi.String(replica.Name), // }, // }, // }) diff --git a/sdk/go/aws/ebs/getDefaultKmsKey.go b/sdk/go/aws/ebs/getDefaultKmsKey.go index ebeef34825b..bec1619ddf1 100644 --- a/sdk/go/aws/ebs/getDefaultKmsKey.go +++ b/sdk/go/aws/ebs/getDefaultKmsKey.go @@ -35,7 +35,7 @@ import ( // _, err = ebs.NewVolume(ctx, "example", &ebs.VolumeArgs{ // AvailabilityZone: pulumi.String("us-west-2a"), // Encrypted: pulumi.Bool(true), -// KmsKeyId: *pulumi.String(current.KeyArn), +// KmsKeyId: pulumi.String(current.KeyArn), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/amiLaunchPermission.go b/sdk/go/aws/ec2/amiLaunchPermission.go index adbe0283005..0f3c1e2ca76 100644 --- a/sdk/go/aws/ec2/amiLaunchPermission.go +++ b/sdk/go/aws/ec2/amiLaunchPermission.go @@ -96,7 +96,7 @@ import ( // } // _, err = ec2.NewAmiLaunchPermission(ctx, "example", &ec2.AmiLaunchPermissionArgs{ // ImageId: pulumi.String("ami-12345678"), -// OrganizationArn: *pulumi.String(current.Arn), +// OrganizationArn: pulumi.String(current.Arn), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/capacityReservation.go b/sdk/go/aws/ec2/capacityReservation.go index 549bc1e8873..3398c8a1e2d 100644 --- a/sdk/go/aws/ec2/capacityReservation.go +++ b/sdk/go/aws/ec2/capacityReservation.go @@ -30,8 +30,8 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := ec2.NewCapacityReservation(ctx, "default", &ec2.CapacityReservationArgs{ -// InstanceType: pulumi.String("t2.micro"), -// InstancePlatform: pulumi.String("Linux/UNIX"), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), +// InstancePlatform: pulumi.String(ec2.InstancePlatformLinuxUnix), // AvailabilityZone: pulumi.String("eu-west-1a"), // InstanceCount: pulumi.Int(1), // }) diff --git a/sdk/go/aws/ec2/eip.go b/sdk/go/aws/ec2/eip.go index 264be896f44..c9f60f87a2a 100644 --- a/sdk/go/aws/ec2/eip.go +++ b/sdk/go/aws/ec2/eip.go @@ -134,7 +134,7 @@ import ( // } // foo, err := ec2.NewInstance(ctx, "foo", &ec2.InstanceArgs{ // Ami: pulumi.String("ami-5189a661"), -// InstanceType: pulumi.String("t2.micro"), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // PrivateIp: pulumi.String("10.0.0.12"), // SubnetId: myTestSubnet.ID(), // }) diff --git a/sdk/go/aws/ec2/eipAssociation.go b/sdk/go/aws/ec2/eipAssociation.go index d60f3c668f0..3181f0ce76a 100644 --- a/sdk/go/aws/ec2/eipAssociation.go +++ b/sdk/go/aws/ec2/eipAssociation.go @@ -37,7 +37,7 @@ import ( // web, err := ec2.NewInstance(ctx, "web", &ec2.InstanceArgs{ // Ami: pulumi.String("ami-21f78e11"), // AvailabilityZone: pulumi.String("us-west-2a"), -// InstanceType: pulumi.String("t2.micro"), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // Tags: pulumi.StringMap{ // "Name": pulumi.String("HelloWorld"), // }, diff --git a/sdk/go/aws/ec2/flowLog.go b/sdk/go/aws/ec2/flowLog.go index 0f3afd26fe8..3e585e317d0 100644 --- a/sdk/go/aws/ec2/flowLog.go +++ b/sdk/go/aws/ec2/flowLog.go @@ -62,7 +62,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -99,7 +99,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{ // Name: pulumi.String("example"), // Role: exampleRole.ID(), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/getCustomerGateway.go b/sdk/go/aws/ec2/getCustomerGateway.go index eb35c8204c4..e408b783602 100644 --- a/sdk/go/aws/ec2/getCustomerGateway.go +++ b/sdk/go/aws/ec2/getCustomerGateway.go @@ -50,8 +50,8 @@ import ( // } // _, err = ec2.NewVpnConnection(ctx, "transit", &ec2.VpnConnectionArgs{ // VpnGatewayId: main.ID(), -// CustomerGatewayId: *pulumi.String(foo.Id), -// Type: *pulumi.String(foo.Type), +// CustomerGatewayId: pulumi.String(foo.Id), +// Type: pulumi.String(foo.Type), // StaticRoutesOnly: pulumi.Bool(false), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/getIpamPreviewNextCidr.go b/sdk/go/aws/ec2/getIpamPreviewNextCidr.go index a195f3ce61c..8a1bdecb29a 100644 --- a/sdk/go/aws/ec2/getIpamPreviewNextCidr.go +++ b/sdk/go/aws/ec2/getIpamPreviewNextCidr.go @@ -41,7 +41,7 @@ import ( // } // _, err = ec2.NewVpcIpamPoolCidrAllocation(ctx, "test", &ec2.VpcIpamPoolCidrAllocationArgs{ // IpamPoolId: pulumi.Any(testAwsVpcIpamPool.Id), -// Cidr: *pulumi.String(test.Cidr), +// Cidr: pulumi.String(test.Cidr), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/getRouteTable.go b/sdk/go/aws/ec2/getRouteTable.go index 4c4b9db9656..26783921aa5 100644 --- a/sdk/go/aws/ec2/getRouteTable.go +++ b/sdk/go/aws/ec2/getRouteTable.go @@ -42,7 +42,7 @@ import ( // return err // } // _, err = ec2.NewRoute(ctx, "route", &ec2.RouteArgs{ -// RouteTableId: *pulumi.String(selected.Id), +// RouteTableId: pulumi.String(selected.Id), // DestinationCidrBlock: pulumi.String("10.0.1.0/22"), // VpcPeeringConnectionId: pulumi.String("pcx-45ff3dc1"), // }) diff --git a/sdk/go/aws/ec2/getSecurityGroup.go b/sdk/go/aws/ec2/getSecurityGroup.go index d9cec765669..b9ef8fec735 100644 --- a/sdk/go/aws/ec2/getSecurityGroup.go +++ b/sdk/go/aws/ec2/getSecurityGroup.go @@ -45,7 +45,7 @@ import ( // return err // } // _, err = ec2.NewSubnet(ctx, "subnet", &ec2.SubnetArgs{ -// VpcId: *pulumi.String(selected.VpcId), +// VpcId: pulumi.String(selected.VpcId), // CidrBlock: pulumi.String("10.0.1.0/24"), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/getSubnet.go b/sdk/go/aws/ec2/getSubnet.go index fb19f59ea57..fd76c5af2bd 100644 --- a/sdk/go/aws/ec2/getSubnet.go +++ b/sdk/go/aws/ec2/getSubnet.go @@ -42,11 +42,11 @@ import ( // return err // } // _, err = ec2.NewSecurityGroup(ctx, "subnet", &ec2.SecurityGroupArgs{ -// VpcId: *pulumi.String(selected.VpcId), +// VpcId: pulumi.String(selected.VpcId), // Ingress: ec2.SecurityGroupIngressArray{ // &ec2.SecurityGroupIngressArgs{ // CidrBlocks: pulumi.StringArray{ -// *pulumi.String(selected.CidrBlock), +// pulumi.String(selected.CidrBlock), // }, // FromPort: pulumi.Int(80), // ToPort: pulumi.Int(80), diff --git a/sdk/go/aws/ec2/getVpc.go b/sdk/go/aws/ec2/getVpc.go index 9d544a22e93..c4e3f5f2615 100644 --- a/sdk/go/aws/ec2/getVpc.go +++ b/sdk/go/aws/ec2/getVpc.go @@ -55,7 +55,7 @@ import ( // return err // } // _, err = ec2.NewSubnet(ctx, "example", &ec2.SubnetArgs{ -// VpcId: *pulumi.String(selected.Id), +// VpcId: pulumi.String(selected.Id), // AvailabilityZone: pulumi.String("us-west-2a"), // CidrBlock: invokeCidrsubnet.Result, // }) diff --git a/sdk/go/aws/ec2/getVpcEndpoint.go b/sdk/go/aws/ec2/getVpcEndpoint.go index ab6474d576a..912d47d32fb 100644 --- a/sdk/go/aws/ec2/getVpcEndpoint.go +++ b/sdk/go/aws/ec2/getVpcEndpoint.go @@ -38,7 +38,7 @@ import ( // return err // } // _, err = ec2.NewVpcEndpointRouteTableAssociation(ctx, "private_s3", &ec2.VpcEndpointRouteTableAssociationArgs{ -// VpcEndpointId: *pulumi.String(s3.Id), +// VpcEndpointId: pulumi.String(s3.Id), // RouteTableId: pulumi.Any(private.Id), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/getVpcEndpointService.go b/sdk/go/aws/ec2/getVpcEndpointService.go index f0ef55b977f..607efb931f5 100644 --- a/sdk/go/aws/ec2/getVpcEndpointService.go +++ b/sdk/go/aws/ec2/getVpcEndpointService.go @@ -49,7 +49,7 @@ import ( // // Create a VPC endpoint // _, err = ec2.NewVpcEndpoint(ctx, "ep", &ec2.VpcEndpointArgs{ // VpcId: foo.ID(), -// ServiceName: *pulumi.String(s3.ServiceName), +// ServiceName: pulumi.String(s3.ServiceName), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/getVpcIamPool.go b/sdk/go/aws/ec2/getVpcIamPool.go index 5d777258252..eb152056093 100644 --- a/sdk/go/aws/ec2/getVpcIamPool.go +++ b/sdk/go/aws/ec2/getVpcIamPool.go @@ -56,7 +56,7 @@ import ( // return err // } // _, err = ec2.NewVpc(ctx, "test", &ec2.VpcArgs{ -// Ipv4IpamPoolId: *pulumi.String(test.Id), +// Ipv4IpamPoolId: pulumi.String(test.Id), // Ipv4NetmaskLength: pulumi.Int(28), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/getVpcIpamPool.go b/sdk/go/aws/ec2/getVpcIpamPool.go index 205934be96b..36d98fc670e 100644 --- a/sdk/go/aws/ec2/getVpcIpamPool.go +++ b/sdk/go/aws/ec2/getVpcIpamPool.go @@ -56,7 +56,7 @@ import ( // return err // } // _, err = ec2.NewVpc(ctx, "test", &ec2.VpcArgs{ -// Ipv4IpamPoolId: *pulumi.String(test.Id), +// Ipv4IpamPoolId: pulumi.String(test.Id), // Ipv4NetmaskLength: pulumi.Int(28), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/getVpcPeeringConnection.go b/sdk/go/aws/ec2/getVpcPeeringConnection.go index 89dea2cfbbd..6d22e029b68 100644 --- a/sdk/go/aws/ec2/getVpcPeeringConnection.go +++ b/sdk/go/aws/ec2/getVpcPeeringConnection.go @@ -47,8 +47,8 @@ import ( // // Create a route // _, err = ec2.NewRoute(ctx, "r", &ec2.RouteArgs{ // RouteTableId: rt.ID(), -// DestinationCidrBlock: *pulumi.String(pc.PeerCidrBlock), -// VpcPeeringConnectionId: *pulumi.String(pc.Id), +// DestinationCidrBlock: pulumi.String(pc.PeerCidrBlock), +// VpcPeeringConnectionId: pulumi.String(pc.Id), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/instance.go b/sdk/go/aws/ec2/instance.go index f4794df9661..dee4a15f73e 100644 --- a/sdk/go/aws/ec2/instance.go +++ b/sdk/go/aws/ec2/instance.go @@ -54,8 +54,8 @@ import ( // return err // } // _, err = ec2.NewInstance(ctx, "web", &ec2.InstanceArgs{ -// Ami: *pulumi.String(ubuntu.Id), -// InstanceType: pulumi.String("t3.micro"), +// Ami: pulumi.String(ubuntu.Id), +// InstanceType: pulumi.String(ec2.InstanceType_T3_Micro), // Tags: pulumi.StringMap{ // "Name": pulumi.String("HelloWorld"), // }, @@ -109,13 +109,13 @@ import ( // return err // } // _, err = ec2.NewInstance(ctx, "this", &ec2.InstanceArgs{ -// Ami: *pulumi.String(this.Id), +// Ami: pulumi.String(this.Id), // InstanceMarketOptions: &ec2.InstanceInstanceMarketOptionsArgs{ // SpotOptions: &ec2.InstanceInstanceMarketOptionsSpotOptionsArgs{ // MaxPrice: pulumi.String("0.0031"), // }, // }, -// InstanceType: pulumi.String("t4g.nano"), +// InstanceType: pulumi.String(ec2.InstanceType_T4g_Nano), // Tags: pulumi.StringMap{ // "Name": pulumi.String("test-spot"), // }, @@ -179,7 +179,7 @@ import ( // } // _, err = ec2.NewInstance(ctx, "foo", &ec2.InstanceArgs{ // Ami: pulumi.String("ami-005e54dee72cc1d00"), -// InstanceType: pulumi.String("t2.micro"), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // NetworkInterfaces: ec2.InstanceNetworkInterfaceArray{ // &ec2.InstanceNetworkInterfaceArgs{ // NetworkInterfaceId: foo.ID(), @@ -253,8 +253,8 @@ import ( // return err // } // _, err = ec2.NewInstance(ctx, "example", &ec2.InstanceArgs{ -// Ami: *pulumi.String(amzn_linux_2023_ami.Id), -// InstanceType: pulumi.String("c6a.2xlarge"), +// Ami: pulumi.String(amzn_linux_2023_ami.Id), +// InstanceType: pulumi.String(ec2.InstanceType_C6a_2XLarge), // SubnetId: exampleSubnet.ID(), // CpuOptions: &ec2.InstanceCpuOptionsArgs{ // CoreCount: pulumi.Int(2), @@ -295,7 +295,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := ec2.NewInstance(ctx, "this", &ec2.InstanceArgs{ // Ami: pulumi.String("ami-0dcc1e21636832c5d"), -// InstanceType: pulumi.String("m5.large"), +// InstanceType: pulumi.String(ec2.InstanceType_M5_Large), // HostResourceGroupArn: pulumi.String("arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost"), // Tenancy: pulumi.String("host"), // }) diff --git a/sdk/go/aws/ec2/launchConfiguration.go b/sdk/go/aws/ec2/launchConfiguration.go index 70995b2b0be..47108a887fd 100644 --- a/sdk/go/aws/ec2/launchConfiguration.go +++ b/sdk/go/aws/ec2/launchConfiguration.go @@ -58,7 +58,7 @@ import ( // } // _, err = ec2.NewLaunchConfiguration(ctx, "as_conf", &ec2.LaunchConfigurationArgs{ // Name: pulumi.String("web_config"), -// ImageId: *pulumi.String(ubuntu.Id), +// ImageId: pulumi.String(ubuntu.Id), // InstanceType: pulumi.String("t2.micro"), // }) // if err != nil { @@ -120,7 +120,7 @@ import ( // } // asConf, err := ec2.NewLaunchConfiguration(ctx, "as_conf", &ec2.LaunchConfigurationArgs{ // NamePrefix: pulumi.String("lc-example-"), -// ImageId: *pulumi.String(ubuntu.Id), +// ImageId: pulumi.String(ubuntu.Id), // InstanceType: pulumi.String("t2.micro"), // }) // if err != nil { @@ -193,7 +193,7 @@ import ( // return err // } // asConf, err := ec2.NewLaunchConfiguration(ctx, "as_conf", &ec2.LaunchConfigurationArgs{ -// ImageId: *pulumi.String(ubuntu.Id), +// ImageId: pulumi.String(ubuntu.Id), // InstanceType: pulumi.String("m4.large"), // SpotPrice: pulumi.String("0.001"), // }) diff --git a/sdk/go/aws/ec2/localGatewayRouteTableVpcAssociation.go b/sdk/go/aws/ec2/localGatewayRouteTableVpcAssociation.go index dbf9c1c223f..64e2b97771f 100644 --- a/sdk/go/aws/ec2/localGatewayRouteTableVpcAssociation.go +++ b/sdk/go/aws/ec2/localGatewayRouteTableVpcAssociation.go @@ -42,7 +42,7 @@ import ( // return err // } // _, err = ec2.NewLocalGatewayRouteTableVpcAssociation(ctx, "example", &ec2.LocalGatewayRouteTableVpcAssociationArgs{ -// LocalGatewayRouteTableId: *pulumi.String(example.Id), +// LocalGatewayRouteTableId: pulumi.String(example.Id), // VpcId: exampleVpc.ID(), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/networkInterfaceSecurityGroupAttachment.go b/sdk/go/aws/ec2/networkInterfaceSecurityGroupAttachment.go index 1097d949a8b..d1c0f9f699e 100644 --- a/sdk/go/aws/ec2/networkInterfaceSecurityGroupAttachment.go +++ b/sdk/go/aws/ec2/networkInterfaceSecurityGroupAttachment.go @@ -62,8 +62,8 @@ import ( // return err // } // instance, err := ec2.NewInstance(ctx, "instance", &ec2.InstanceArgs{ -// InstanceType: pulumi.String("t2.micro"), -// Ami: *pulumi.String(ami.Id), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), +// Ami: pulumi.String(ami.Id), // Tags: pulumi.StringMap{ // "type": pulumi.String("test-instance"), // }, @@ -126,7 +126,7 @@ import ( // } // _, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "sg_attachment", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{ // SecurityGroupId: sg.ID(), -// NetworkInterfaceId: *pulumi.String(instance.NetworkInterfaceId), +// NetworkInterfaceId: pulumi.String(instance.NetworkInterfaceId), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/peeringConnectionOptions.go b/sdk/go/aws/ec2/peeringConnectionOptions.go index 2b98a7d6b5a..f3d45b23012 100644 --- a/sdk/go/aws/ec2/peeringConnectionOptions.go +++ b/sdk/go/aws/ec2/peeringConnectionOptions.go @@ -116,7 +116,7 @@ import ( // peerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, "peer", &ec2.VpcPeeringConnectionArgs{ // VpcId: main.ID(), // PeerVpcId: peerVpc.ID(), -// PeerOwnerId: *pulumi.String(peer.AccountId), +// PeerOwnerId: pulumi.String(peer.AccountId), // AutoAccept: pulumi.Bool(false), // Tags: pulumi.StringMap{ // "Side": pulumi.String("Requester"), diff --git a/sdk/go/aws/ec2/placementGroup.go b/sdk/go/aws/ec2/placementGroup.go index 7b4207cb318..0348df53c1a 100644 --- a/sdk/go/aws/ec2/placementGroup.go +++ b/sdk/go/aws/ec2/placementGroup.go @@ -32,7 +32,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := ec2.NewPlacementGroup(ctx, "web", &ec2.PlacementGroupArgs{ // Name: pulumi.String("hunky-dory-pg"), -// Strategy: pulumi.String("cluster"), +// Strategy: pulumi.String(ec2.PlacementStrategyCluster), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/securityGroup.go b/sdk/go/aws/ec2/securityGroup.go index 032041a9419..27b5a96561a 100644 --- a/sdk/go/aws/ec2/securityGroup.go +++ b/sdk/go/aws/ec2/securityGroup.go @@ -284,7 +284,7 @@ import ( // return err // } // _, err = ec2.NewInstance(ctx, "example", &ec2.InstanceArgs{ -// InstanceType: pulumi.String("t3.small"), +// InstanceType: pulumi.String(ec2.InstanceType_T3_Small), // VpcSecurityGroupIds: pulumi.StringArray{ // test.Id, // }, @@ -364,7 +364,7 @@ import ( // Name: pulumi.String("sg"), // Tags: pulumi.StringMap{ // "workaround1": pulumi.String("tagged-name"), -// "workaround2": *pulumi.String(_default.Id), +// "workaround2": pulumi.String(_default.Id), // }, // }) // if err != nil { diff --git a/sdk/go/aws/ec2/securityGroupRule.go b/sdk/go/aws/ec2/securityGroupRule.go index b0c89641b9f..dcabdd4c265 100644 --- a/sdk/go/aws/ec2/securityGroupRule.go +++ b/sdk/go/aws/ec2/securityGroupRule.go @@ -45,7 +45,7 @@ import ( // Type: pulumi.String("ingress"), // FromPort: pulumi.Int(0), // ToPort: pulumi.Int(65535), -// Protocol: pulumi.String("tcp"), +// Protocol: pulumi.String(ec2.ProtocolTypeTCP), // CidrBlocks: pulumi.StringArray{ // exampleAwsVpc.CidrBlock, // }, @@ -145,9 +145,9 @@ import ( // SecurityGroupId: pulumi.String("sg-123456"), // FromPort: pulumi.Int(443), // ToPort: pulumi.Int(443), -// Protocol: pulumi.String("tcp"), +// Protocol: pulumi.String(ec2.ProtocolTypeTCP), // PrefixListIds: pulumi.StringArray{ -// *pulumi.String(s3.Id), +// pulumi.String(s3.Id), // }, // }) // if err != nil { diff --git a/sdk/go/aws/ec2/spotFleetRequest.go b/sdk/go/aws/ec2/spotFleetRequest.go index 987191f46b5..625f02e1e9a 100644 --- a/sdk/go/aws/ec2/spotFleetRequest.go +++ b/sdk/go/aws/ec2/spotFleetRequest.go @@ -228,13 +228,13 @@ import ( // }, // Overrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{ // &ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{ -// SubnetId: *pulumi.String(example.Ids[0]), +// SubnetId: pulumi.String(example.Ids[0]), // }, // &ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{ -// SubnetId: *pulumi.String(example.Ids[1]), +// SubnetId: pulumi.String(example.Ids[1]), // }, // &ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{ -// SubnetId: *pulumi.String(example.Ids[2]), +// SubnetId: pulumi.String(example.Ids[2]), // }, // }, // }, diff --git a/sdk/go/aws/ec2/volumeAttachment.go b/sdk/go/aws/ec2/volumeAttachment.go index 4ec6cd7e1e8..4b745857af9 100644 --- a/sdk/go/aws/ec2/volumeAttachment.go +++ b/sdk/go/aws/ec2/volumeAttachment.go @@ -36,7 +36,7 @@ import ( // web, err := ec2.NewInstance(ctx, "web", &ec2.InstanceArgs{ // Ami: pulumi.String("ami-21f78e11"), // AvailabilityZone: pulumi.String("us-west-2a"), -// InstanceType: pulumi.String("t2.micro"), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // Tags: pulumi.StringMap{ // "Name": pulumi.String("HelloWorld"), // }, diff --git a/sdk/go/aws/ec2/vpc.go b/sdk/go/aws/ec2/vpc.go index 0a2de1a0870..b3398857951 100644 --- a/sdk/go/aws/ec2/vpc.go +++ b/sdk/go/aws/ec2/vpc.go @@ -98,7 +98,7 @@ import ( // test, err := ec2.NewVpcIpam(ctx, "test", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) @@ -108,7 +108,7 @@ import ( // testVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, "test", &ec2.VpcIpamPoolArgs{ // AddressFamily: pulumi.String("ipv4"), // IpamScopeId: test.PrivateDefaultScopeId, -// Locale: *pulumi.String(current.Name), +// Locale: pulumi.String(current.Name), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/vpcEndpoint.go b/sdk/go/aws/ec2/vpcEndpoint.go index 801a5872a08..c2328425e57 100644 --- a/sdk/go/aws/ec2/vpcEndpoint.go +++ b/sdk/go/aws/ec2/vpcEndpoint.go @@ -142,7 +142,7 @@ import ( // example, err := ec2.NewVpcEndpointService(ctx, "example", &ec2.VpcEndpointServiceArgs{ // AcceptanceRequired: pulumi.Bool(false), // AllowedPrincipals: pulumi.StringArray{ -// *pulumi.String(current.Arn), +// pulumi.String(current.Arn), // }, // GatewayLoadBalancerArns: pulumi.StringArray{ // exampleAwsLb.Arn, diff --git a/sdk/go/aws/ec2/vpcEndpointConnectionNotification.go b/sdk/go/aws/ec2/vpcEndpointConnectionNotification.go index 68445b33a92..f0f97e3ab98 100644 --- a/sdk/go/aws/ec2/vpcEndpointConnectionNotification.go +++ b/sdk/go/aws/ec2/vpcEndpointConnectionNotification.go @@ -58,7 +58,7 @@ import ( // } // topicTopic, err := sns.NewTopic(ctx, "topic", &sns.TopicArgs{ // Name: pulumi.String("vpce-notification-topic"), -// Policy: *pulumi.String(topic.Json), +// Policy: pulumi.String(topic.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/vpcEndpointPolicy.go b/sdk/go/aws/ec2/vpcEndpointPolicy.go index 39631a58d77..26186a690c8 100644 --- a/sdk/go/aws/ec2/vpcEndpointPolicy.go +++ b/sdk/go/aws/ec2/vpcEndpointPolicy.go @@ -44,7 +44,7 @@ import ( // return err // } // exampleVpcEndpoint, err := ec2.NewVpcEndpoint(ctx, "example", &ec2.VpcEndpointArgs{ -// ServiceName: *pulumi.String(example.ServiceName), +// ServiceName: pulumi.String(example.ServiceName), // VpcId: exampleVpc.ID(), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/vpcEndpointServiceAllowedPrinciple.go b/sdk/go/aws/ec2/vpcEndpointServiceAllowedPrinciple.go index 11994129d8d..1b046093bda 100644 --- a/sdk/go/aws/ec2/vpcEndpointServiceAllowedPrinciple.go +++ b/sdk/go/aws/ec2/vpcEndpointServiceAllowedPrinciple.go @@ -44,7 +44,7 @@ import ( // } // _, err = ec2.NewVpcEndpointServiceAllowedPrinciple(ctx, "allow_me_to_foo", &ec2.VpcEndpointServiceAllowedPrincipleArgs{ // VpcEndpointServiceId: pulumi.Any(foo.Id), -// PrincipalArn: *pulumi.String(current.Arn), +// PrincipalArn: pulumi.String(current.Arn), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/vpcIpam.go b/sdk/go/aws/ec2/vpcIpam.go index a6c54b49884..53d7c82f29d 100644 --- a/sdk/go/aws/ec2/vpcIpam.go +++ b/sdk/go/aws/ec2/vpcIpam.go @@ -40,7 +40,7 @@ import ( // Description: pulumi.String("My IPAM"), // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // Tags: pulumi.StringMap{ diff --git a/sdk/go/aws/ec2/vpcIpamOrganizationAdminAccount.go b/sdk/go/aws/ec2/vpcIpamOrganizationAdminAccount.go index 44ab987c66e..e61381b0826 100644 --- a/sdk/go/aws/ec2/vpcIpamOrganizationAdminAccount.go +++ b/sdk/go/aws/ec2/vpcIpamOrganizationAdminAccount.go @@ -37,7 +37,7 @@ import ( // return err // } // _, err = ec2.NewVpcIpamOrganizationAdminAccount(ctx, "example", &ec2.VpcIpamOrganizationAdminAccountArgs{ -// DelegatedAdminAccountId: *pulumi.String(delegated.AccountId), +// DelegatedAdminAccountId: pulumi.String(delegated.AccountId), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/vpcIpamPool.go b/sdk/go/aws/ec2/vpcIpamPool.go index 9cefe5abc45..4f849cdaced 100644 --- a/sdk/go/aws/ec2/vpcIpamPool.go +++ b/sdk/go/aws/ec2/vpcIpamPool.go @@ -39,7 +39,7 @@ import ( // example, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) @@ -49,7 +49,7 @@ import ( // _, err = ec2.NewVpcIpamPool(ctx, "example", &ec2.VpcIpamPoolArgs{ // AddressFamily: pulumi.String("ipv4"), // IpamScopeId: example.PrivateDefaultScopeId, -// Locale: *pulumi.String(current.Name), +// Locale: pulumi.String(current.Name), // }) // if err != nil { // return err @@ -84,7 +84,7 @@ import ( // example, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) @@ -108,7 +108,7 @@ import ( // child, err := ec2.NewVpcIpamPool(ctx, "child", &ec2.VpcIpamPoolArgs{ // AddressFamily: pulumi.String("ipv4"), // IpamScopeId: example.PrivateDefaultScopeId, -// Locale: *pulumi.String(current.Name), +// Locale: pulumi.String(current.Name), // SourceIpamPoolId: parent.ID(), // }) // if err != nil { diff --git a/sdk/go/aws/ec2/vpcIpamPoolCidr.go b/sdk/go/aws/ec2/vpcIpamPoolCidr.go index 432ecded2ea..cbad707d21d 100644 --- a/sdk/go/aws/ec2/vpcIpamPoolCidr.go +++ b/sdk/go/aws/ec2/vpcIpamPoolCidr.go @@ -44,7 +44,7 @@ import ( // example, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) @@ -54,7 +54,7 @@ import ( // exampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, "example", &ec2.VpcIpamPoolArgs{ // AddressFamily: pulumi.String("ipv4"), // IpamScopeId: example.PrivateDefaultScopeId, -// Locale: *pulumi.String(current.Name), +// Locale: pulumi.String(current.Name), // }) // if err != nil { // return err @@ -96,7 +96,7 @@ import ( // example, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) diff --git a/sdk/go/aws/ec2/vpcIpamPoolCidrAllocation.go b/sdk/go/aws/ec2/vpcIpamPoolCidrAllocation.go index 7aa0ae6e0c4..91a1f66f4f2 100644 --- a/sdk/go/aws/ec2/vpcIpamPoolCidrAllocation.go +++ b/sdk/go/aws/ec2/vpcIpamPoolCidrAllocation.go @@ -39,7 +39,7 @@ import ( // exampleVpcIpam, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) @@ -49,7 +49,7 @@ import ( // exampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, "example", &ec2.VpcIpamPoolArgs{ // AddressFamily: pulumi.String("ipv4"), // IpamScopeId: exampleVpcIpam.PrivateDefaultScopeId, -// Locale: *pulumi.String(current.Name), +// Locale: pulumi.String(current.Name), // }) // if err != nil { // return err @@ -98,7 +98,7 @@ import ( // exampleVpcIpam, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) @@ -108,7 +108,7 @@ import ( // exampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, "example", &ec2.VpcIpamPoolArgs{ // AddressFamily: pulumi.String("ipv4"), // IpamScopeId: exampleVpcIpam.PrivateDefaultScopeId, -// Locale: *pulumi.String(current.Name), +// Locale: pulumi.String(current.Name), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/vpcIpamPreviewNextCidr.go b/sdk/go/aws/ec2/vpcIpamPreviewNextCidr.go index a1871e58377..3a940f63005 100644 --- a/sdk/go/aws/ec2/vpcIpamPreviewNextCidr.go +++ b/sdk/go/aws/ec2/vpcIpamPreviewNextCidr.go @@ -39,7 +39,7 @@ import ( // exampleVpcIpam, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) @@ -49,7 +49,7 @@ import ( // exampleVpcIpamPool, err := ec2.NewVpcIpamPool(ctx, "example", &ec2.VpcIpamPoolArgs{ // AddressFamily: pulumi.String("ipv4"), // IpamScopeId: exampleVpcIpam.PrivateDefaultScopeId, -// Locale: *pulumi.String(current.Name), +// Locale: pulumi.String(current.Name), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ec2/vpcIpamResourceDiscovery.go b/sdk/go/aws/ec2/vpcIpamResourceDiscovery.go index 8dd46738f5a..71af315c163 100644 --- a/sdk/go/aws/ec2/vpcIpamResourceDiscovery.go +++ b/sdk/go/aws/ec2/vpcIpamResourceDiscovery.go @@ -40,7 +40,7 @@ import ( // Description: pulumi.String("My IPAM Resource Discovery"), // OperatingRegions: ec2.VpcIpamResourceDiscoveryOperatingRegionArray{ // &ec2.VpcIpamResourceDiscoveryOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // Tags: pulumi.StringMap{ diff --git a/sdk/go/aws/ec2/vpcIpamScope.go b/sdk/go/aws/ec2/vpcIpamScope.go index 7e64a4fa129..66e5168f692 100644 --- a/sdk/go/aws/ec2/vpcIpamScope.go +++ b/sdk/go/aws/ec2/vpcIpamScope.go @@ -39,7 +39,7 @@ import ( // example, err := ec2.NewVpcIpam(ctx, "example", &ec2.VpcIpamArgs{ // OperatingRegions: ec2.VpcIpamOperatingRegionArray{ // &ec2.VpcIpamOperatingRegionArgs{ -// RegionName: *pulumi.String(current.Name), +// RegionName: pulumi.String(current.Name), // }, // }, // }) diff --git a/sdk/go/aws/ec2/vpcPeeringConnectionAccepter.go b/sdk/go/aws/ec2/vpcPeeringConnectionAccepter.go index 5b4c3677111..ee1ffb263e7 100644 --- a/sdk/go/aws/ec2/vpcPeeringConnectionAccepter.go +++ b/sdk/go/aws/ec2/vpcPeeringConnectionAccepter.go @@ -57,7 +57,7 @@ import ( // peerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, "peer", &ec2.VpcPeeringConnectionArgs{ // VpcId: main.ID(), // PeerVpcId: peerVpc.ID(), -// PeerOwnerId: *pulumi.String(peer.AccountId), +// PeerOwnerId: pulumi.String(peer.AccountId), // PeerRegion: pulumi.String("us-west-2"), // AutoAccept: pulumi.Bool(false), // Tags: pulumi.StringMap{ diff --git a/sdk/go/aws/ec2transitgateway/instanceState.go b/sdk/go/aws/ec2transitgateway/instanceState.go index ded8e93cd86..f988544beaa 100644 --- a/sdk/go/aws/ec2transitgateway/instanceState.go +++ b/sdk/go/aws/ec2transitgateway/instanceState.go @@ -56,8 +56,8 @@ import ( // return err // } // test, err := ec2.NewInstance(ctx, "test", &ec2.InstanceArgs{ -// Ami: *pulumi.String(ubuntu.Id), -// InstanceType: pulumi.String("t3.micro"), +// Ami: pulumi.String(ubuntu.Id), +// InstanceType: pulumi.String(ec2.InstanceType_T3_Micro), // Tags: pulumi.StringMap{ // "Name": pulumi.String("HelloWorld"), // }, diff --git a/sdk/go/aws/ec2transitgateway/multicastDomain.go b/sdk/go/aws/ec2transitgateway/multicastDomain.go index 0adc61d1114..12957b69e9f 100644 --- a/sdk/go/aws/ec2transitgateway/multicastDomain.go +++ b/sdk/go/aws/ec2transitgateway/multicastDomain.go @@ -75,7 +75,7 @@ import ( // subnet1, err := ec2.NewSubnet(ctx, "subnet1", &ec2.SubnetArgs{ // VpcId: vpc1.ID(), // CidrBlock: pulumi.String("10.0.1.0/24"), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // }) // if err != nil { // return err @@ -83,7 +83,7 @@ import ( // subnet2, err := ec2.NewSubnet(ctx, "subnet2", &ec2.SubnetArgs{ // VpcId: vpc1.ID(), // CidrBlock: pulumi.String("10.0.2.0/24"), -// AvailabilityZone: *pulumi.String(available.Names[1]), +// AvailabilityZone: pulumi.String(available.Names[1]), // }) // if err != nil { // return err @@ -91,30 +91,30 @@ import ( // subnet3, err := ec2.NewSubnet(ctx, "subnet3", &ec2.SubnetArgs{ // VpcId: vpc2.ID(), // CidrBlock: pulumi.String("10.1.1.0/24"), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // }) // if err != nil { // return err // } // instance1, err := ec2.NewInstance(ctx, "instance1", &ec2.InstanceArgs{ -// Ami: *pulumi.String(amazonLinux.Id), -// InstanceType: pulumi.String("t2.micro"), +// Ami: pulumi.String(amazonLinux.Id), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // SubnetId: subnet1.ID(), // }) // if err != nil { // return err // } // instance2, err := ec2.NewInstance(ctx, "instance2", &ec2.InstanceArgs{ -// Ami: *pulumi.String(amazonLinux.Id), -// InstanceType: pulumi.String("t2.micro"), +// Ami: pulumi.String(amazonLinux.Id), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // SubnetId: subnet2.ID(), // }) // if err != nil { // return err // } // instance3, err := ec2.NewInstance(ctx, "instance3", &ec2.InstanceArgs{ -// Ami: *pulumi.String(amazonLinux.Id), -// InstanceType: pulumi.String("t2.micro"), +// Ami: pulumi.String(amazonLinux.Id), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // SubnetId: subnet3.ID(), // }) // if err != nil { diff --git a/sdk/go/aws/ec2transitgateway/peeringAttachment.go b/sdk/go/aws/ec2transitgateway/peeringAttachment.go index 97c78597fab..5430601aea2 100644 --- a/sdk/go/aws/ec2transitgateway/peeringAttachment.go +++ b/sdk/go/aws/ec2transitgateway/peeringAttachment.go @@ -53,7 +53,7 @@ import ( // } // _, err = ec2transitgateway.NewPeeringAttachment(ctx, "example", &ec2transitgateway.PeeringAttachmentArgs{ // PeerAccountId: peerTransitGateway.OwnerId, -// PeerRegion: *pulumi.String(peer.Name), +// PeerRegion: pulumi.String(peer.Name), // PeerTransitGatewayId: peerTransitGateway.ID(), // TransitGatewayId: local.ID(), // Tags: pulumi.StringMap{ diff --git a/sdk/go/aws/ecr/replicationConfiguration.go b/sdk/go/aws/ecr/replicationConfiguration.go index 8ae6ef7a227..5130d6f78d1 100644 --- a/sdk/go/aws/ecr/replicationConfiguration.go +++ b/sdk/go/aws/ecr/replicationConfiguration.go @@ -43,8 +43,8 @@ import ( // &ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{ // Destinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{ // &ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{ -// Region: *pulumi.String(example.Names[0]), -// RegistryId: *pulumi.String(current.AccountId), +// Region: pulumi.String(example.Names[0]), +// RegistryId: pulumi.String(current.AccountId), // }, // }, // }, @@ -91,12 +91,12 @@ import ( // &ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{ // Destinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{ // &ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{ -// Region: *pulumi.String(example.Names[0]), -// RegistryId: *pulumi.String(current.AccountId), +// Region: pulumi.String(example.Names[0]), +// RegistryId: pulumi.String(current.AccountId), // }, // &ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{ -// Region: *pulumi.String(example.Names[1]), -// RegistryId: *pulumi.String(current.AccountId), +// Region: pulumi.String(example.Names[1]), +// RegistryId: pulumi.String(current.AccountId), // }, // }, // }, @@ -143,8 +143,8 @@ import ( // &ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{ // Destinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{ // &ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{ -// Region: *pulumi.String(example.Names[0]), -// RegistryId: *pulumi.String(current.AccountId), +// Region: pulumi.String(example.Names[0]), +// RegistryId: pulumi.String(current.AccountId), // }, // }, // RepositoryFilters: ecr.ReplicationConfigurationReplicationConfigurationRuleRepositoryFilterArray{ diff --git a/sdk/go/aws/ecr/repositoryPolicy.go b/sdk/go/aws/ecr/repositoryPolicy.go index 5952197af6e..b38fbd18d11 100644 --- a/sdk/go/aws/ecr/repositoryPolicy.go +++ b/sdk/go/aws/ecr/repositoryPolicy.go @@ -75,7 +75,7 @@ import ( // } // _, err = ecr.NewRepositoryPolicy(ctx, "foopolicy", &ecr.RepositoryPolicyArgs{ // Repository: foo.Name, -// Policy: *pulumi.String(foopolicy.Json), +// Policy: pulumi.String(foopolicy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ecrpublic/repositoryPolicy.go b/sdk/go/aws/ecrpublic/repositoryPolicy.go index f19b4603bf5..3fc20b4ba99 100644 --- a/sdk/go/aws/ecrpublic/repositoryPolicy.go +++ b/sdk/go/aws/ecrpublic/repositoryPolicy.go @@ -77,7 +77,7 @@ import ( // } // _, err = ecrpublic.NewRepositoryPolicy(ctx, "example", &ecrpublic.RepositoryPolicyArgs{ // RepositoryName: exampleRepository.RepositoryName, -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/eks/cluster.go b/sdk/go/aws/eks/cluster.go index 142f48b4ce3..c701a004c2a 100644 --- a/sdk/go/aws/eks/cluster.go +++ b/sdk/go/aws/eks/cluster.go @@ -93,7 +93,7 @@ import ( // } // example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("eks-cluster-example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/eks/getAddonVersion.go b/sdk/go/aws/eks/getAddonVersion.go index b42c49e61f0..62f0e7b55b0 100644 --- a/sdk/go/aws/eks/getAddonVersion.go +++ b/sdk/go/aws/eks/getAddonVersion.go @@ -46,7 +46,7 @@ import ( // _, err = eks.NewAddon(ctx, "vpc_cni", &eks.AddonArgs{ // ClusterName: pulumi.Any(example.Name), // AddonName: pulumi.String("vpc-cni"), -// AddonVersion: *pulumi.String(latest.Version), +// AddonVersion: pulumi.String(latest.Version), // }) // if err != nil { // return err diff --git a/sdk/go/aws/eks/podIdentityAssociation.go b/sdk/go/aws/eks/podIdentityAssociation.go index 2b341e9f9bb..7efa3ed7c20 100644 --- a/sdk/go/aws/eks/podIdentityAssociation.go +++ b/sdk/go/aws/eks/podIdentityAssociation.go @@ -64,7 +64,7 @@ import ( // } // example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("eks-pod-identity-example"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/elasticsearch/domain.go b/sdk/go/aws/elasticsearch/domain.go index 4ec7d6a8c8c..99c93fc943a 100644 --- a/sdk/go/aws/elasticsearch/domain.go +++ b/sdk/go/aws/elasticsearch/domain.go @@ -165,7 +165,7 @@ import ( // } // _, err = cloudwatch.NewLogResourcePolicy(ctx, "example", &cloudwatch.LogResourcePolicyArgs{ // PolicyName: pulumi.String("example"), -// PolicyDocument: *pulumi.String(example.Json), +// PolicyDocument: pulumi.String(example.Json), // }) // if err != nil { // return err @@ -249,14 +249,14 @@ import ( // es, err := ec2.NewSecurityGroup(ctx, "es", &ec2.SecurityGroupArgs{ // Name: pulumi.String(fmt.Sprintf("%v-elasticsearch-%v", vpc, domain)), // Description: pulumi.String("Managed by Pulumi"), -// VpcId: *pulumi.String(selected.Id), +// VpcId: pulumi.String(selected.Id), // Ingress: ec2.SecurityGroupIngressArray{ // &ec2.SecurityGroupIngressArgs{ // FromPort: pulumi.Int(443), // ToPort: pulumi.Int(443), // Protocol: pulumi.String("tcp"), // CidrBlocks: pulumi.StringArray{ -// *pulumi.String(selected.CidrBlock), +// pulumi.String(selected.CidrBlock), // }, // }, // }, @@ -279,8 +279,8 @@ import ( // }, // VpcOptions: &elasticsearch.DomainVpcOptionsArgs{ // SubnetIds: pulumi.StringArray{ -// *pulumi.String(selectedGetSubnets.Ids[0]), -// *pulumi.String(selectedGetSubnets.Ids[1]), +// pulumi.String(selectedGetSubnets.Ids[0]), +// pulumi.String(selectedGetSubnets.Ids[1]), // }, // SecurityGroupIds: pulumi.StringArray{ // es.ID(), diff --git a/sdk/go/aws/elb/getHostedZoneId.go b/sdk/go/aws/elb/getHostedZoneId.go index 6cfba3d5d0a..a2ea69083e1 100644 --- a/sdk/go/aws/elb/getHostedZoneId.go +++ b/sdk/go/aws/elb/getHostedZoneId.go @@ -37,11 +37,11 @@ import ( // _, err = route53.NewRecord(ctx, "www", &route53.RecordArgs{ // ZoneId: pulumi.Any(primary.ZoneId), // Name: pulumi.String("example.com"), -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ // Name: pulumi.Any(mainAwsElb.DnsName), -// ZoneId: *pulumi.String(main.Id), +// ZoneId: pulumi.String(main.Id), // EvaluateTargetHealth: pulumi.Bool(true), // }, // }, diff --git a/sdk/go/aws/gamelift/gameServerGroup.go b/sdk/go/aws/gamelift/gameServerGroup.go index 700d58d23e9..d364e4ed961 100644 --- a/sdk/go/aws/gamelift/gameServerGroup.go +++ b/sdk/go/aws/gamelift/gameServerGroup.go @@ -161,7 +161,7 @@ import ( // return err // } // example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // Name: pulumi.String("gamelift-game-server-group-example"), // }) // if err != nil { diff --git a/sdk/go/aws/getAvailabilityZones.go b/sdk/go/aws/getAvailabilityZones.go index 13b58259fd4..bd4c69e435f 100644 --- a/sdk/go/aws/getAvailabilityZones.go +++ b/sdk/go/aws/getAvailabilityZones.go @@ -47,13 +47,13 @@ import ( // } // // e.g., Create subnets in the first two available availability zones // _, err = ec2.NewSubnet(ctx, "primary", &ec2.SubnetArgs{ -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // }) // if err != nil { // return err // } // _, err = ec2.NewSubnet(ctx, "secondary", &ec2.SubnetArgs{ -// AvailabilityZone: *pulumi.String(available.Names[1]), +// AvailabilityZone: pulumi.String(available.Names[1]), // }) // if err != nil { // return err diff --git a/sdk/go/aws/getIpRanges.go b/sdk/go/aws/getIpRanges.go index c20ce00ea20..baaf07a6fcf 100644 --- a/sdk/go/aws/getIpRanges.go +++ b/sdk/go/aws/getIpRanges.go @@ -53,8 +53,8 @@ import ( // }, // }, // Tags: pulumi.StringMap{ -// "CreateDate": *pulumi.String(europeanEc2.CreateDate), -// "SyncToken": *pulumi.Int(europeanEc2.SyncToken), +// "CreateDate": pulumi.String(europeanEc2.CreateDate), +// "SyncToken": pulumi.Int(europeanEc2.SyncToken), // }, // }) // if err != nil { diff --git a/sdk/go/aws/glacier/vault.go b/sdk/go/aws/glacier/vault.go index e079a1035b3..419a247ffca 100644 --- a/sdk/go/aws/glacier/vault.go +++ b/sdk/go/aws/glacier/vault.go @@ -73,7 +73,7 @@ import ( // pulumi.String("InventoryRetrievalCompleted"), // }, // }, -// AccessPolicy: *pulumi.String(myArchive.Json), +// AccessPolicy: pulumi.String(myArchive.Json), // Tags: pulumi.StringMap{ // "Test": pulumi.String("MyArchive"), // }, diff --git a/sdk/go/aws/glue/devEndpoint.go b/sdk/go/aws/glue/devEndpoint.go index 481a1e2ef94..d22aae65586 100644 --- a/sdk/go/aws/glue/devEndpoint.go +++ b/sdk/go/aws/glue/devEndpoint.go @@ -54,7 +54,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("AWSGlueServiceRole-foo"), -// AssumeRolePolicy: *pulumi.String(example.Json), +// AssumeRolePolicy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/glue/resourcePolicy.go b/sdk/go/aws/glue/resourcePolicy.go index 0689a4f6d1a..e7e0fb997a5 100644 --- a/sdk/go/aws/glue/resourcePolicy.go +++ b/sdk/go/aws/glue/resourcePolicy.go @@ -69,7 +69,7 @@ import ( // return err // } // _, err = glue.NewResourcePolicy(ctx, "example", &glue.ResourcePolicyArgs{ -// Policy: *pulumi.String(glue_example_policy.Json), +// Policy: pulumi.String(glue_example_policy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/guardduty/publishingDestination.go b/sdk/go/aws/guardduty/publishingDestination.go index 37dcbfe6bab..15ba81b39d8 100644 --- a/sdk/go/aws/guardduty/publishingDestination.go +++ b/sdk/go/aws/guardduty/publishingDestination.go @@ -156,7 +156,7 @@ import ( // gdKey, err := kms.NewKey(ctx, "gd_key", &kms.KeyArgs{ // Description: pulumi.String("Temporary key for AccTest of TF"), // DeletionWindowInDays: pulumi.Int(7), -// Policy: *pulumi.String(kmsPol.Json), +// Policy: pulumi.String(kmsPol.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iam/accessKey.go b/sdk/go/aws/iam/accessKey.go index 2e9d183d96a..c278e1446ce 100644 --- a/sdk/go/aws/iam/accessKey.go +++ b/sdk/go/aws/iam/accessKey.go @@ -62,7 +62,7 @@ import ( // _, err = iam.NewUserPolicy(ctx, "lb_ro", &iam.UserPolicyArgs{ // Name: pulumi.String("test"), // User: lbUser.Name, -// Policy: *pulumi.String(lbRo.Json), +// Policy: pulumi.String(lbRo.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iam/getPolicyDocument.go b/sdk/go/aws/iam/getPolicyDocument.go index 9bb55763a5d..a0fce91107d 100644 --- a/sdk/go/aws/iam/getPolicyDocument.go +++ b/sdk/go/aws/iam/getPolicyDocument.go @@ -82,7 +82,7 @@ import ( // _, err = iam.NewPolicy(ctx, "example", &iam.PolicyArgs{ // Name: pulumi.String("example_policy"), // Path: pulumi.String("/"), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iam/getServerCertificate.go b/sdk/go/aws/iam/getServerCertificate.go index d59cea4c808..b6684eb2796 100644 --- a/sdk/go/aws/iam/getServerCertificate.go +++ b/sdk/go/aws/iam/getServerCertificate.go @@ -44,7 +44,7 @@ import ( // InstanceProtocol: pulumi.String("https"), // LbPort: pulumi.Int(443), // LbProtocol: pulumi.String("https"), -// SslCertificateId: *pulumi.String(my_domain.Arn), +// SslCertificateId: pulumi.String(my_domain.Arn), // }, // }, // }) diff --git a/sdk/go/aws/iam/instanceProfile.go b/sdk/go/aws/iam/instanceProfile.go index 4b323e05edc..fff6dca8c8e 100644 --- a/sdk/go/aws/iam/instanceProfile.go +++ b/sdk/go/aws/iam/instanceProfile.go @@ -52,7 +52,7 @@ import ( // role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ // Name: pulumi.String("test_role"), // Path: pulumi.String("/"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iam/policyAttachment.go b/sdk/go/aws/iam/policyAttachment.go index 6d45c5fd2f6..c2faf331c60 100644 --- a/sdk/go/aws/iam/policyAttachment.go +++ b/sdk/go/aws/iam/policyAttachment.go @@ -64,7 +64,7 @@ import ( // } // role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ // Name: pulumi.String("test-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -94,7 +94,7 @@ import ( // policyPolicy, err := iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{ // Name: pulumi.String("test-policy"), // Description: pulumi.String("A test policy"), -// Policy: *pulumi.String(policy.Json), +// Policy: pulumi.String(policy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iam/role.go b/sdk/go/aws/iam/role.go index e8709bc6bb6..64485a3f19e 100644 --- a/sdk/go/aws/iam/role.go +++ b/sdk/go/aws/iam/role.go @@ -109,7 +109,7 @@ import ( // _, err = iam.NewRole(ctx, "instance", &iam.RoleArgs{ // Name: pulumi.String("instance_role"), // Path: pulumi.String("/system/"), -// AssumeRolePolicy: *pulumi.String(instanceAssumeRolePolicy.Json), +// AssumeRolePolicy: pulumi.String(instanceAssumeRolePolicy.Json), // }) // if err != nil { // return err @@ -181,7 +181,7 @@ import ( // }, // &iam.RoleInlinePolicyArgs{ // Name: pulumi.String("policy-8675309"), -// Policy: *pulumi.String(inlinePolicy.Json), +// Policy: pulumi.String(inlinePolicy.Json), // }, // }, // }) diff --git a/sdk/go/aws/iam/rolePolicyAttachment.go b/sdk/go/aws/iam/rolePolicyAttachment.go index 57cbfb6d254..f28c3850f5e 100644 --- a/sdk/go/aws/iam/rolePolicyAttachment.go +++ b/sdk/go/aws/iam/rolePolicyAttachment.go @@ -56,7 +56,7 @@ import ( // } // role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ // Name: pulumi.String("test-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -80,7 +80,7 @@ import ( // policyPolicy, err := iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{ // Name: pulumi.String("test-policy"), // Description: pulumi.String("A test policy"), -// Policy: *pulumi.String(policy.Json), +// Policy: pulumi.String(policy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iam/user.go b/sdk/go/aws/iam/user.go index 39a9d9b1659..78e0454b3db 100644 --- a/sdk/go/aws/iam/user.go +++ b/sdk/go/aws/iam/user.go @@ -65,7 +65,7 @@ import ( // _, err = iam.NewUserPolicy(ctx, "lb_ro", &iam.UserPolicyArgs{ // Name: pulumi.String("test"), // User: lb.Name, -// Policy: *pulumi.String(lbRo.Json), +// Policy: pulumi.String(lbRo.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/inspector2/delegatedAdminAccount.go b/sdk/go/aws/inspector2/delegatedAdminAccount.go index 58911b71b2d..726b72e3d8f 100644 --- a/sdk/go/aws/inspector2/delegatedAdminAccount.go +++ b/sdk/go/aws/inspector2/delegatedAdminAccount.go @@ -37,7 +37,7 @@ import ( // return err // } // _, err = inspector2.NewDelegatedAdminAccount(ctx, "example", &inspector2.DelegatedAdminAccountArgs{ -// AccountId: *pulumi.String(current.AccountId), +// AccountId: pulumi.String(current.AccountId), // }) // if err != nil { // return err diff --git a/sdk/go/aws/inspector2/enabler.go b/sdk/go/aws/inspector2/enabler.go index 5eeb5dc370c..b038c0f2966 100644 --- a/sdk/go/aws/inspector2/enabler.go +++ b/sdk/go/aws/inspector2/enabler.go @@ -73,7 +73,7 @@ import ( // } // _, err = inspector2.NewEnabler(ctx, "test", &inspector2.EnablerArgs{ // AccountIds: pulumi.StringArray{ -// *pulumi.String(current.AccountId), +// pulumi.String(current.AccountId), // }, // ResourceTypes: pulumi.StringArray{ // pulumi.String("ECR"), diff --git a/sdk/go/aws/iot/caCertificate.go b/sdk/go/aws/iot/caCertificate.go index 81b947aed34..de3e681fb15 100644 --- a/sdk/go/aws/iot/caCertificate.go +++ b/sdk/go/aws/iot/caCertificate.go @@ -66,7 +66,7 @@ import ( // verification, err := tls.NewCertRequest(ctx, "verification", &tls.CertRequestArgs{ // PrivateKeyPem: verificationPrivateKey.PrivateKeyPem, // Subject: &tls.CertRequestSubjectArgs{ -// CommonName: *pulumi.String(example.RegistrationCode), +// CommonName: pulumi.String(example.RegistrationCode), // }, // }) // if err != nil { diff --git a/sdk/go/aws/iot/getRegistrationCode.go b/sdk/go/aws/iot/getRegistrationCode.go index d6aa70cb5c7..ac03cf794f5 100644 --- a/sdk/go/aws/iot/getRegistrationCode.go +++ b/sdk/go/aws/iot/getRegistrationCode.go @@ -43,7 +43,7 @@ import ( // KeyAlgorithm: pulumi.String("RSA"), // PrivateKeyPem: verification.PrivateKeyPem, // Subject: &tls.CertRequestSubjectArgs{ -// CommonName: *pulumi.String(example.RegistrationCode), +// CommonName: pulumi.String(example.RegistrationCode), // }, // }) // if err != nil { diff --git a/sdk/go/aws/iot/policyAttachment.go b/sdk/go/aws/iot/policyAttachment.go index a22a88fa760..ac806f70c5d 100644 --- a/sdk/go/aws/iot/policyAttachment.go +++ b/sdk/go/aws/iot/policyAttachment.go @@ -49,7 +49,7 @@ import ( // } // pubsubPolicy, err := iot.NewPolicy(ctx, "pubsub", &iot.PolicyArgs{ // Name: pulumi.String("PubSubToAnyTopic"), -// Policy: *pulumi.String(pubsub.Json), +// Policy: pulumi.String(pubsub.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iot/provisioningTemplate.go b/sdk/go/aws/iot/provisioningTemplate.go index cf4faf08ce3..37e9679a296 100644 --- a/sdk/go/aws/iot/provisioningTemplate.go +++ b/sdk/go/aws/iot/provisioningTemplate.go @@ -55,7 +55,7 @@ import ( // iotFleetProvisioning, err := iam.NewRole(ctx, "iot_fleet_provisioning", &iam.RoleArgs{ // Name: pulumi.String("IoTProvisioningServiceRole"), // Path: pulumi.String("/service-role/"), -// AssumeRolePolicy: *pulumi.String(iotAssumeRolePolicy.Json), +// AssumeRolePolicy: pulumi.String(iotAssumeRolePolicy.Json), // }) // if err != nil { // return err @@ -84,7 +84,7 @@ import ( // } // devicePolicyPolicy, err := iot.NewPolicy(ctx, "device_policy", &iot.PolicyArgs{ // Name: pulumi.String("DevicePolicy"), -// Policy: *pulumi.String(devicePolicy.Json), +// Policy: pulumi.String(devicePolicy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/iot/topicRule.go b/sdk/go/aws/iot/topicRule.go index 413b4df0f1d..1ba30f245bb 100644 --- a/sdk/go/aws/iot/topicRule.go +++ b/sdk/go/aws/iot/topicRule.go @@ -89,7 +89,7 @@ import ( // } // myrole, err := iam.NewRole(ctx, "myrole", &iam.RoleArgs{ // Name: pulumi.String("myrole"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ivschat/loggingConfiguration.go b/sdk/go/aws/ivschat/loggingConfiguration.go index 47913cbfc97..f4b787cc5ba 100644 --- a/sdk/go/aws/ivschat/loggingConfiguration.go +++ b/sdk/go/aws/ivschat/loggingConfiguration.go @@ -99,7 +99,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("firehose_example_role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/kinesis/firehoseDeliveryStream.go b/sdk/go/aws/kinesis/firehoseDeliveryStream.go index 50b4b1d8cf6..f3707bf4d67 100644 --- a/sdk/go/aws/kinesis/firehoseDeliveryStream.go +++ b/sdk/go/aws/kinesis/firehoseDeliveryStream.go @@ -67,7 +67,7 @@ import ( // } // firehoseRole, err := iam.NewRole(ctx, "firehose_role", &iam.RoleArgs{ // Name: pulumi.String("firehose_test_role"), -// AssumeRolePolicy: *pulumi.String(firehoseAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(firehoseAssumeRole.Json), // }) // if err != nil { // return err @@ -95,7 +95,7 @@ import ( // } // lambdaIam, err := iam.NewRole(ctx, "lambda_iam", &iam.RoleArgs{ // Name: pulumi.String("lambda_iam"), -// AssumeRolePolicy: *pulumi.String(lambdaAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(lambdaAssumeRole.Json), // }) // if err != nil { // return err @@ -105,7 +105,7 @@ import ( // Name: pulumi.String("firehose_lambda_processor"), // Role: lambdaIam.Arn, // Handler: pulumi.String("exports.handler"), -// Runtime: pulumi.String("nodejs16.x"), +// Runtime: pulumi.String(lambda.RuntimeNodeJS16dX), // }) // if err != nil { // return err diff --git a/sdk/go/aws/lakeformation/permissions.go b/sdk/go/aws/lakeformation/permissions.go index fb2830a5014..eaebb9179cb 100644 --- a/sdk/go/aws/lakeformation/permissions.go +++ b/sdk/go/aws/lakeformation/permissions.go @@ -56,7 +56,7 @@ import ( // } // _, err = lakeformation.NewDataLakeSettings(ctx, "test", &lakeformation.DataLakeSettingsArgs{ // Admins: pulumi.StringArray{ -// *pulumi.String(currentGetSessionContext.IssuerArn), +// pulumi.String(currentGetSessionContext.IssuerArn), // }, // }) // if err != nil { diff --git a/sdk/go/aws/lakeformation/resource.go b/sdk/go/aws/lakeformation/resource.go index d0372e4389e..e5ecfcb9938 100644 --- a/sdk/go/aws/lakeformation/resource.go +++ b/sdk/go/aws/lakeformation/resource.go @@ -42,7 +42,7 @@ import ( // return err // } // _, err = lakeformation.NewResource(ctx, "example", &lakeformation.ResourceArgs{ -// Arn: *pulumi.String(example.Arn), +// Arn: pulumi.String(example.Arn), // }) // if err != nil { // return err diff --git a/sdk/go/aws/lambda/function.go b/sdk/go/aws/lambda/function.go index 1662674a4eb..072194d64fb 100644 --- a/sdk/go/aws/lambda/function.go +++ b/sdk/go/aws/lambda/function.go @@ -64,7 +64,7 @@ import ( // } // iamForLambda, err := iam.NewRole(ctx, "iam_for_lambda", &iam.RoleArgs{ // Name: pulumi.String("iam_for_lambda"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -82,8 +82,8 @@ import ( // Name: pulumi.String("lambda_function_name"), // Role: iamForLambda.Arn, // Handler: pulumi.String("index.test"), -// SourceCodeHash: *pulumi.String(lambda.OutputBase64sha256), -// Runtime: pulumi.String("nodejs18.x"), +// SourceCodeHash: pulumi.String(lambda.OutputBase64sha256), +// Runtime: pulumi.String(lambda.RuntimeNodeJS18dX), // Environment: &lambda.FunctionEnvironmentArgs{ // Variables: pulumi.StringMap{ // "foo": pulumi.String("bar"), @@ -175,7 +175,7 @@ import ( // } // iamForLambda, err := iam.NewRole(ctx, "iam_for_lambda", &iam.RoleArgs{ // Name: pulumi.String("iam_for_lambda"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -185,7 +185,7 @@ import ( // Name: pulumi.String("lambda_function_name"), // Role: iamForLambda.Arn, // Handler: pulumi.String("index.test"), -// Runtime: pulumi.String("nodejs18.x"), +// Runtime: pulumi.String(lambda.RuntimeNodeJS18dX), // EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{ // Size: pulumi.Int(10240), // }, @@ -354,7 +354,7 @@ import ( // Name: pulumi.String("lambda_logging"), // Path: pulumi.String("/"), // Description: pulumi.String("IAM policy for logging from a lambda"), -// Policy: *pulumi.String(lambdaLogging.Json), +// Policy: pulumi.String(lambdaLogging.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/lambda/permission.go b/sdk/go/aws/lambda/permission.go index 43e67a80f32..76fac985aa6 100644 --- a/sdk/go/aws/lambda/permission.go +++ b/sdk/go/aws/lambda/permission.go @@ -63,7 +63,7 @@ import ( // Name: pulumi.String("lambda_function_name"), // Role: iamForLambda.Arn, // Handler: pulumi.String("exports.handler"), -// Runtime: pulumi.String("nodejs16.x"), +// Runtime: pulumi.String(lambda.RuntimeNodeJS16dX), // }) // if err != nil { // return err @@ -149,7 +149,7 @@ import ( // Name: pulumi.String("lambda_called_from_sns"), // Role: defaultRole.Arn, // Handler: pulumi.String("exports.handler"), -// Runtime: pulumi.String("python3.7"), +// Runtime: pulumi.String(lambda.RuntimePython3d7), // }) // if err != nil { // return err @@ -271,7 +271,7 @@ import ( // } // defaultRole, err := iam.NewRole(ctx, "default", &iam.RoleArgs{ // Name: pulumi.String("iam_for_lambda_called_from_cloudwatch_logs"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -281,7 +281,7 @@ import ( // Name: pulumi.String("lambda_called_from_cloudwatch_logs"), // Handler: pulumi.String("exports.handler"), // Role: defaultRole.Arn, -// Runtime: pulumi.String("python3.7"), +// Runtime: pulumi.String(lambda.RuntimePython3d7), // }) // if err != nil { // return err diff --git a/sdk/go/aws/lb/getHostedZoneId.go b/sdk/go/aws/lb/getHostedZoneId.go index 47d29cabba6..f0b5d7ffdb8 100644 --- a/sdk/go/aws/lb/getHostedZoneId.go +++ b/sdk/go/aws/lb/getHostedZoneId.go @@ -36,11 +36,11 @@ import ( // _, err = route53.NewRecord(ctx, "www", &route53.RecordArgs{ // ZoneId: pulumi.Any(primary.ZoneId), // Name: pulumi.String("example.com"), -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ // Name: pulumi.Any(mainAwsLb.DnsName), -// ZoneId: *pulumi.String(main.Id), +// ZoneId: pulumi.String(main.Id), // EvaluateTargetHealth: pulumi.Bool(true), // }, // }, diff --git a/sdk/go/aws/licensemanager/association.go b/sdk/go/aws/licensemanager/association.go index 17b883e6528..e4525296c83 100644 --- a/sdk/go/aws/licensemanager/association.go +++ b/sdk/go/aws/licensemanager/association.go @@ -50,8 +50,8 @@ import ( // return err // } // exampleInstance, err := ec2.NewInstance(ctx, "example", &ec2.InstanceArgs{ -// Ami: *pulumi.String(example.Id), -// InstanceType: pulumi.String("t2.micro"), +// Ami: pulumi.String(example.Id), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // }) // if err != nil { // return err diff --git a/sdk/go/aws/lightsail/disk.go b/sdk/go/aws/lightsail/disk.go index e75a08d4e16..d3878e441e7 100644 --- a/sdk/go/aws/lightsail/disk.go +++ b/sdk/go/aws/lightsail/disk.go @@ -47,7 +47,7 @@ import ( // _, err = lightsail.NewDisk(ctx, "test", &lightsail.DiskArgs{ // Name: pulumi.String("test"), // SizeInGb: pulumi.Int(8), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // }) // if err != nil { // return err diff --git a/sdk/go/aws/lightsail/disk_attachment.go b/sdk/go/aws/lightsail/disk_attachment.go index df09c0e8200..43b2f249309 100644 --- a/sdk/go/aws/lightsail/disk_attachment.go +++ b/sdk/go/aws/lightsail/disk_attachment.go @@ -47,14 +47,14 @@ import ( // test, err := lightsail.NewDisk(ctx, "test", &lightsail.DiskArgs{ // Name: pulumi.String("test-disk"), // SizeInGb: pulumi.Int(8), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // }) // if err != nil { // return err // } // testInstance, err := lightsail.NewInstance(ctx, "test", &lightsail.InstanceArgs{ // Name: pulumi.String("test-instance"), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // BlueprintId: pulumi.String("amazon_linux_2"), // BundleId: pulumi.String("nano_1_0"), // }) diff --git a/sdk/go/aws/lightsail/distribution.go b/sdk/go/aws/lightsail/distribution.go index 4a3f5a3c936..fc5f8851e17 100644 --- a/sdk/go/aws/lightsail/distribution.go +++ b/sdk/go/aws/lightsail/distribution.go @@ -117,7 +117,7 @@ import ( // } // testInstance, err := lightsail.NewInstance(ctx, "test", &lightsail.InstanceArgs{ // Name: pulumi.String("test-instance"), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // BlueprintId: pulumi.String("amazon_linux_2"), // BundleId: pulumi.String("micro_1_0"), // }) @@ -136,7 +136,7 @@ import ( // BundleId: pulumi.String("small_1_0"), // Origin: &lightsail.DistributionOriginArgs{ // Name: testInstance.Name, -// RegionName: *pulumi.String(available.Id), +// RegionName: pulumi.String(available.Id), // }, // DefaultCacheBehavior: &lightsail.DistributionDefaultCacheBehaviorArgs{ // Behavior: pulumi.String("cache"), @@ -197,7 +197,7 @@ import ( // } // testInstance, err := lightsail.NewInstance(ctx, "test", &lightsail.InstanceArgs{ // Name: pulumi.String("test-instance"), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // BlueprintId: pulumi.String("amazon_linux_2"), // BundleId: pulumi.String("nano_1_0"), // }) @@ -216,7 +216,7 @@ import ( // BundleId: pulumi.String("small_1_0"), // Origin: &lightsail.DistributionOriginArgs{ // Name: test.Name, -// RegionName: *pulumi.String(available.Id), +// RegionName: pulumi.String(available.Id), // }, // DefaultCacheBehavior: &lightsail.DistributionDefaultCacheBehaviorArgs{ // Behavior: pulumi.String("cache"), diff --git a/sdk/go/aws/lightsail/lbAttachment.go b/sdk/go/aws/lightsail/lbAttachment.go index 89214e6ef27..9f31662cc8d 100644 --- a/sdk/go/aws/lightsail/lbAttachment.go +++ b/sdk/go/aws/lightsail/lbAttachment.go @@ -57,7 +57,7 @@ import ( // } // testInstance, err := lightsail.NewInstance(ctx, "test", &lightsail.InstanceArgs{ // Name: pulumi.String("test-instance"), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // BlueprintId: pulumi.String("amazon_linux_2"), // BundleId: pulumi.String("nano_1_0"), // }) diff --git a/sdk/go/aws/medialive/multiplex.go b/sdk/go/aws/medialive/multiplex.go index 2242946b2bc..0d8c489a97b 100644 --- a/sdk/go/aws/medialive/multiplex.go +++ b/sdk/go/aws/medialive/multiplex.go @@ -41,8 +41,8 @@ import ( // _, err = medialive.NewMultiplex(ctx, "example", &medialive.MultiplexArgs{ // Name: pulumi.String("example-multiplex-changed"), // AvailabilityZones: pulumi.StringArray{ -// *pulumi.String(available.Names[0]), -// *pulumi.String(available.Names[1]), +// pulumi.String(available.Names[0]), +// pulumi.String(available.Names[1]), // }, // MultiplexSettings: &medialive.MultiplexMultiplexSettingsArgs{ // TransportStreamBitrate: pulumi.Int(1000000), diff --git a/sdk/go/aws/medialive/multiplexProgram.go b/sdk/go/aws/medialive/multiplexProgram.go index 8dc16da83c2..e52354bb752 100644 --- a/sdk/go/aws/medialive/multiplexProgram.go +++ b/sdk/go/aws/medialive/multiplexProgram.go @@ -41,8 +41,8 @@ import ( // example, err := medialive.NewMultiplex(ctx, "example", &medialive.MultiplexArgs{ // Name: pulumi.String("example-multiplex-changed"), // AvailabilityZones: pulumi.StringArray{ -// *pulumi.String(available.Names[0]), -// *pulumi.String(available.Names[1]), +// pulumi.String(available.Names[0]), +// pulumi.String(available.Names[1]), // }, // MultiplexSettings: &medialive.MultiplexMultiplexSettingsArgs{ // TransportStreamBitrate: pulumi.Int(1000000), diff --git a/sdk/go/aws/msk/cluster.go b/sdk/go/aws/msk/cluster.go index 454fa2950d5..f7d48b0538a 100644 --- a/sdk/go/aws/msk/cluster.go +++ b/sdk/go/aws/msk/cluster.go @@ -53,7 +53,7 @@ import ( // return err // } // subnetAz1, err := ec2.NewSubnet(ctx, "subnet_az1", &ec2.SubnetArgs{ -// AvailabilityZone: *pulumi.String(azs.Names[0]), +// AvailabilityZone: pulumi.String(azs.Names[0]), // CidrBlock: pulumi.String("192.168.0.0/24"), // VpcId: vpc.ID(), // }) @@ -61,7 +61,7 @@ import ( // return err // } // subnetAz2, err := ec2.NewSubnet(ctx, "subnet_az2", &ec2.SubnetArgs{ -// AvailabilityZone: *pulumi.String(azs.Names[1]), +// AvailabilityZone: pulumi.String(azs.Names[1]), // CidrBlock: pulumi.String("192.168.1.0/24"), // VpcId: vpc.ID(), // }) @@ -69,7 +69,7 @@ import ( // return err // } // subnetAz3, err := ec2.NewSubnet(ctx, "subnet_az3", &ec2.SubnetArgs{ -// AvailabilityZone: *pulumi.String(azs.Names[2]), +// AvailabilityZone: pulumi.String(azs.Names[2]), // CidrBlock: pulumi.String("192.168.2.0/24"), // VpcId: vpc.ID(), // }) @@ -130,7 +130,7 @@ import ( // } // firehoseRole, err := iam.NewRole(ctx, "firehose_role", &iam.RoleArgs{ // Name: pulumi.String("firehose_test_role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/networkmanager/coreNetwork.go b/sdk/go/aws/networkmanager/coreNetwork.go index 3e71d1da627..88fce152575 100644 --- a/sdk/go/aws/networkmanager/coreNetwork.go +++ b/sdk/go/aws/networkmanager/coreNetwork.go @@ -156,7 +156,7 @@ import ( // } // exampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, "example", &networkmanager.CoreNetworkArgs{ // GlobalNetworkId: exampleGlobalNetwork.ID(), -// BasePolicyDocument: *pulumi.String(base.Json), +// BasePolicyDocument: pulumi.String(base.Json), // CreateBasePolicy: pulumi.Bool(true), // }) // if err != nil { @@ -372,7 +372,7 @@ import ( // } // exampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, "example", &networkmanager.CoreNetworkArgs{ // GlobalNetworkId: exampleGlobalNetwork.ID(), -// BasePolicyDocument: *pulumi.String(base.Json), +// BasePolicyDocument: pulumi.String(base.Json), // CreateBasePolicy: pulumi.Bool(true), // }) // if err != nil { diff --git a/sdk/go/aws/networkmanager/coreNetworkPolicyAttachment.go b/sdk/go/aws/networkmanager/coreNetworkPolicyAttachment.go index 1f7ad5322b2..f8c3e09e77c 100644 --- a/sdk/go/aws/networkmanager/coreNetworkPolicyAttachment.go +++ b/sdk/go/aws/networkmanager/coreNetworkPolicyAttachment.go @@ -103,7 +103,7 @@ import ( // } // exampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, "example", &networkmanager.CoreNetworkArgs{ // GlobalNetworkId: exampleGlobalNetwork.ID(), -// BasePolicyDocument: *pulumi.String(base.Json), +// BasePolicyDocument: pulumi.String(base.Json), // CreateBasePolicy: pulumi.Bool(true), // }) // if err != nil { @@ -319,7 +319,7 @@ import ( // } // exampleCoreNetwork, err := networkmanager.NewCoreNetwork(ctx, "example", &networkmanager.CoreNetworkArgs{ // GlobalNetworkId: exampleGlobalNetwork.ID(), -// BasePolicyDocument: *pulumi.String(base.Json), +// BasePolicyDocument: pulumi.String(base.Json), // CreateBasePolicy: pulumi.Bool(true), // }) // if err != nil { diff --git a/sdk/go/aws/opensearch/domain.go b/sdk/go/aws/opensearch/domain.go index ea818c85e2a..fd2ccdb707a 100644 --- a/sdk/go/aws/opensearch/domain.go +++ b/sdk/go/aws/opensearch/domain.go @@ -137,7 +137,7 @@ import ( // } // _, err = opensearch.NewDomain(ctx, "example", &opensearch.DomainArgs{ // DomainName: pulumi.String(domain), -// AccessPolicies: *pulumi.String(example.Json), +// AccessPolicies: pulumi.String(example.Json), // }) // if err != nil { // return err @@ -200,7 +200,7 @@ import ( // } // _, err = cloudwatch.NewLogResourcePolicy(ctx, "example", &cloudwatch.LogResourcePolicyArgs{ // PolicyName: pulumi.String("example"), -// PolicyDocument: *pulumi.String(example.Json), +// PolicyDocument: pulumi.String(example.Json), // }) // if err != nil { // return err @@ -284,14 +284,14 @@ import ( // exampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{ // Name: pulumi.String(fmt.Sprintf("%v-opensearch-%v", vpc, domain)), // Description: pulumi.String("Managed by Pulumi"), -// VpcId: *pulumi.String(example.Id), +// VpcId: pulumi.String(example.Id), // Ingress: ec2.SecurityGroupIngressArray{ // &ec2.SecurityGroupIngressArgs{ // FromPort: pulumi.Int(443), // ToPort: pulumi.Int(443), // Protocol: pulumi.String("tcp"), // CidrBlocks: pulumi.StringArray{ -// *pulumi.String(example.CidrBlock), +// pulumi.String(example.CidrBlock), // }, // }, // }, @@ -338,8 +338,8 @@ import ( // }, // VpcOptions: &opensearch.DomainVpcOptionsArgs{ // SubnetIds: pulumi.StringArray{ -// *pulumi.String(exampleGetSubnets.Ids[0]), -// *pulumi.String(exampleGetSubnets.Ids[1]), +// pulumi.String(exampleGetSubnets.Ids[0]), +// pulumi.String(exampleGetSubnets.Ids[1]), // }, // SecurityGroupIds: pulumi.StringArray{ // exampleSecurityGroup.ID(), @@ -348,7 +348,7 @@ import ( // AdvancedOptions: pulumi.StringMap{ // "rest.action.multi.allow_explicit_index": pulumi.String("true"), // }, -// AccessPolicies: *pulumi.String(exampleGetPolicyDocument.Json), +// AccessPolicies: pulumi.String(exampleGetPolicyDocument.Json), // Tags: pulumi.StringMap{ // "Domain": pulumi.String("TestDomain"), // }, diff --git a/sdk/go/aws/opensearch/inboundConnectionAccepter.go b/sdk/go/aws/opensearch/inboundConnectionAccepter.go index 0ee2be2ba30..fa9bf01112a 100644 --- a/sdk/go/aws/opensearch/inboundConnectionAccepter.go +++ b/sdk/go/aws/opensearch/inboundConnectionAccepter.go @@ -43,13 +43,13 @@ import ( // foo, err := opensearch.NewOutboundConnection(ctx, "foo", &opensearch.OutboundConnectionArgs{ // ConnectionAlias: pulumi.String("outbound_connection"), // LocalDomainInfo: &opensearch.OutboundConnectionLocalDomainInfoArgs{ -// OwnerId: *pulumi.String(current.AccountId), -// Region: *pulumi.String(currentGetRegion.Name), +// OwnerId: pulumi.String(current.AccountId), +// Region: pulumi.String(currentGetRegion.Name), // DomainName: pulumi.Any(localDomain.DomainName), // }, // RemoteDomainInfo: &opensearch.OutboundConnectionRemoteDomainInfoArgs{ -// OwnerId: *pulumi.String(current.AccountId), -// Region: *pulumi.String(currentGetRegion.Name), +// OwnerId: pulumi.String(current.AccountId), +// Region: pulumi.String(currentGetRegion.Name), // DomainName: pulumi.Any(remoteDomain.DomainName), // }, // }) diff --git a/sdk/go/aws/opensearch/outboundConnection.go b/sdk/go/aws/opensearch/outboundConnection.go index a1248844c59..192a5ffcab0 100644 --- a/sdk/go/aws/opensearch/outboundConnection.go +++ b/sdk/go/aws/opensearch/outboundConnection.go @@ -44,13 +44,13 @@ import ( // ConnectionAlias: pulumi.String("outbound_connection"), // ConnectionMode: pulumi.String("DIRECT"), // LocalDomainInfo: &opensearch.OutboundConnectionLocalDomainInfoArgs{ -// OwnerId: *pulumi.String(current.AccountId), -// Region: *pulumi.String(currentGetRegion.Name), +// OwnerId: pulumi.String(current.AccountId), +// Region: pulumi.String(currentGetRegion.Name), // DomainName: pulumi.Any(localDomain.DomainName), // }, // RemoteDomainInfo: &opensearch.OutboundConnectionRemoteDomainInfoArgs{ -// OwnerId: *pulumi.String(current.AccountId), -// Region: *pulumi.String(currentGetRegion.Name), +// OwnerId: pulumi.String(current.AccountId), +// Region: pulumi.String(currentGetRegion.Name), // DomainName: pulumi.Any(remoteDomain.DomainName), // }, // }) diff --git a/sdk/go/aws/organizations/policy.go b/sdk/go/aws/organizations/policy.go index 2dbeb1b08c3..232c49cdb95 100644 --- a/sdk/go/aws/organizations/policy.go +++ b/sdk/go/aws/organizations/policy.go @@ -48,7 +48,7 @@ import ( // } // _, err = organizations.NewPolicy(ctx, "example", &organizations.PolicyArgs{ // Name: pulumi.String("example"), -// Content: *pulumi.String(example.Json), +// Content: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/pinpoint/emailChannel.go b/sdk/go/aws/pinpoint/emailChannel.go index 6148ef57492..27dfab1b87d 100644 --- a/sdk/go/aws/pinpoint/emailChannel.go +++ b/sdk/go/aws/pinpoint/emailChannel.go @@ -57,7 +57,7 @@ import ( // return err // } // role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -96,7 +96,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "role_policy", &iam.RolePolicyArgs{ // Name: pulumi.String("role_policy"), // Role: role.ID(), -// Policy: *pulumi.String(rolePolicy.Json), +// Policy: pulumi.String(rolePolicy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/pinpoint/eventStream.go b/sdk/go/aws/pinpoint/eventStream.go index cf56ccc72c3..c3c5d2e0dd3 100644 --- a/sdk/go/aws/pinpoint/eventStream.go +++ b/sdk/go/aws/pinpoint/eventStream.go @@ -64,7 +64,7 @@ import ( // return err // } // testRole, err := iam.NewRole(ctx, "test_role", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -97,7 +97,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "test_role_policy", &iam.RolePolicyArgs{ // Name: pulumi.String("test_policy"), // Role: testRole.ID(), -// Policy: *pulumi.String(testRolePolicy.Json), +// Policy: pulumi.String(testRolePolicy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ram/resourceShareAccepter.go b/sdk/go/aws/ram/resourceShareAccepter.go index fd95a71e610..712e73e7dd5 100644 --- a/sdk/go/aws/ram/resourceShareAccepter.go +++ b/sdk/go/aws/ram/resourceShareAccepter.go @@ -49,7 +49,7 @@ import ( // return err // } // senderInvite, err := ram.NewPrincipalAssociation(ctx, "sender_invite", &ram.PrincipalAssociationArgs{ -// Principal: *pulumi.String(receiver.AccountId), +// Principal: pulumi.String(receiver.AccountId), // ResourceShareArn: senderShare.Arn, // }) // if err != nil { diff --git a/sdk/go/aws/rds/cluster.go b/sdk/go/aws/rds/cluster.go index 1a511843011..fb3aba6053a 100644 --- a/sdk/go/aws/rds/cluster.go +++ b/sdk/go/aws/rds/cluster.go @@ -48,7 +48,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := rds.NewCluster(ctx, "default", &rds.ClusterArgs{ // ClusterIdentifier: pulumi.String("aurora-cluster-demo"), -// Engine: pulumi.String("aurora-mysql"), +// Engine: pulumi.String(rds.EngineTypeAuroraMysql), // EngineVersion: pulumi.String("5.7.mysql_aurora.2.03.2"), // AvailabilityZones: pulumi.StringArray{ // pulumi.String("us-west-2a"), @@ -126,7 +126,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := rds.NewCluster(ctx, "postgresql", &rds.ClusterArgs{ // ClusterIdentifier: pulumi.String("aurora-cluster-demo"), -// Engine: pulumi.String("aurora-postgresql"), +// Engine: pulumi.String(rds.EngineTypeAuroraPostgresql), // AvailabilityZones: pulumi.StringArray{ // pulumi.String("us-west-2a"), // pulumi.String("us-west-2b"), @@ -216,8 +216,8 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // example, err := rds.NewCluster(ctx, "example", &rds.ClusterArgs{ // ClusterIdentifier: pulumi.String("example"), -// Engine: pulumi.String("aurora-postgresql"), -// EngineMode: pulumi.String("provisioned"), +// Engine: pulumi.String(rds.EngineTypeAuroraPostgresql), +// EngineMode: pulumi.String(rds.EngineModeProvisioned), // EngineVersion: pulumi.String("13.6"), // DatabaseName: pulumi.String("test"), // MasterUsername: pulumi.String("test"), @@ -348,10 +348,10 @@ import ( // return err // } // exampleCluster, err := rds.NewCluster(ctx, "example", &rds.ClusterArgs{ -// Engine: pulumi.String("aurora"), +// Engine: pulumi.String(rds.EngineTypeAurora), // EngineVersion: pulumi.String("5.6.mysql_aurora.1.22.4"), // ClusterIdentifier: pulumi.String("example"), -// SnapshotIdentifier: *pulumi.String(example.Id), +// SnapshotIdentifier: pulumi.String(example.Id), // }) // if err != nil { // return err diff --git a/sdk/go/aws/rds/clusterActivityStream.go b/sdk/go/aws/rds/clusterActivityStream.go index 51314e3b4e9..ecb58efc50e 100644 --- a/sdk/go/aws/rds/clusterActivityStream.go +++ b/sdk/go/aws/rds/clusterActivityStream.go @@ -48,7 +48,7 @@ import ( // DatabaseName: pulumi.String("mydb"), // MasterUsername: pulumi.String("foo"), // MasterPassword: pulumi.String("mustbeeightcharaters"), -// Engine: pulumi.String("aurora-postgresql"), +// Engine: pulumi.String(rds.EngineTypeAuroraPostgresql), // EngineVersion: pulumi.String("13.4"), // }) // if err != nil { @@ -58,7 +58,7 @@ import ( // Identifier: pulumi.String("aurora-instance-demo"), // ClusterIdentifier: _default.ClusterIdentifier, // Engine: _default.Engine, -// InstanceClass: pulumi.String("db.r6g.large"), +// InstanceClass: pulumi.String(rds.InstanceType_R6G_Large), // }) // if err != nil { // return err diff --git a/sdk/go/aws/rds/clusterEndpoint.go b/sdk/go/aws/rds/clusterEndpoint.go index 570dffab6ad..f200338457d 100644 --- a/sdk/go/aws/rds/clusterEndpoint.go +++ b/sdk/go/aws/rds/clusterEndpoint.go @@ -50,7 +50,7 @@ import ( // ApplyImmediately: pulumi.Bool(true), // ClusterIdentifier: _default.ID(), // Identifier: pulumi.String("test1"), -// InstanceClass: pulumi.String("db.t2.small"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Small), // Engine: _default.Engine, // EngineVersion: _default.EngineVersion, // }) @@ -61,7 +61,7 @@ import ( // ApplyImmediately: pulumi.Bool(true), // ClusterIdentifier: _default.ID(), // Identifier: pulumi.String("test2"), -// InstanceClass: pulumi.String("db.t2.small"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Small), // Engine: _default.Engine, // EngineVersion: _default.EngineVersion, // }) @@ -72,7 +72,7 @@ import ( // ApplyImmediately: pulumi.Bool(true), // ClusterIdentifier: _default.ID(), // Identifier: pulumi.String("test3"), -// InstanceClass: pulumi.String("db.t2.small"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Small), // Engine: _default.Engine, // EngineVersion: _default.EngineVersion, // }) diff --git a/sdk/go/aws/rds/clusterInstance.go b/sdk/go/aws/rds/clusterInstance.go index 2a46f093645..af0c73312a0 100644 --- a/sdk/go/aws/rds/clusterInstance.go +++ b/sdk/go/aws/rds/clusterInstance.go @@ -67,7 +67,7 @@ import ( // __res, err := rds.NewClusterInstance(ctx, fmt.Sprintf("cluster_instances-%v", key0), &rds.ClusterInstanceArgs{ // Identifier: pulumi.String(fmt.Sprintf("aurora-cluster-demo-%v", val0)), // ClusterIdentifier: _default.ID(), -// InstanceClass: pulumi.String("db.r4.large"), +// InstanceClass: pulumi.String(rds.InstanceType_R4_Large), // Engine: _default.Engine, // EngineVersion: _default.EngineVersion, // }) diff --git a/sdk/go/aws/rds/eventSubscription.go b/sdk/go/aws/rds/eventSubscription.go index cfba9677338..f11bc05a428 100644 --- a/sdk/go/aws/rds/eventSubscription.go +++ b/sdk/go/aws/rds/eventSubscription.go @@ -34,7 +34,7 @@ import ( // AllocatedStorage: pulumi.Int(10), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.6.17"), -// InstanceClass: pulumi.String("db.t2.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Micro), // DbName: pulumi.String("mydb"), // Username: pulumi.String("foo"), // Password: pulumi.String("bar"), diff --git a/sdk/go/aws/rds/exportTask.go b/sdk/go/aws/rds/exportTask.go index 802bf6e8e27..1f51bc6c69e 100644 --- a/sdk/go/aws/rds/exportTask.go +++ b/sdk/go/aws/rds/exportTask.go @@ -168,7 +168,7 @@ import ( // DbName: pulumi.String("test"), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.7"), -// InstanceClass: pulumi.String("db.t3.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T3_Micro), // Username: pulumi.String("foo"), // Password: pulumi.String("foobarbaz"), // ParameterGroupName: pulumi.String("default.mysql5.7"), diff --git a/sdk/go/aws/rds/getClusterSnapshot.go b/sdk/go/aws/rds/getClusterSnapshot.go index 62ee7ab009a..3959522a8a4 100644 --- a/sdk/go/aws/rds/getClusterSnapshot.go +++ b/sdk/go/aws/rds/getClusterSnapshot.go @@ -42,7 +42,7 @@ import ( // // a new dev database. // aurora, err := rds.NewCluster(ctx, "aurora", &rds.ClusterArgs{ // ClusterIdentifier: pulumi.String("development_cluster"), -// SnapshotIdentifier: *pulumi.String(developmentFinalSnapshot.Id), +// SnapshotIdentifier: pulumi.String(developmentFinalSnapshot.Id), // DbSubnetGroupName: pulumi.String("my_db_subnet_group"), // }) // if err != nil { @@ -50,7 +50,7 @@ import ( // } // _, err = rds.NewClusterInstance(ctx, "aurora", &rds.ClusterInstanceArgs{ // ClusterIdentifier: aurora.ID(), -// InstanceClass: pulumi.String("db.t2.small"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Small), // DbSubnetGroupName: pulumi.String("my_db_subnet_group"), // }) // if err != nil { diff --git a/sdk/go/aws/rds/getSnapshot.go b/sdk/go/aws/rds/getSnapshot.go index 8f0f213cf51..ff739912ca3 100644 --- a/sdk/go/aws/rds/getSnapshot.go +++ b/sdk/go/aws/rds/getSnapshot.go @@ -35,7 +35,7 @@ import ( // AllocatedStorage: pulumi.Int(10), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.6.17"), -// InstanceClass: pulumi.String("db.t2.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Micro), // DbName: pulumi.String("mydb"), // Username: pulumi.String("foo"), // Password: pulumi.String("bar"), @@ -51,7 +51,7 @@ import ( // }, nil) // // Use the latest production snapshot to create a dev instance. // _, err = rds.NewInstance(ctx, "dev", &rds.InstanceArgs{ -// InstanceClass: pulumi.String("db.t2.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Micro), // DbName: pulumi.String("mydbdev"), // SnapshotIdentifier: latestProdSnapshot.ApplyT(func(latestProdSnapshot rds.GetSnapshotResult) (*string, error) { // return &latestProdSnapshot.Id, nil diff --git a/sdk/go/aws/rds/globalCluster.go b/sdk/go/aws/rds/globalCluster.go index 0280c5d902b..4281504b318 100644 --- a/sdk/go/aws/rds/globalCluster.go +++ b/sdk/go/aws/rds/globalCluster.go @@ -60,7 +60,7 @@ import ( // EngineVersion: example.EngineVersion, // Identifier: pulumi.String("test-primary-cluster-instance"), // ClusterIdentifier: primary.ID(), -// InstanceClass: pulumi.String("db.r4.large"), +// InstanceClass: pulumi.String(rds.InstanceType_R4_Large), // DbSubnetGroupName: pulumi.String("default"), // }) // if err != nil { @@ -81,7 +81,7 @@ import ( // EngineVersion: example.EngineVersion, // Identifier: pulumi.String("test-secondary-cluster-instance"), // ClusterIdentifier: secondary.ID(), -// InstanceClass: pulumi.String("db.r4.large"), +// InstanceClass: pulumi.String(rds.InstanceType_R4_Large), // DbSubnetGroupName: pulumi.String("default"), // }) // if err != nil { @@ -136,7 +136,7 @@ import ( // EngineVersion: example.EngineVersion, // Identifier: pulumi.String("test-primary-cluster-instance"), // ClusterIdentifier: primary.ID(), -// InstanceClass: pulumi.String("db.r4.large"), +// InstanceClass: pulumi.String(rds.InstanceType_R4_Large), // DbSubnetGroupName: pulumi.String("default"), // }) // if err != nil { @@ -158,7 +158,7 @@ import ( // EngineVersion: example.EngineVersion, // Identifier: pulumi.String("test-secondary-cluster-instance"), // ClusterIdentifier: secondary.ID(), -// InstanceClass: pulumi.String("db.r4.large"), +// InstanceClass: pulumi.String(rds.InstanceType_R4_Large), // DbSubnetGroupName: pulumi.String("default"), // }) // if err != nil { @@ -251,7 +251,7 @@ import ( // Engine: primary.Engine, // EngineVersion: primary.EngineVersion, // Identifier: pulumi.String("donetsklviv"), -// InstanceClass: pulumi.String("db.r4.large"), +// InstanceClass: pulumi.String(rds.InstanceType_R4_Large), // }) // if err != nil { // return err diff --git a/sdk/go/aws/rds/instance.go b/sdk/go/aws/rds/instance.go index 815b32ff3f3..3c553515b2f 100644 --- a/sdk/go/aws/rds/instance.go +++ b/sdk/go/aws/rds/instance.go @@ -71,7 +71,7 @@ import ( // DbName: pulumi.String("mydb"), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.7"), -// InstanceClass: pulumi.String("db.t3.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T3_Micro), // Username: pulumi.String("foo"), // Password: pulumi.String("foobarbaz"), // ParameterGroupName: pulumi.String("default.mysql5.7"), @@ -131,12 +131,12 @@ import ( // CustomIamInstanceProfile: pulumi.String("AWSRDSCustomInstanceProfile"), // BackupRetentionPeriod: pulumi.Int(7), // DbSubnetGroupName: pulumi.Any(dbSubnetGroupName), -// Engine: *pulumi.String(custom_oracle.Engine), -// EngineVersion: *pulumi.String(custom_oracle.EngineVersion), +// Engine: pulumi.String(custom_oracle.Engine), +// EngineVersion: pulumi.String(custom_oracle.EngineVersion), // Identifier: pulumi.String("ee-instance-demo"), // InstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput), -// KmsKeyId: *pulumi.String(byId.Arn), -// LicenseModel: *pulumi.String(custom_oracle.LicenseModel), +// KmsKeyId: pulumi.String(byId.Arn), +// LicenseModel: pulumi.String(custom_oracle.LicenseModel), // MultiAz: pulumi.Bool(false), // Password: pulumi.String("avoid-plaintext-passwords"), // Username: pulumi.String("test"), @@ -153,7 +153,7 @@ import ( // BackupRetentionPeriod: pulumi.Int(7), // Identifier: pulumi.String("ee-instance-replica"), // InstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput), -// KmsKeyId: *pulumi.String(byId.Arn), +// KmsKeyId: pulumi.String(byId.Arn), // MultiAz: pulumi.Bool(false), // SkipFinalSnapshot: pulumi.Bool(true), // StorageEncrypted: pulumi.Bool(true), @@ -211,11 +211,11 @@ import ( // CustomIamInstanceProfile: pulumi.String("AWSRDSCustomSQLServerInstanceProfile"), // BackupRetentionPeriod: pulumi.Int(7), // DbSubnetGroupName: pulumi.Any(dbSubnetGroupName), -// Engine: *pulumi.String(custom_sqlserver.Engine), -// EngineVersion: *pulumi.String(custom_sqlserver.EngineVersion), +// Engine: pulumi.String(custom_sqlserver.Engine), +// EngineVersion: pulumi.String(custom_sqlserver.EngineVersion), // Identifier: pulumi.String("sql-instance-demo"), // InstanceClass: custom_sqlserver.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput), -// KmsKeyId: *pulumi.String(byId.Arn), +// KmsKeyId: pulumi.String(byId.Arn), // MultiAz: pulumi.Bool(false), // Password: pulumi.String("avoid-plaintext-passwords"), // StorageEncrypted: pulumi.Bool(true), @@ -271,7 +271,7 @@ import ( // // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information. // exampleParameterGroup, err := rds.NewParameterGroup(ctx, "example", &rds.ParameterGroupArgs{ // Name: pulumi.String("db-db2-params"), -// Family: *pulumi.String(_default.ParameterGroupFamily), +// Family: pulumi.String(_default.ParameterGroupFamily), // Parameters: rds.ParameterGroupParameterArray{ // &rds.ParameterGroupParameterArgs{ // ApplyMethod: pulumi.String("immediate"), @@ -293,8 +293,8 @@ import ( // AllocatedStorage: pulumi.Int(100), // BackupRetentionPeriod: pulumi.Int(7), // DbName: pulumi.String("test"), -// Engine: *pulumi.String(example.Engine), -// EngineVersion: *pulumi.String(example.EngineVersion), +// Engine: pulumi.String(example.Engine), +// EngineVersion: pulumi.String(example.EngineVersion), // Identifier: pulumi.String("db2-instance-demo"), // InstanceClass: example.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput), // ParameterGroupName: exampleParameterGroup.Name, @@ -366,7 +366,7 @@ import ( // DbName: pulumi.String("mydb"), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.7"), -// InstanceClass: pulumi.String("db.t3.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T3_Micro), // ManageMasterUserPassword: pulumi.Bool(true), // Username: pulumi.String("foo"), // ParameterGroupName: pulumi.String("default.mysql5.7"), @@ -412,7 +412,7 @@ import ( // DbName: pulumi.String("mydb"), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.7"), -// InstanceClass: pulumi.String("db.t3.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T3_Micro), // ManageMasterUserPassword: pulumi.Bool(true), // MasterUserSecretKmsKeyId: example.KeyId, // Username: pulumi.String("foo"), diff --git a/sdk/go/aws/rds/instanceAutomatedBackupsReplication.go b/sdk/go/aws/rds/instanceAutomatedBackupsReplication.go index 00170b9b5cb..102dd82fb23 100644 --- a/sdk/go/aws/rds/instanceAutomatedBackupsReplication.go +++ b/sdk/go/aws/rds/instanceAutomatedBackupsReplication.go @@ -97,7 +97,7 @@ import ( // Identifier: pulumi.String("mydb"), // Engine: pulumi.String("postgres"), // EngineVersion: pulumi.String("13.4"), -// InstanceClass: pulumi.String("db.t3.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T3_Micro), // DbName: pulumi.String("mydb"), // Username: pulumi.String("masterusername"), // Password: pulumi.String("mustbeeightcharacters"), diff --git a/sdk/go/aws/rds/reservedInstance.go b/sdk/go/aws/rds/reservedInstance.go index 3503a91e77c..4550d555130 100644 --- a/sdk/go/aws/rds/reservedInstance.go +++ b/sdk/go/aws/rds/reservedInstance.go @@ -44,7 +44,7 @@ import ( // return err // } // _, err = rds.NewReservedInstance(ctx, "example", &rds.ReservedInstanceArgs{ -// OfferingId: *pulumi.String(test.OfferingId), +// OfferingId: pulumi.String(test.OfferingId), // ReservationId: pulumi.String("optionalCustomReservationID"), // InstanceCount: pulumi.Int(3), // }) diff --git a/sdk/go/aws/rds/snapshot.go b/sdk/go/aws/rds/snapshot.go index 900ac742857..2090f6fcca3 100644 --- a/sdk/go/aws/rds/snapshot.go +++ b/sdk/go/aws/rds/snapshot.go @@ -33,7 +33,7 @@ import ( // AllocatedStorage: pulumi.Int(10), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.6.21"), -// InstanceClass: pulumi.String("db.t2.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Micro), // DbName: pulumi.String("baz"), // Password: pulumi.String("barbarbarbar"), // Username: pulumi.String("foo"), diff --git a/sdk/go/aws/rds/snapshotCopy.go b/sdk/go/aws/rds/snapshotCopy.go index 2d38c59d587..2640037a254 100644 --- a/sdk/go/aws/rds/snapshotCopy.go +++ b/sdk/go/aws/rds/snapshotCopy.go @@ -33,7 +33,7 @@ import ( // AllocatedStorage: pulumi.Int(10), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.6.21"), -// InstanceClass: pulumi.String("db.t2.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Micro), // DbName: pulumi.String("baz"), // Password: pulumi.String("barbarbarbar"), // Username: pulumi.String("foo"), diff --git a/sdk/go/aws/redshift/scheduledAction.go b/sdk/go/aws/redshift/scheduledAction.go index dbb6a64ce65..675a14057bd 100644 --- a/sdk/go/aws/redshift/scheduledAction.go +++ b/sdk/go/aws/redshift/scheduledAction.go @@ -53,7 +53,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("redshift_scheduled_action"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -78,7 +78,7 @@ import ( // } // examplePolicy, err := iam.NewPolicy(ctx, "example", &iam.PolicyArgs{ // Name: pulumi.String("redshift_scheduled_action"), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/route53/getTrafficPolicyDocument.go b/sdk/go/aws/route53/getTrafficPolicyDocument.go index 2d1587821f0..33b6cba68dd 100644 --- a/sdk/go/aws/route53/getTrafficPolicyDocument.go +++ b/sdk/go/aws/route53/getTrafficPolicyDocument.go @@ -72,7 +72,7 @@ import ( // _, err = route53.NewTrafficPolicy(ctx, "example", &route53.TrafficPolicyArgs{ // Name: pulumi.String("example"), // Comment: pulumi.String("example comment"), -// Document: *pulumi.String(example.Json), +// Document: pulumi.String(example.Json), // }) // if err != nil { // return err @@ -169,7 +169,7 @@ import ( // _, err = route53.NewTrafficPolicy(ctx, "example", &route53.TrafficPolicyArgs{ // Name: pulumi.String("example"), // Comment: pulumi.String("example comment"), -// Document: *pulumi.String(example.Json), +// Document: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/route53/getZone.go b/sdk/go/aws/route53/getZone.go index a1306b081dd..a5506abd32b 100644 --- a/sdk/go/aws/route53/getZone.go +++ b/sdk/go/aws/route53/getZone.go @@ -42,9 +42,9 @@ import ( // return err // } // _, err = route53.NewRecord(ctx, "www", &route53.RecordArgs{ -// ZoneId: *pulumi.String(selected.ZoneId), +// ZoneId: pulumi.String(selected.ZoneId), // Name: pulumi.String(fmt.Sprintf("www.%v", selected.Name)), -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // Ttl: pulumi.Int(300), // Records: pulumi.StringArray{ // pulumi.String("10.0.0.1"), diff --git a/sdk/go/aws/route53/queryLog.go b/sdk/go/aws/route53/queryLog.go index 454419751f8..c1bbe970303 100644 --- a/sdk/go/aws/route53/queryLog.go +++ b/sdk/go/aws/route53/queryLog.go @@ -82,7 +82,7 @@ import ( // return err // } // _, err = cloudwatch.NewLogResourcePolicy(ctx, "route53-query-logging-policy", &cloudwatch.LogResourcePolicyArgs{ -// PolicyDocument: *pulumi.String(route53_query_logging_policy.Json), +// PolicyDocument: pulumi.String(route53_query_logging_policy.Json), // PolicyName: pulumi.String("route53-query-logging-policy"), // }) // if err != nil { diff --git a/sdk/go/aws/route53/record.go b/sdk/go/aws/route53/record.go index ac6ba8458f8..48d796ccb7c 100644 --- a/sdk/go/aws/route53/record.go +++ b/sdk/go/aws/route53/record.go @@ -34,7 +34,7 @@ import ( // _, err := route53.NewRecord(ctx, "www", &route53.RecordArgs{ // ZoneId: pulumi.Any(primary.ZoneId), // Name: pulumi.String("www.example.com"), -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // Ttl: pulumi.Int(300), // Records: pulumi.StringArray{ // lb.PublicIp, @@ -70,7 +70,7 @@ import ( // _, err := route53.NewRecord(ctx, "www-dev", &route53.RecordArgs{ // ZoneId: pulumi.Any(primary.ZoneId), // Name: pulumi.String("www"), -// Type: pulumi.String("CNAME"), +// Type: pulumi.String(route53.RecordTypeCNAME), // Ttl: pulumi.Int(5), // WeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{ // &route53.RecordWeightedRoutingPolicyArgs{ @@ -88,7 +88,7 @@ import ( // _, err = route53.NewRecord(ctx, "www-live", &route53.RecordArgs{ // ZoneId: pulumi.Any(primary.ZoneId), // Name: pulumi.String("www"), -// Type: pulumi.String("CNAME"), +// Type: pulumi.String(route53.RecordTypeCNAME), // Ttl: pulumi.Int(5), // WeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{ // &route53.RecordWeightedRoutingPolicyArgs{ @@ -128,7 +128,7 @@ import ( // _, err := route53.NewRecord(ctx, "www", &route53.RecordArgs{ // ZoneId: pulumi.Any(primary.ZoneId), // Name: pulumi.String("www.example.com"), -// Type: pulumi.String("CNAME"), +// Type: pulumi.String(route53.RecordTypeCNAME), // Ttl: pulumi.Int(300), // GeoproximityRoutingPolicy: &route53.RecordGeoproximityRoutingPolicyArgs{ // Coordinates: route53.RecordGeoproximityRoutingPolicyCoordinateArray{ @@ -195,7 +195,7 @@ import ( // _, err = route53.NewRecord(ctx, "www", &route53.RecordArgs{ // ZoneId: pulumi.Any(primary.ZoneId), // Name: pulumi.String("example.com"), -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ // Name: main.DnsName, @@ -241,7 +241,7 @@ import ( // AllowOverwrite: pulumi.Bool(true), // Name: pulumi.String("test.example.com"), // Ttl: pulumi.Int(172800), -// Type: pulumi.String("NS"), +// Type: pulumi.String(route53.RecordTypeNS), // ZoneId: example.ZoneId, // Records: pulumi.StringArray{ // example.NameServers.ApplyT(func(nameServers []string) (string, error) { diff --git a/sdk/go/aws/route53/zone.go b/sdk/go/aws/route53/zone.go index 9b03e1bb14f..61baa87667e 100644 --- a/sdk/go/aws/route53/zone.go +++ b/sdk/go/aws/route53/zone.go @@ -80,7 +80,7 @@ import ( // _, err = route53.NewRecord(ctx, "dev-ns", &route53.RecordArgs{ // ZoneId: main.ZoneId, // Name: pulumi.String("dev.example.com"), -// Type: pulumi.String("NS"), +// Type: pulumi.String(route53.RecordTypeNS), // Ttl: pulumi.Int(30), // Records: dev.NameServers, // }) diff --git a/sdk/go/aws/s3/bucket.go b/sdk/go/aws/s3/bucket.go index 5e71941aa66..c77db19e2b6 100644 --- a/sdk/go/aws/s3/bucket.go +++ b/sdk/go/aws/s3/bucket.go @@ -36,7 +36,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := s3.NewBucket(ctx, "b", &s3.BucketArgs{ // Bucket: pulumi.String("my-tf-test-bucket"), -// Acl: pulumi.String("private"), +// Acl: pulumi.String(s3.CannedAclPrivate), // Tags: pulumi.StringMap{ // "Name": pulumi.String("My bucket"), // "Environment": pulumi.String("Dev"), @@ -77,7 +77,7 @@ import ( // } // _, err = s3.NewBucket(ctx, "b", &s3.BucketArgs{ // Bucket: pulumi.String("s3-website-test.mydomain.com"), -// Acl: pulumi.String("public-read"), +// Acl: pulumi.String(s3.CannedAclPublicRead), // Policy: invokeFile.Result, // Website: &s3.BucketWebsiteArgs{ // IndexDocument: pulumi.String("index.html"), @@ -122,7 +122,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := s3.NewBucket(ctx, "b", &s3.BucketArgs{ // Bucket: pulumi.String("s3-website-test.mydomain.com"), -// Acl: pulumi.String("public-read"), +// Acl: pulumi.String(s3.CannedAclPublicRead), // CorsRules: s3.BucketCorsRuleArray{ // &s3.BucketCorsRuleArgs{ // AllowedHeaders: pulumi.StringArray{ @@ -169,7 +169,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := s3.NewBucket(ctx, "b", &s3.BucketArgs{ // Bucket: pulumi.String("my-tf-test-bucket"), -// Acl: pulumi.String("private"), +// Acl: pulumi.String(s3.CannedAclPrivate), // Versioning: &s3.BucketVersioningArgs{ // Enabled: pulumi.Bool(true), // }, @@ -201,14 +201,14 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // logBucket, err := s3.NewBucket(ctx, "log_bucket", &s3.BucketArgs{ // Bucket: pulumi.String("my-tf-log-bucket"), -// Acl: pulumi.String("log-delivery-write"), +// Acl: pulumi.String(s3.CannedAclLogDeliveryWrite), // }) // if err != nil { // return err // } // _, err = s3.NewBucket(ctx, "b", &s3.BucketArgs{ // Bucket: pulumi.String("my-tf-test-bucket"), -// Acl: pulumi.String("private"), +// Acl: pulumi.String(s3.CannedAclPrivate), // Loggings: s3.BucketLoggingArray{ // &s3.BucketLoggingArgs{ // TargetBucket: logBucket.ID(), @@ -243,7 +243,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{ // Bucket: pulumi.String("my-bucket"), -// Acl: pulumi.String("private"), +// Acl: pulumi.String(s3.CannedAclPrivate), // LifecycleRules: s3.BucketLifecycleRuleArray{ // &s3.BucketLifecycleRuleArgs{ // Id: pulumi.String("log"), @@ -282,7 +282,7 @@ import ( // } // _, err = s3.NewBucket(ctx, "versioning_bucket", &s3.BucketArgs{ // Bucket: pulumi.String("my-versioning-bucket"), -// Acl: pulumi.String("private"), +// Acl: pulumi.String(s3.CannedAclPrivate), // Versioning: &s3.BucketVersioningArgs{ // Enabled: pulumi.Bool(true), // }, @@ -369,7 +369,7 @@ import ( // } // source, err := s3.NewBucket(ctx, "source", &s3.BucketArgs{ // Bucket: pulumi.String("tf-test-bucket-source-12345"), -// Acl: pulumi.String("private"), +// Acl: pulumi.String(s3.CannedAclPrivate), // Versioning: &s3.BucketVersioningArgs{ // Enabled: pulumi.Bool(true), // }, @@ -531,7 +531,7 @@ import ( // Bucket: pulumi.String("mybucket"), // Grants: s3.BucketGrantArray{ // &s3.BucketGrantArgs{ -// Id: *pulumi.String(currentUser.Id), +// Id: pulumi.String(currentUser.Id), // Type: pulumi.String("CanonicalUser"), // Permissions: pulumi.StringArray{ // pulumi.String("FULL_CONTROL"), diff --git a/sdk/go/aws/s3/bucketAclV2.go b/sdk/go/aws/s3/bucketAclV2.go index 85b9a9a13cd..e4a8294d946 100644 --- a/sdk/go/aws/s3/bucketAclV2.go +++ b/sdk/go/aws/s3/bucketAclV2.go @@ -161,7 +161,7 @@ import ( // Grants: s3.BucketAclV2AccessControlPolicyGrantArray{ // &s3.BucketAclV2AccessControlPolicyGrantArgs{ // Grantee: &s3.BucketAclV2AccessControlPolicyGrantGranteeArgs{ -// Id: *pulumi.String(current.Id), +// Id: pulumi.String(current.Id), // Type: pulumi.String("CanonicalUser"), // }, // Permission: pulumi.String("READ"), @@ -175,7 +175,7 @@ import ( // }, // }, // Owner: &s3.BucketAclV2AccessControlPolicyOwnerArgs{ -// Id: *pulumi.String(current.Id), +// Id: pulumi.String(current.Id), // }, // }, // }) diff --git a/sdk/go/aws/s3/bucketNotification.go b/sdk/go/aws/s3/bucketNotification.go index 7c49665f68c..274e2c46492 100644 --- a/sdk/go/aws/s3/bucketNotification.go +++ b/sdk/go/aws/s3/bucketNotification.go @@ -228,7 +228,7 @@ import ( // } // iamForLambda, err := iam.NewRole(ctx, "iam_for_lambda", &iam.RoleArgs{ // Name: pulumi.String("iam_for_lambda"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -238,7 +238,7 @@ import ( // Name: pulumi.String("example_lambda_name"), // Role: iamForLambda.Arn, // Handler: pulumi.String("exports.example"), -// Runtime: pulumi.String("go1.x"), +// Runtime: pulumi.String(lambda.RuntimeGo1dx), // }) // if err != nil { // return err @@ -322,7 +322,7 @@ import ( // } // iamForLambda, err := iam.NewRole(ctx, "iam_for_lambda", &iam.RoleArgs{ // Name: pulumi.String("iam_for_lambda"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -332,7 +332,7 @@ import ( // Name: pulumi.String("example_lambda_name1"), // Role: iamForLambda.Arn, // Handler: pulumi.String("exports.example"), -// Runtime: pulumi.String("go1.x"), +// Runtime: pulumi.String(lambda.RuntimeGo1dx), // }) // if err != nil { // return err diff --git a/sdk/go/aws/s3/bucketReplicationConfig.go b/sdk/go/aws/s3/bucketReplicationConfig.go index bd568998d76..e4f51ba64c8 100644 --- a/sdk/go/aws/s3/bucketReplicationConfig.go +++ b/sdk/go/aws/s3/bucketReplicationConfig.go @@ -61,7 +61,7 @@ import ( // } // replicationRole, err := iam.NewRole(ctx, "replication", &iam.RoleArgs{ // Name: pulumi.String("tf-iam-role-replication-12345"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/s3/getBucket.go b/sdk/go/aws/s3/getBucket.go index 6e11e15c9ae..2fe9b6522d9 100644 --- a/sdk/go/aws/s3/getBucket.go +++ b/sdk/go/aws/s3/getBucket.go @@ -47,13 +47,13 @@ import ( // return err // } // _, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{ -// ZoneId: *pulumi.String(testZone.Id), +// ZoneId: pulumi.String(testZone.Id), // Name: pulumi.String("bucket"), -// Type: pulumi.String("A"), +// Type: pulumi.String(route53.RecordTypeA), // Aliases: route53.RecordAliasArray{ // &route53.RecordAliasArgs{ -// Name: *pulumi.String(selected.WebsiteDomain), -// ZoneId: *pulumi.String(selected.HostedZoneId), +// Name: pulumi.String(selected.WebsiteDomain), +// ZoneId: pulumi.String(selected.HostedZoneId), // }, // }, // }) @@ -92,7 +92,7 @@ import ( // _, err = cloudfront.NewDistribution(ctx, "test", &cloudfront.DistributionArgs{ // Origins: cloudfront.DistributionOriginArray{ // &cloudfront.DistributionOriginArgs{ -// DomainName: *pulumi.String(selected.BucketDomainName), +// DomainName: pulumi.String(selected.BucketDomainName), // OriginId: pulumi.String("s3-selected-bucket"), // }, // }, diff --git a/sdk/go/aws/s3/getBucketObject.go b/sdk/go/aws/s3/getBucketObject.go index 7de33dd9593..faa833c5c93 100644 --- a/sdk/go/aws/s3/getBucketObject.go +++ b/sdk/go/aws/s3/getBucketObject.go @@ -45,9 +45,9 @@ import ( // return err // } // _, err = ec2.NewInstance(ctx, "example", &ec2.InstanceArgs{ -// InstanceType: pulumi.String("t2.micro"), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // Ami: pulumi.String("ami-2757f631"), -// UserData: *pulumi.String(bootstrapScript.Body), +// UserData: pulumi.String(bootstrapScript.Body), // }) // if err != nil { // return err @@ -88,9 +88,9 @@ import ( // return err // } // _, err = lambda.NewFunction(ctx, "test_lambda", &lambda.FunctionArgs{ -// S3Bucket: *pulumi.String(lambda.Id), -// S3Key: *pulumi.String(lambda.Key), -// S3ObjectVersion: *pulumi.String(lambda.VersionId), +// S3Bucket: pulumi.String(lambda.Id), +// S3Key: pulumi.String(lambda.Key), +// S3ObjectVersion: pulumi.String(lambda.VersionId), // Name: pulumi.String("lambda_function_name"), // Role: pulumi.Any(iamForLambda.Arn), // Handler: pulumi.String("exports.test"), diff --git a/sdk/go/aws/s3/getObject.go b/sdk/go/aws/s3/getObject.go index aeb54937457..be2fd45ff28 100644 --- a/sdk/go/aws/s3/getObject.go +++ b/sdk/go/aws/s3/getObject.go @@ -43,9 +43,9 @@ import ( // return err // } // _, err = ec2.NewInstance(ctx, "example", &ec2.InstanceArgs{ -// InstanceType: pulumi.String("t2.micro"), +// InstanceType: pulumi.String(ec2.InstanceType_T2_Micro), // Ami: pulumi.String("ami-2757f631"), -// UserData: *pulumi.String(bootstrapScript.Body), +// UserData: pulumi.String(bootstrapScript.Body), // }) // if err != nil { // return err @@ -86,9 +86,9 @@ import ( // return err // } // _, err = lambda.NewFunction(ctx, "test_lambda", &lambda.FunctionArgs{ -// S3Bucket: *pulumi.String(lambda.Bucket), -// S3Key: *pulumi.String(lambda.Key), -// S3ObjectVersion: *pulumi.String(lambda.VersionId), +// S3Bucket: pulumi.String(lambda.Bucket), +// S3Key: pulumi.String(lambda.Key), +// S3ObjectVersion: pulumi.String(lambda.VersionId), // Name: pulumi.String("lambda_function_name"), // Role: pulumi.Any(iamForLambda.Arn), // Handler: pulumi.String("exports.test"), diff --git a/sdk/go/aws/s3control/storageLensConfiguration.go b/sdk/go/aws/s3control/storageLensConfiguration.go index 0173aef3566..254bcd9254e 100644 --- a/sdk/go/aws/s3control/storageLensConfiguration.go +++ b/sdk/go/aws/s3control/storageLensConfiguration.go @@ -53,7 +53,7 @@ import ( // Enabled: pulumi.Bool(true), // }, // S3BucketDestination: &s3control.StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationArgs{ -// AccountId: *pulumi.String(current.AccountId), +// AccountId: pulumi.String(current.AccountId), // Arn: pulumi.Any(target.Arn), // Format: pulumi.String("CSV"), // OutputSchemaVersion: pulumi.String("V_1"), diff --git a/sdk/go/aws/sagemaker/domain.go b/sdk/go/aws/sagemaker/domain.go index 6aeafe4fad4..1efdc0b7b52 100644 --- a/sdk/go/aws/sagemaker/domain.go +++ b/sdk/go/aws/sagemaker/domain.go @@ -55,7 +55,7 @@ import ( // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example"), // Path: pulumi.String("/"), -// AssumeRolePolicy: *pulumi.String(example.Json), +// AssumeRolePolicy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/sagemaker/model.go b/sdk/go/aws/sagemaker/model.go index 3d012c572b8..e48b866f98a 100644 --- a/sdk/go/aws/sagemaker/model.go +++ b/sdk/go/aws/sagemaker/model.go @@ -53,7 +53,7 @@ import ( // return err // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -68,7 +68,7 @@ import ( // Name: pulumi.String("my-model"), // ExecutionRoleArn: exampleRole.Arn, // PrimaryContainer: &sagemaker.ModelPrimaryContainerArgs{ -// Image: *pulumi.String(test.RegistryPath), +// Image: pulumi.String(test.RegistryPath), // }, // }) // if err != nil { diff --git a/sdk/go/aws/schemas/registryPolicy.go b/sdk/go/aws/schemas/registryPolicy.go index bec967fddea..2ae323cf1d4 100644 --- a/sdk/go/aws/schemas/registryPolicy.go +++ b/sdk/go/aws/schemas/registryPolicy.go @@ -60,7 +60,7 @@ import ( // } // _, err = schemas.NewRegistryPolicy(ctx, "example", &schemas.RegistryPolicyArgs{ // RegistryName: pulumi.String("example"), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/secretsmanager/secretPolicy.go b/sdk/go/aws/secretsmanager/secretPolicy.go index 2798b138521..2fb6c88ac1b 100644 --- a/sdk/go/aws/secretsmanager/secretPolicy.go +++ b/sdk/go/aws/secretsmanager/secretPolicy.go @@ -65,7 +65,7 @@ import ( // } // _, err = secretsmanager.NewSecretPolicy(ctx, "example", &secretsmanager.SecretPolicyArgs{ // SecretArn: exampleSecret.Arn, -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/serverlessrepository/getApplication.go b/sdk/go/aws/serverlessrepository/getApplication.go index c5d87b6d46c..f023acb4c0f 100644 --- a/sdk/go/aws/serverlessrepository/getApplication.go +++ b/sdk/go/aws/serverlessrepository/getApplication.go @@ -36,8 +36,8 @@ import ( // } // _, err = serverlessrepository.NewCloudFormationStack(ctx, "example", &serverlessrepository.CloudFormationStackArgs{ // Name: pulumi.String("Example"), -// ApplicationId: *pulumi.String(example.ApplicationId), -// SemanticVersion: *pulumi.String(example.SemanticVersion), +// ApplicationId: pulumi.String(example.ApplicationId), +// SemanticVersion: pulumi.String(example.SemanticVersion), // Capabilities: interface{}(example.RequiredCapabilities), // }) // if err != nil { diff --git a/sdk/go/aws/ses/domainDkim.go b/sdk/go/aws/ses/domainDkim.go index f8208a417ce..5cbfbe088b5 100644 --- a/sdk/go/aws/ses/domainDkim.go +++ b/sdk/go/aws/ses/domainDkim.go @@ -55,7 +55,7 @@ import ( // Name: exampleDomainDkim.DkimTokens.ApplyT(func(dkimTokens []string) (string, error) { // return fmt.Sprintf("%v._domainkey", dkimTokens[val0]), nil // }).(pulumi.StringOutput), -// Type: pulumi.String("CNAME"), +// Type: pulumi.String(route53.RecordTypeCNAME), // Ttl: pulumi.Int(600), // Records: pulumi.StringArray{ // exampleDomainDkim.DkimTokens.ApplyT(func(dkimTokens []string) (string, error) { diff --git a/sdk/go/aws/ses/domainIdentity.go b/sdk/go/aws/ses/domainIdentity.go index bb9a2316f91..5fdce5c545d 100644 --- a/sdk/go/aws/ses/domainIdentity.go +++ b/sdk/go/aws/ses/domainIdentity.go @@ -69,7 +69,7 @@ import ( // _, err = route53.NewRecord(ctx, "example_amazonses_verification_record", &route53.RecordArgs{ // ZoneId: pulumi.String("ABCDEFGHIJ123"), // Name: pulumi.String("_amazonses.example.com"), -// Type: pulumi.String("TXT"), +// Type: pulumi.String(route53.RecordTypeTXT), // Ttl: pulumi.Int(600), // Records: pulumi.StringArray{ // example.VerificationToken, diff --git a/sdk/go/aws/ses/domainIdentityVerification.go b/sdk/go/aws/ses/domainIdentityVerification.go index 9306c10aafb..bd7a3b25b04 100644 --- a/sdk/go/aws/ses/domainIdentityVerification.go +++ b/sdk/go/aws/ses/domainIdentityVerification.go @@ -49,7 +49,7 @@ import ( // Name: example.ID().ApplyT(func(id string) (string, error) { // return fmt.Sprintf("_amazonses.%v", id), nil // }).(pulumi.StringOutput), -// Type: pulumi.String("TXT"), +// Type: pulumi.String(route53.RecordTypeTXT), // Ttl: pulumi.Int(600), // Records: pulumi.StringArray{ // example.VerificationToken, diff --git a/sdk/go/aws/ses/mailFrom.go b/sdk/go/aws/ses/mailFrom.go index 3c32bbf1181..d2fa1720a01 100644 --- a/sdk/go/aws/ses/mailFrom.go +++ b/sdk/go/aws/ses/mailFrom.go @@ -56,7 +56,7 @@ import ( // _, err = route53.NewRecord(ctx, "example_ses_domain_mail_from_mx", &route53.RecordArgs{ // ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id), // Name: example.MailFromDomain, -// Type: pulumi.String("MX"), +// Type: pulumi.String(route53.RecordTypeMX), // Ttl: pulumi.Int(600), // Records: pulumi.StringArray{ // pulumi.String("10 feedback-smtp.us-east-1.amazonses.com"), @@ -69,7 +69,7 @@ import ( // _, err = route53.NewRecord(ctx, "example_ses_domain_mail_from_txt", &route53.RecordArgs{ // ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id), // Name: example.MailFromDomain, -// Type: pulumi.String("TXT"), +// Type: pulumi.String(route53.RecordTypeTXT), // Ttl: pulumi.Int(600), // Records: pulumi.StringArray{ // pulumi.String("v=spf1 include:amazonses.com -all"), diff --git a/sdk/go/aws/sns/topicSubscription.go b/sdk/go/aws/sns/topicSubscription.go index b3cda47ff86..fd3f79442e1 100644 --- a/sdk/go/aws/sns/topicSubscription.go +++ b/sdk/go/aws/sns/topicSubscription.go @@ -246,14 +246,14 @@ import ( // _, err = sns.NewTopic(ctx, "sns-topic", &sns.TopicArgs{ // Name: pulumi.Any(sns.Name), // DisplayName: pulumi.Any(sns.Display_name), -// Policy: *pulumi.String(sns_topic_policy.Json), +// Policy: pulumi.String(sns_topic_policy.Json), // }) // if err != nil { // return err // } // _, err = sqs.NewQueue(ctx, "sqs-queue", &sqs.QueueArgs{ // Name: pulumi.Any(sqs.Name), -// Policy: *pulumi.String(sqs_queue_policy.Json), +// Policy: pulumi.String(sqs_queue_policy.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ssm/activation.go b/sdk/go/aws/ssm/activation.go index 2b951ac6c46..c2048101662 100644 --- a/sdk/go/aws/ssm/activation.go +++ b/sdk/go/aws/ssm/activation.go @@ -53,7 +53,7 @@ import ( // } // testRole, err := iam.NewRole(ctx, "test_role", &iam.RoleArgs{ // Name: pulumi.String("test_role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/ssm/parameter.go b/sdk/go/aws/ssm/parameter.go index ffd6ebdbb66..ea68f098243 100644 --- a/sdk/go/aws/ssm/parameter.go +++ b/sdk/go/aws/ssm/parameter.go @@ -35,7 +35,7 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := ssm.NewParameter(ctx, "foo", &ssm.ParameterArgs{ // Name: pulumi.String("foo"), -// Type: pulumi.String("String"), +// Type: pulumi.String(ssm.ParameterTypeString), // Value: pulumi.String("bar"), // }) // if err != nil { @@ -66,10 +66,10 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := rds.NewInstance(ctx, "default", &rds.InstanceArgs{ // AllocatedStorage: pulumi.Int(10), -// StorageType: pulumi.String("gp2"), +// StorageType: pulumi.String(rds.StorageTypeGP2), // Engine: pulumi.String("mysql"), // EngineVersion: pulumi.String("5.7.16"), -// InstanceClass: pulumi.String("db.t2.micro"), +// InstanceClass: pulumi.String(rds.InstanceType_T2_Micro), // DbName: pulumi.String("mydb"), // Username: pulumi.String("foo"), // Password: pulumi.Any(databaseMasterPassword), @@ -82,7 +82,7 @@ import ( // _, err = ssm.NewParameter(ctx, "secret", &ssm.ParameterArgs{ // Name: pulumi.String("/production/database/password/master"), // Description: pulumi.String("The parameter description"), -// Type: pulumi.String("SecureString"), +// Type: pulumi.String(ssm.ParameterTypeSecureString), // Value: pulumi.Any(databaseMasterPassword), // Tags: pulumi.StringMap{ // "environment": pulumi.String("production"), diff --git a/sdk/go/aws/ssm/resourceDataSync.go b/sdk/go/aws/ssm/resourceDataSync.go index a549a02ef67..ee5873c1d43 100644 --- a/sdk/go/aws/ssm/resourceDataSync.go +++ b/sdk/go/aws/ssm/resourceDataSync.go @@ -91,7 +91,7 @@ import ( // } // _, err = s3.NewBucketPolicy(ctx, "hoge", &s3.BucketPolicyArgs{ // Bucket: hogeBucketV2.ID(), -// Policy: *pulumi.String(hoge.Json), +// Policy: pulumi.String(hoge.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/storagegateway/fileSystemAssociation.go b/sdk/go/aws/storagegateway/fileSystemAssociation.go index d5014b78713..afe784aed4a 100644 --- a/sdk/go/aws/storagegateway/fileSystemAssociation.go +++ b/sdk/go/aws/storagegateway/fileSystemAssociation.go @@ -73,7 +73,7 @@ import ( // return err // } // test, err := ec2.NewInstance(ctx, "test", &ec2.InstanceArgs{ -// Ami: *pulumi.String(awsServiceStoragegatewayAmiFILES3Latest.Value), +// Ami: pulumi.String(awsServiceStoragegatewayAmiFILES3Latest.Value), // AssociatePublicIpAddress: pulumi.Bool(true), // InstanceType: ec2.InstanceType(available.InstanceType), // VpcSecurityGroupIds: pulumi.StringArray{ diff --git a/sdk/go/aws/storagegateway/gateway.go b/sdk/go/aws/storagegateway/gateway.go index e0abfa6d1e5..925d166cd4f 100644 --- a/sdk/go/aws/storagegateway/gateway.go +++ b/sdk/go/aws/storagegateway/gateway.go @@ -50,7 +50,7 @@ import ( // return err // } // _, err = storagegateway.NewCache(ctx, "test", &storagegateway.CacheArgs{ -// DiskId: *pulumi.String(test.DiskId), +// DiskId: pulumi.String(test.DiskId), // GatewayArn: pulumi.Any(testAwsStoragegatewayGateway.Arn), // }) // if err != nil { diff --git a/sdk/go/aws/storagegateway/uploadBuffer.go b/sdk/go/aws/storagegateway/uploadBuffer.go index 72aa003fcc0..48e10bd5bb2 100644 --- a/sdk/go/aws/storagegateway/uploadBuffer.go +++ b/sdk/go/aws/storagegateway/uploadBuffer.go @@ -41,7 +41,7 @@ import ( // return err // } // _, err = storagegateway.NewUploadBuffer(ctx, "test", &storagegateway.UploadBufferArgs{ -// DiskPath: *pulumi.String(test.DiskPath), +// DiskPath: pulumi.String(test.DiskPath), // GatewayArn: pulumi.Any(testAwsStoragegatewayGateway.Arn), // }) // if err != nil { diff --git a/sdk/go/aws/transcribe/languageModel.go b/sdk/go/aws/transcribe/languageModel.go index f7ab76ce36c..13341d671bd 100644 --- a/sdk/go/aws/transcribe/languageModel.go +++ b/sdk/go/aws/transcribe/languageModel.go @@ -60,7 +60,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("example"), -// AssumeRolePolicy: *pulumi.String(example.Json), +// AssumeRolePolicy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/transfer/server.go b/sdk/go/aws/transfer/server.go index 6a8957b7538..c6b72b8aa0b 100644 --- a/sdk/go/aws/transfer/server.go +++ b/sdk/go/aws/transfer/server.go @@ -263,7 +263,7 @@ import ( // } // iamForTransfer, err := iam.NewRole(ctx, "iam_for_transfer", &iam.RoleArgs{ // NamePrefix: pulumi.String("iam_for_transfer_"), -// AssumeRolePolicy: *pulumi.String(transferAssumeRole.Json), +// AssumeRolePolicy: pulumi.String(transferAssumeRole.Json), // ManagedPolicyArns: pulumi.StringArray{ // pulumi.String("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"), // }, diff --git a/sdk/go/aws/transfer/sshKey.go b/sdk/go/aws/transfer/sshKey.go index 62dce7f8af8..7a04f74f442 100644 --- a/sdk/go/aws/transfer/sshKey.go +++ b/sdk/go/aws/transfer/sshKey.go @@ -62,7 +62,7 @@ import ( // } // exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ // Name: pulumi.String("tf-test-transfer-user-iam-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -106,7 +106,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{ // Name: pulumi.String("tf-test-transfer-user-iam-policy"), // Role: exampleRole.ID(), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/transfer/user.go b/sdk/go/aws/transfer/user.go index 77f1e40359c..82ba1de7211 100644 --- a/sdk/go/aws/transfer/user.go +++ b/sdk/go/aws/transfer/user.go @@ -62,7 +62,7 @@ import ( // } // fooRole, err := iam.NewRole(ctx, "foo", &iam.RoleArgs{ // Name: pulumi.String("tf-test-transfer-user-iam-role"), -// AssumeRolePolicy: *pulumi.String(assumeRole.Json), +// AssumeRolePolicy: pulumi.String(assumeRole.Json), // }) // if err != nil { // return err @@ -87,7 +87,7 @@ import ( // _, err = iam.NewRolePolicy(ctx, "foo", &iam.RolePolicyArgs{ // Name: pulumi.String("tf-test-transfer-user-iam-policy"), // Role: fooRole.ID(), -// Policy: *pulumi.String(foo.Json), +// Policy: pulumi.String(foo.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/waf/getSubscribedRuleGroup.go b/sdk/go/aws/waf/getSubscribedRuleGroup.go index 83fc788231f..136942d2043 100644 --- a/sdk/go/aws/waf/getSubscribedRuleGroup.go +++ b/sdk/go/aws/waf/getSubscribedRuleGroup.go @@ -44,12 +44,12 @@ import ( // Rules: waf.WebAclRuleArray{ // &waf.WebAclRuleArgs{ // Priority: pulumi.Int(1), -// RuleId: *pulumi.String(byName.Id), +// RuleId: pulumi.String(byName.Id), // Type: pulumi.String("GROUP"), // }, // &waf.WebAclRuleArgs{ // Priority: pulumi.Int(2), -// RuleId: *pulumi.String(byMetricName.Id), +// RuleId: pulumi.String(byMetricName.Id), // Type: pulumi.String("GROUP"), // }, // }, diff --git a/sdk/go/aws/wafregional/getSubscribedRuleGroup.go b/sdk/go/aws/wafregional/getSubscribedRuleGroup.go index fd65b40ae42..654aa03aa76 100644 --- a/sdk/go/aws/wafregional/getSubscribedRuleGroup.go +++ b/sdk/go/aws/wafregional/getSubscribedRuleGroup.go @@ -44,12 +44,12 @@ import ( // Rules: wafregional.WebAclRuleArray{ // &wafregional.WebAclRuleArgs{ // Priority: pulumi.Int(1), -// RuleId: *pulumi.String(byName.Id), +// RuleId: pulumi.String(byName.Id), // Type: pulumi.String("GROUP"), // }, // &wafregional.WebAclRuleArgs{ // Priority: pulumi.Int(2), -// RuleId: *pulumi.String(byMetricName.Id), +// RuleId: pulumi.String(byMetricName.Id), // Type: pulumi.String("GROUP"), // }, // }, diff --git a/sdk/go/aws/wafregional/webAclAssociation.go b/sdk/go/aws/wafregional/webAclAssociation.go index c0d201bfb57..f950861e90f 100644 --- a/sdk/go/aws/wafregional/webAclAssociation.go +++ b/sdk/go/aws/wafregional/webAclAssociation.go @@ -94,7 +94,7 @@ import ( // fooSubnet, err := ec2.NewSubnet(ctx, "foo", &ec2.SubnetArgs{ // VpcId: fooVpc.ID(), // CidrBlock: pulumi.String("10.1.1.0/24"), -// AvailabilityZone: *pulumi.String(available.Names[0]), +// AvailabilityZone: pulumi.String(available.Names[0]), // }) // if err != nil { // return err @@ -102,7 +102,7 @@ import ( // bar, err := ec2.NewSubnet(ctx, "bar", &ec2.SubnetArgs{ // VpcId: fooVpc.ID(), // CidrBlock: pulumi.String("10.1.2.0/24"), -// AvailabilityZone: *pulumi.String(available.Names[1]), +// AvailabilityZone: pulumi.String(available.Names[1]), // }) // if err != nil { // return err diff --git a/sdk/go/aws/workspaces/directory.go b/sdk/go/aws/workspaces/directory.go index 1c137ba07d2..3d1b174b67b 100644 --- a/sdk/go/aws/workspaces/directory.go +++ b/sdk/go/aws/workspaces/directory.go @@ -146,7 +146,7 @@ import ( // } // workspacesDefault, err := iam.NewRole(ctx, "workspaces_default", &iam.RoleArgs{ // Name: pulumi.String("workspaces_DefaultRole"), -// AssumeRolePolicy: *pulumi.String(workspaces.Json), +// AssumeRolePolicy: pulumi.String(workspaces.Json), // }) // if err != nil { // return err diff --git a/sdk/go/aws/workspaces/workspace.go b/sdk/go/aws/workspaces/workspace.go index d07396d9f07..ce67f8f9522 100644 --- a/sdk/go/aws/workspaces/workspace.go +++ b/sdk/go/aws/workspaces/workspace.go @@ -46,11 +46,11 @@ import ( // } // _, err = workspaces.NewWorkspace(ctx, "example", &workspaces.WorkspaceArgs{ // DirectoryId: pulumi.Any(exampleAwsWorkspacesDirectory.Id), -// BundleId: *pulumi.String(valueWindows10.Id), +// BundleId: pulumi.String(valueWindows10.Id), // UserName: pulumi.String("john.doe"), // RootVolumeEncryptionEnabled: pulumi.Bool(true), // UserVolumeEncryptionEnabled: pulumi.Bool(true), -// VolumeEncryptionKey: *pulumi.String(workspaces.Arn), +// VolumeEncryptionKey: pulumi.String(workspaces.Arn), // WorkspaceProperties: &workspaces.WorkspaceWorkspacePropertiesArgs{ // ComputeTypeName: pulumi.String("VALUE"), // UserVolumeSizeGib: pulumi.Int(10), diff --git a/sdk/go/aws/xray/encryptionConfig.go b/sdk/go/aws/xray/encryptionConfig.go index ca4bd0cea95..d050da863d3 100644 --- a/sdk/go/aws/xray/encryptionConfig.go +++ b/sdk/go/aws/xray/encryptionConfig.go @@ -96,7 +96,7 @@ import ( // exampleKey, err := kms.NewKey(ctx, "example", &kms.KeyArgs{ // Description: pulumi.String("Some Key"), // DeletionWindowInDays: pulumi.Int(7), -// Policy: *pulumi.String(example.Json), +// Policy: pulumi.String(example.Json), // }) // if err != nil { // return err diff --git a/sdk/nodejs/acm/certificate.ts b/sdk/nodejs/acm/certificate.ts index 12484966ad1..f38e0c30770 100644 --- a/sdk/nodejs/acm/certificate.ts +++ b/sdk/nodejs/acm/certificate.ts @@ -133,7 +133,7 @@ import * as utilities from "../utilities"; * name: range.value.name, * records: [range.value.record], * ttl: 60, - * type: aws.route53.recordtype.RecordType[range.value.type], + * type: aws.route53.RecordType[range.value.type], * zoneId: exampleAwsRoute53Zone.zoneId, * })); * } diff --git a/sdk/nodejs/apigateway/domainName.ts b/sdk/nodejs/apigateway/domainName.ts index 29ca0bd561b..2b47c4a05ee 100644 --- a/sdk/nodejs/apigateway/domainName.ts +++ b/sdk/nodejs/apigateway/domainName.ts @@ -52,7 +52,7 @@ import * as utilities from "../utilities"; * // Route53 is not specifically required; any DNS host can be used. * const exampleRecord = new aws.route53.Record("example", { * name: example.domainName, - * type: "A", + * type: aws.route53.RecordType.A, * zoneId: exampleAwsRoute53Zone.id, * aliases: [{ * evaluateTargetHealth: true, @@ -81,7 +81,7 @@ import * as utilities from "../utilities"; * // Route53 is not specifically required; any DNS host can be used. * const exampleRecord = new aws.route53.Record("example", { * name: example.domainName, - * type: "A", + * type: aws.route53.RecordType.A, * zoneId: exampleAwsRoute53Zone.id, * aliases: [{ * evaluateTargetHealth: true, diff --git a/sdk/nodejs/apigateway/integration.ts b/sdk/nodejs/apigateway/integration.ts index 4de0971bc2a..22110af7270 100644 --- a/sdk/nodejs/apigateway/integration.ts +++ b/sdk/nodejs/apigateway/integration.ts @@ -99,7 +99,7 @@ import {RestApi} from "./index"; * name: "mylambda", * role: role.arn, * handler: "lambda.lambda_handler", - * runtime: "python3.7", + * runtime: aws.lambda.Runtime.Python3d7, * sourceCodeHash: std.filebase64sha256({ * input: "lambda.zip", * }).then(invoke => invoke.result), diff --git a/sdk/nodejs/apigatewayv2/domainName.ts b/sdk/nodejs/apigatewayv2/domainName.ts index a199528fb0c..1b186d22f34 100644 --- a/sdk/nodejs/apigatewayv2/domainName.ts +++ b/sdk/nodejs/apigatewayv2/domainName.ts @@ -51,7 +51,7 @@ import * as utilities from "../utilities"; * }); * const exampleRecord = new aws.route53.Record("example", { * name: example.domainName, - * type: "A", + * type: aws.route53.RecordType.A, * zoneId: exampleAwsRoute53Zone.zoneId, * aliases: [{ * name: example.domainNameConfiguration.apply(domainNameConfiguration => domainNameConfiguration.targetDomainName), diff --git a/sdk/nodejs/apigatewayv2/integration.ts b/sdk/nodejs/apigatewayv2/integration.ts index f2c3d7df10a..bbebbb82e46 100644 --- a/sdk/nodejs/apigatewayv2/integration.ts +++ b/sdk/nodejs/apigatewayv2/integration.ts @@ -39,7 +39,7 @@ import * as utilities from "../utilities"; * name: "Example", * role: exampleAwsIamRole.arn, * handler: "index.handler", - * runtime: "nodejs16.x", + * runtime: aws.lambda.Runtime.NodeJS16dX, * }); * const exampleIntegration = new aws.apigatewayv2.Integration("example", { * apiId: exampleAwsApigatewayv2Api.id, diff --git a/sdk/nodejs/autoscaling/group.ts b/sdk/nodejs/autoscaling/group.ts index 6eb879fa970..2fbb98c094a 100644 --- a/sdk/nodejs/autoscaling/group.ts +++ b/sdk/nodejs/autoscaling/group.ts @@ -26,7 +26,7 @@ import {Metric} from "./index"; * * const test = new aws.ec2.PlacementGroup("test", { * name: "test", - * strategy: "cluster", + * strategy: aws.ec2.PlacementStrategy.Cluster, * }); * const bar = new aws.autoscaling.Group("bar", { * name: "foobar3-test", diff --git a/sdk/nodejs/batch/computeEnvironment.ts b/sdk/nodejs/batch/computeEnvironment.ts index 80f3fbc8023..81cd7b4298d 100644 --- a/sdk/nodejs/batch/computeEnvironment.ts +++ b/sdk/nodejs/batch/computeEnvironment.ts @@ -81,7 +81,7 @@ import * as utilities from "../utilities"; * }); * const samplePlacementGroup = new aws.ec2.PlacementGroup("sample", { * name: "sample", - * strategy: "cluster", + * strategy: aws.ec2.PlacementStrategy.Cluster, * }); * const sampleComputeEnvironment = new aws.batch.ComputeEnvironment("sample", { * computeEnvironmentName: "sample", diff --git a/sdk/nodejs/cloudformation/getExport.ts b/sdk/nodejs/cloudformation/getExport.ts index 3877f026062..7957136105d 100644 --- a/sdk/nodejs/cloudformation/getExport.ts +++ b/sdk/nodejs/cloudformation/getExport.ts @@ -22,7 +22,7 @@ import * as utilities from "../utilities"; * }); * const web = new aws.ec2.Instance("web", { * ami: "ami-abb07bcb", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * subnetId: subnetId.then(subnetId => subnetId.value), * }); * ``` @@ -82,7 +82,7 @@ export interface GetExportResult { * }); * const web = new aws.ec2.Instance("web", { * ami: "ami-abb07bcb", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * subnetId: subnetId.then(subnetId => subnetId.value), * }); * ``` diff --git a/sdk/nodejs/cloudformation/getStack.ts b/sdk/nodejs/cloudformation/getStack.ts index ff48d67aa64..e6cf0eeba90 100644 --- a/sdk/nodejs/cloudformation/getStack.ts +++ b/sdk/nodejs/cloudformation/getStack.ts @@ -20,7 +20,7 @@ import * as utilities from "../utilities"; * }); * const web = new aws.ec2.Instance("web", { * ami: "ami-abb07bcb", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * subnetId: network.then(network => network.outputs?.SubnetId), * tags: { * Name: "HelloWorld", @@ -118,7 +118,7 @@ export interface GetStackResult { * }); * const web = new aws.ec2.Instance("web", { * ami: "ami-abb07bcb", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * subnetId: network.then(network => network.outputs?.SubnetId), * tags: { * Name: "HelloWorld", diff --git a/sdk/nodejs/cognito/userPoolDomain.ts b/sdk/nodejs/cognito/userPoolDomain.ts index 6bb7df3dd00..9996c9e07a0 100644 --- a/sdk/nodejs/cognito/userPoolDomain.ts +++ b/sdk/nodejs/cognito/userPoolDomain.ts @@ -42,7 +42,7 @@ import * as utilities from "../utilities"; * }); * const auth_cognito_A = new aws.route53.Record("auth-cognito-A", { * name: main.domain, - * type: "A", + * type: aws.route53.RecordType.A, * zoneId: example.then(example => example.zoneId), * aliases: [{ * evaluateTargetHealth: false, diff --git a/sdk/nodejs/ec2/capacityReservation.ts b/sdk/nodejs/ec2/capacityReservation.ts index 985cea5d4ad..1b66da337b4 100644 --- a/sdk/nodejs/ec2/capacityReservation.ts +++ b/sdk/nodejs/ec2/capacityReservation.ts @@ -18,8 +18,8 @@ import * as utilities from "../utilities"; * import * as aws from "@pulumi/aws"; * * const _default = new aws.ec2.CapacityReservation("default", { - * instanceType: "t2.micro", - * instancePlatform: "Linux/UNIX", + * instanceType: aws.ec2.InstanceType.T2_Micro, + * instancePlatform: aws.ec2.InstancePlatform.LinuxUnix, * availabilityZone: "eu-west-1a", * instanceCount: 1, * }); diff --git a/sdk/nodejs/ec2/eip.ts b/sdk/nodejs/ec2/eip.ts index 3d253d5a8ba..d6c46c602ab 100644 --- a/sdk/nodejs/ec2/eip.ts +++ b/sdk/nodejs/ec2/eip.ts @@ -73,7 +73,7 @@ import * as utilities from "../utilities"; * }); * const foo = new aws.ec2.Instance("foo", { * ami: "ami-5189a661", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * privateIp: "10.0.0.12", * subnetId: myTestSubnet.id, * }); diff --git a/sdk/nodejs/ec2/eipAssociation.ts b/sdk/nodejs/ec2/eipAssociation.ts index d58c4c45ac3..5fa487545f0 100644 --- a/sdk/nodejs/ec2/eipAssociation.ts +++ b/sdk/nodejs/ec2/eipAssociation.ts @@ -23,7 +23,7 @@ import * as utilities from "../utilities"; * const web = new aws.ec2.Instance("web", { * ami: "ami-21f78e11", * availabilityZone: "us-west-2a", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * tags: { * Name: "HelloWorld", * }, diff --git a/sdk/nodejs/ec2/instance.ts b/sdk/nodejs/ec2/instance.ts index ddf669d74f3..8fefddd88f8 100644 --- a/sdk/nodejs/ec2/instance.ts +++ b/sdk/nodejs/ec2/instance.ts @@ -37,7 +37,7 @@ import {InstanceProfile} from "../iam"; * }); * const web = new aws.ec2.Instance("web", { * ami: ubuntu.then(ubuntu => ubuntu.id), - * instanceType: "t3.micro", + * instanceType: aws.ec2.InstanceType.T3_Micro, * tags: { * Name: "HelloWorld", * }, @@ -73,7 +73,7 @@ import {InstanceProfile} from "../iam"; * maxPrice: "0.0031", * }, * }, - * instanceType: "t4g.nano", + * instanceType: aws.ec2.InstanceType.T4g_Nano, * tags: { * Name: "test-spot", * }, @@ -111,7 +111,7 @@ import {InstanceProfile} from "../iam"; * }); * const fooInstance = new aws.ec2.Instance("foo", { * ami: "ami-005e54dee72cc1d00", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * networkInterfaces: [{ * networkInterfaceId: foo.id, * deviceIndex: 0, @@ -154,7 +154,7 @@ import {InstanceProfile} from "../iam"; * }); * const exampleInstance = new aws.ec2.Instance("example", { * ami: amzn_linux_2023_ami.then(amzn_linux_2023_ami => amzn_linux_2023_ami.id), - * instanceType: "c6a.2xlarge", + * instanceType: aws.ec2.InstanceType.C6a_2XLarge, * subnetId: exampleSubnet.id, * cpuOptions: { * coreCount: 2, @@ -180,7 +180,7 @@ import {InstanceProfile} from "../iam"; * * const _this = new aws.ec2.Instance("this", { * ami: "ami-0dcc1e21636832c5d", - * instanceType: "m5.large", + * instanceType: aws.ec2.InstanceType.M5_Large, * hostResourceGroupArn: "arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost", * tenancy: "host", * }); diff --git a/sdk/nodejs/ec2/networkInterfaceSecurityGroupAttachment.ts b/sdk/nodejs/ec2/networkInterfaceSecurityGroupAttachment.ts index eb4e92159ce..3b4c1bf6115 100644 --- a/sdk/nodejs/ec2/networkInterfaceSecurityGroupAttachment.ts +++ b/sdk/nodejs/ec2/networkInterfaceSecurityGroupAttachment.ts @@ -38,7 +38,7 @@ import * as utilities from "../utilities"; * owners: ["amazon"], * }); * const instance = new aws.ec2.Instance("instance", { - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * ami: ami.then(ami => ami.id), * tags: { * type: "test-instance", diff --git a/sdk/nodejs/ec2/placementGroup.ts b/sdk/nodejs/ec2/placementGroup.ts index 1e6b05d2a95..11a11add945 100644 --- a/sdk/nodejs/ec2/placementGroup.ts +++ b/sdk/nodejs/ec2/placementGroup.ts @@ -20,7 +20,7 @@ import * as utilities from "../utilities"; * * const web = new aws.ec2.PlacementGroup("web", { * name: "hunky-dory-pg", - * strategy: "cluster", + * strategy: aws.ec2.PlacementStrategy.Cluster, * }); * ``` * diff --git a/sdk/nodejs/ec2/securityGroup.ts b/sdk/nodejs/ec2/securityGroup.ts index edbedf6ea1a..222fff557f3 100644 --- a/sdk/nodejs/ec2/securityGroup.ts +++ b/sdk/nodejs/ec2/securityGroup.ts @@ -161,7 +161,7 @@ import * as utilities from "../utilities"; * * const example = new aws.ec2.SecurityGroup("example", {name: "sg"}); * const exampleInstance = new aws.ec2.Instance("example", { - * instanceType: "t3.small", + * instanceType: aws.ec2.InstanceType.T3_Small, * vpcSecurityGroupIds: [test.id], * }); * ``` diff --git a/sdk/nodejs/ec2/securityGroupRule.ts b/sdk/nodejs/ec2/securityGroupRule.ts index 1d4e5351f0c..5053fe138f7 100644 --- a/sdk/nodejs/ec2/securityGroupRule.ts +++ b/sdk/nodejs/ec2/securityGroupRule.ts @@ -33,7 +33,7 @@ import * as utilities from "../utilities"; * type: "ingress", * fromPort: 0, * toPort: 65535, - * protocol: "tcp", + * protocol: aws.ec2.ProtocolType.TCP, * cidrBlocks: [exampleAwsVpc.cidrBlock], * ipv6CidrBlocks: [exampleAwsVpc.ipv6CidrBlock], * securityGroupId: "sg-123456", @@ -85,7 +85,7 @@ import * as utilities from "../utilities"; * securityGroupId: "sg-123456", * fromPort: 443, * toPort: 443, - * protocol: "tcp", + * protocol: aws.ec2.ProtocolType.TCP, * prefixListIds: [s3.then(s3 => s3.id)], * }); * ``` diff --git a/sdk/nodejs/ec2/volumeAttachment.ts b/sdk/nodejs/ec2/volumeAttachment.ts index 2d53fdce8e2..50a98f2b4d1 100644 --- a/sdk/nodejs/ec2/volumeAttachment.ts +++ b/sdk/nodejs/ec2/volumeAttachment.ts @@ -20,7 +20,7 @@ import * as utilities from "../utilities"; * const web = new aws.ec2.Instance("web", { * ami: "ami-21f78e11", * availabilityZone: "us-west-2a", - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * tags: { * Name: "HelloWorld", * }, diff --git a/sdk/nodejs/ec2transitgateway/instanceState.ts b/sdk/nodejs/ec2transitgateway/instanceState.ts index f4f6f2462d4..01c38d08a53 100644 --- a/sdk/nodejs/ec2transitgateway/instanceState.ts +++ b/sdk/nodejs/ec2transitgateway/instanceState.ts @@ -32,7 +32,7 @@ import * as utilities from "../utilities"; * }); * const test = new aws.ec2.Instance("test", { * ami: ubuntu.then(ubuntu => ubuntu.id), - * instanceType: "t3.micro", + * instanceType: aws.ec2.InstanceType.T3_Micro, * tags: { * Name: "HelloWorld", * }, diff --git a/sdk/nodejs/ec2transitgateway/multicastDomain.ts b/sdk/nodejs/ec2transitgateway/multicastDomain.ts index db4b34029ba..c3d367dd03f 100644 --- a/sdk/nodejs/ec2transitgateway/multicastDomain.ts +++ b/sdk/nodejs/ec2transitgateway/multicastDomain.ts @@ -50,17 +50,17 @@ import * as utilities from "../utilities"; * }); * const instance1 = new aws.ec2.Instance("instance1", { * ami: amazonLinux.then(amazonLinux => amazonLinux.id), - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * subnetId: subnet1.id, * }); * const instance2 = new aws.ec2.Instance("instance2", { * ami: amazonLinux.then(amazonLinux => amazonLinux.id), - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * subnetId: subnet2.id, * }); * const instance3 = new aws.ec2.Instance("instance3", { * ami: amazonLinux.then(amazonLinux => amazonLinux.id), - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * subnetId: subnet3.id, * }); * const tgw = new aws.ec2transitgateway.TransitGateway("tgw", {multicastSupport: "enable"}); diff --git a/sdk/nodejs/elb/getHostedZoneId.ts b/sdk/nodejs/elb/getHostedZoneId.ts index 79b5943e056..5103997ec02 100644 --- a/sdk/nodejs/elb/getHostedZoneId.ts +++ b/sdk/nodejs/elb/getHostedZoneId.ts @@ -19,7 +19,7 @@ import * as utilities from "../utilities"; * const www = new aws.route53.Record("www", { * zoneId: primary.zoneId, * name: "example.com", - * type: "A", + * type: aws.route53.RecordType.A, * aliases: [{ * name: mainAwsElb.dnsName, * zoneId: main.then(main => main.id), @@ -74,7 +74,7 @@ export interface GetHostedZoneIdResult { * const www = new aws.route53.Record("www", { * zoneId: primary.zoneId, * name: "example.com", - * type: "A", + * type: aws.route53.RecordType.A, * aliases: [{ * name: mainAwsElb.dnsName, * zoneId: main.then(main => main.id), diff --git a/sdk/nodejs/kinesis/firehoseDeliveryStream.ts b/sdk/nodejs/kinesis/firehoseDeliveryStream.ts index b19a33af69a..d811fabff0c 100644 --- a/sdk/nodejs/kinesis/firehoseDeliveryStream.ts +++ b/sdk/nodejs/kinesis/firehoseDeliveryStream.ts @@ -55,7 +55,7 @@ import * as utilities from "../utilities"; * name: "firehose_lambda_processor", * role: lambdaIam.arn, * handler: "exports.handler", - * runtime: "nodejs16.x", + * runtime: aws.lambda.Runtime.NodeJS16dX, * }); * const extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream("extended_s3_stream", { * name: "kinesis-firehose-extended-s3-test-stream", diff --git a/sdk/nodejs/lambda/function.ts b/sdk/nodejs/lambda/function.ts index 1239d043eb5..d97fc5875b9 100644 --- a/sdk/nodejs/lambda/function.ts +++ b/sdk/nodejs/lambda/function.ts @@ -55,7 +55,7 @@ import {ARN} from ".."; * role: iamForLambda.arn, * handler: "index.test", * sourceCodeHash: lambda.then(lambda => lambda.outputBase64sha256), - * runtime: "nodejs18.x", + * runtime: aws.lambda.Runtime.NodeJS18dX, * environment: { * variables: { * foo: "bar", @@ -105,7 +105,7 @@ import {ARN} from ".."; * name: "lambda_function_name", * role: iamForLambda.arn, * handler: "index.test", - * runtime: "nodejs18.x", + * runtime: aws.lambda.Runtime.NodeJS18dX, * ephemeralStorage: { * size: 10240, * }, diff --git a/sdk/nodejs/lambda/permission.ts b/sdk/nodejs/lambda/permission.ts index e26530a9882..b441d6be59d 100644 --- a/sdk/nodejs/lambda/permission.ts +++ b/sdk/nodejs/lambda/permission.ts @@ -37,7 +37,7 @@ import {Function} from "./index"; * name: "lambda_function_name", * role: iamForLambda.arn, * handler: "exports.handler", - * runtime: "nodejs16.x", + * runtime: aws.lambda.Runtime.NodeJS16dX, * }); * const testAlias = new aws.lambda.Alias("test_alias", { * name: "testalias", @@ -83,7 +83,7 @@ import {Function} from "./index"; * name: "lambda_called_from_sns", * role: defaultRole.arn, * handler: "exports.handler", - * runtime: "python3.7", + * runtime: aws.lambda.Runtime.Python3d7, * }); * const withSns = new aws.lambda.Permission("with_sns", { * statementId: "AllowExecutionFromSNS", @@ -148,7 +148,7 @@ import {Function} from "./index"; * name: "lambda_called_from_cloudwatch_logs", * handler: "exports.handler", * role: defaultRole.arn, - * runtime: "python3.7", + * runtime: aws.lambda.Runtime.Python3d7, * }); * const logging = new aws.lambda.Permission("logging", { * action: "lambda:InvokeFunction", diff --git a/sdk/nodejs/lb/getHostedZoneId.ts b/sdk/nodejs/lb/getHostedZoneId.ts index 5d463ed78f8..0236f65f987 100644 --- a/sdk/nodejs/lb/getHostedZoneId.ts +++ b/sdk/nodejs/lb/getHostedZoneId.ts @@ -18,7 +18,7 @@ import * as utilities from "../utilities"; * const www = new aws.route53.Record("www", { * zoneId: primary.zoneId, * name: "example.com", - * type: "A", + * type: aws.route53.RecordType.A, * aliases: [{ * name: mainAwsLb.dnsName, * zoneId: main.then(main => main.id), @@ -78,7 +78,7 @@ export interface GetHostedZoneIdResult { * const www = new aws.route53.Record("www", { * zoneId: primary.zoneId, * name: "example.com", - * type: "A", + * type: aws.route53.RecordType.A, * aliases: [{ * name: mainAwsLb.dnsName, * zoneId: main.then(main => main.id), diff --git a/sdk/nodejs/licensemanager/association.ts b/sdk/nodejs/licensemanager/association.ts index 58ab66b4116..bfd9e3ade5f 100644 --- a/sdk/nodejs/licensemanager/association.ts +++ b/sdk/nodejs/licensemanager/association.ts @@ -26,7 +26,7 @@ import * as utilities from "../utilities"; * }); * const exampleInstance = new aws.ec2.Instance("example", { * ami: example.then(example => example.id), - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * }); * const exampleLicenseConfiguration = new aws.licensemanager.LicenseConfiguration("example", { * name: "Example", diff --git a/sdk/nodejs/rds/cluster.ts b/sdk/nodejs/rds/cluster.ts index dcf206db0c2..c1d277a057e 100644 --- a/sdk/nodejs/rds/cluster.ts +++ b/sdk/nodejs/rds/cluster.ts @@ -36,7 +36,7 @@ import * as utilities from "../utilities"; * * const _default = new aws.rds.Cluster("default", { * clusterIdentifier: "aurora-cluster-demo", - * engine: "aurora-mysql", + * engine: aws.rds.EngineType.AuroraMysql, * engineVersion: "5.7.mysql_aurora.2.03.2", * availabilityZones: [ * "us-west-2a", @@ -84,7 +84,7 @@ import * as utilities from "../utilities"; * * const postgresql = new aws.rds.Cluster("postgresql", { * clusterIdentifier: "aurora-cluster-demo", - * engine: "aurora-postgresql", + * engine: aws.rds.EngineType.AuroraPostgresql, * availabilityZones: [ * "us-west-2a", * "us-west-2b", @@ -144,8 +144,8 @@ import * as utilities from "../utilities"; * * const example = new aws.rds.Cluster("example", { * clusterIdentifier: "example", - * engine: "aurora-postgresql", - * engineMode: "provisioned", + * engine: aws.rds.EngineType.AuroraPostgresql, + * engineMode: aws.rds.EngineMode.Provisioned, * engineVersion: "13.6", * databaseName: "test", * masterUsername: "test", @@ -219,7 +219,7 @@ import * as utilities from "../utilities"; * mostRecent: true, * }); * const exampleCluster = new aws.rds.Cluster("example", { - * engine: "aurora", + * engine: aws.rds.EngineType.Aurora, * engineVersion: "5.6.mysql_aurora.1.22.4", * clusterIdentifier: "example", * snapshotIdentifier: example.then(example => example.id), diff --git a/sdk/nodejs/rds/clusterActivityStream.ts b/sdk/nodejs/rds/clusterActivityStream.ts index f6d5c619fc9..5bc1c2334bb 100644 --- a/sdk/nodejs/rds/clusterActivityStream.ts +++ b/sdk/nodejs/rds/clusterActivityStream.ts @@ -32,14 +32,14 @@ import * as utilities from "../utilities"; * databaseName: "mydb", * masterUsername: "foo", * masterPassword: "mustbeeightcharaters", - * engine: "aurora-postgresql", + * engine: aws.rds.EngineType.AuroraPostgresql, * engineVersion: "13.4", * }); * const defaultClusterInstance = new aws.rds.ClusterInstance("default", { * identifier: "aurora-instance-demo", * clusterIdentifier: _default.clusterIdentifier, * engine: _default.engine, - * instanceClass: "db.r6g.large", + * instanceClass: aws.rds.InstanceType.R6G_Large, * }); * const defaultKey = new aws.kms.Key("default", {description: "AWS KMS Key to encrypt Database Activity Stream"}); * const defaultClusterActivityStream = new aws.rds.ClusterActivityStream("default", { diff --git a/sdk/nodejs/rds/clusterEndpoint.ts b/sdk/nodejs/rds/clusterEndpoint.ts index d1f27434d5f..2d31e255243 100644 --- a/sdk/nodejs/rds/clusterEndpoint.ts +++ b/sdk/nodejs/rds/clusterEndpoint.ts @@ -32,7 +32,7 @@ import * as utilities from "../utilities"; * applyImmediately: true, * clusterIdentifier: _default.id, * identifier: "test1", - * instanceClass: "db.t2.small", + * instanceClass: aws.rds.InstanceType.T2_Small, * engine: _default.engine, * engineVersion: _default.engineVersion, * }); @@ -40,7 +40,7 @@ import * as utilities from "../utilities"; * applyImmediately: true, * clusterIdentifier: _default.id, * identifier: "test2", - * instanceClass: "db.t2.small", + * instanceClass: aws.rds.InstanceType.T2_Small, * engine: _default.engine, * engineVersion: _default.engineVersion, * }); @@ -48,7 +48,7 @@ import * as utilities from "../utilities"; * applyImmediately: true, * clusterIdentifier: _default.id, * identifier: "test3", - * instanceClass: "db.t2.small", + * instanceClass: aws.rds.InstanceType.T2_Small, * engine: _default.engine, * engineVersion: _default.engineVersion, * }); diff --git a/sdk/nodejs/rds/clusterInstance.ts b/sdk/nodejs/rds/clusterInstance.ts index adbce3ac3e3..7f25545bb07 100644 --- a/sdk/nodejs/rds/clusterInstance.ts +++ b/sdk/nodejs/rds/clusterInstance.ts @@ -50,7 +50,7 @@ import {EngineType} from "./index"; * clusterInstances.push(new aws.rds.ClusterInstance(`cluster_instances-${range.value}`, { * identifier: `aurora-cluster-demo-${range.value}`, * clusterIdentifier: _default.id, - * instanceClass: "db.r4.large", + * instanceClass: aws.rds.InstanceType.R4_Large, * engine: _default.engine, * engineVersion: _default.engineVersion, * })); diff --git a/sdk/nodejs/rds/eventSubscription.ts b/sdk/nodejs/rds/eventSubscription.ts index 6b5da88f890..52fc3154995 100644 --- a/sdk/nodejs/rds/eventSubscription.ts +++ b/sdk/nodejs/rds/eventSubscription.ts @@ -18,7 +18,7 @@ import * as utilities from "../utilities"; * allocatedStorage: 10, * engine: "mysql", * engineVersion: "5.6.17", - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "mydb", * username: "foo", * password: "bar", diff --git a/sdk/nodejs/rds/exportTask.ts b/sdk/nodejs/rds/exportTask.ts index 070023227b3..3d7e86956b0 100644 --- a/sdk/nodejs/rds/exportTask.ts +++ b/sdk/nodejs/rds/exportTask.ts @@ -96,7 +96,7 @@ import * as utilities from "../utilities"; * dbName: "test", * engine: "mysql", * engineVersion: "5.7", - * instanceClass: "db.t3.micro", + * instanceClass: aws.rds.InstanceType.T3_Micro, * username: "foo", * password: "foobarbaz", * parameterGroupName: "default.mysql5.7", diff --git a/sdk/nodejs/rds/getClusterSnapshot.ts b/sdk/nodejs/rds/getClusterSnapshot.ts index 5f7469a2f7e..8c5f9c037e8 100644 --- a/sdk/nodejs/rds/getClusterSnapshot.ts +++ b/sdk/nodejs/rds/getClusterSnapshot.ts @@ -30,7 +30,7 @@ import * as utilities from "../utilities"; * }); * const auroraClusterInstance = new aws.rds.ClusterInstance("aurora", { * clusterIdentifier: aurora.id, - * instanceClass: "db.t2.small", + * instanceClass: aws.rds.InstanceType.T2_Small, * dbSubnetGroupName: "my_db_subnet_group", * }); * ``` @@ -188,7 +188,7 @@ export interface GetClusterSnapshotResult { * }); * const auroraClusterInstance = new aws.rds.ClusterInstance("aurora", { * clusterIdentifier: aurora.id, - * instanceClass: "db.t2.small", + * instanceClass: aws.rds.InstanceType.T2_Small, * dbSubnetGroupName: "my_db_subnet_group", * }); * ``` diff --git a/sdk/nodejs/rds/getSnapshot.ts b/sdk/nodejs/rds/getSnapshot.ts index 5ff778afa67..bee18a10349 100644 --- a/sdk/nodejs/rds/getSnapshot.ts +++ b/sdk/nodejs/rds/getSnapshot.ts @@ -21,7 +21,7 @@ import * as utilities from "../utilities"; * allocatedStorage: 10, * engine: "mysql", * engineVersion: "5.6.17", - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "mydb", * username: "foo", * password: "bar", @@ -34,7 +34,7 @@ import * as utilities from "../utilities"; * }); * // Use the latest production snapshot to create a dev instance. * const dev = new aws.rds.Instance("dev", { - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "mydbdev", * snapshotIdentifier: latestProdSnapshot.apply(latestProdSnapshot => latestProdSnapshot.id), * }); @@ -195,7 +195,7 @@ export interface GetSnapshotResult { * allocatedStorage: 10, * engine: "mysql", * engineVersion: "5.6.17", - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "mydb", * username: "foo", * password: "bar", @@ -208,7 +208,7 @@ export interface GetSnapshotResult { * }); * // Use the latest production snapshot to create a dev instance. * const dev = new aws.rds.Instance("dev", { - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "mydbdev", * snapshotIdentifier: latestProdSnapshot.apply(latestProdSnapshot => latestProdSnapshot.id), * }); diff --git a/sdk/nodejs/rds/globalCluster.ts b/sdk/nodejs/rds/globalCluster.ts index cd1d54920e2..383bec8a25b 100644 --- a/sdk/nodejs/rds/globalCluster.ts +++ b/sdk/nodejs/rds/globalCluster.ts @@ -42,7 +42,7 @@ import * as utilities from "../utilities"; * engineVersion: example.engineVersion, * identifier: "test-primary-cluster-instance", * clusterIdentifier: primary.id, - * instanceClass: "db.r4.large", + * instanceClass: aws.rds.InstanceType.R4_Large, * dbSubnetGroupName: "default", * }); * const secondary = new aws.rds.Cluster("secondary", { @@ -57,7 +57,7 @@ import * as utilities from "../utilities"; * engineVersion: example.engineVersion, * identifier: "test-secondary-cluster-instance", * clusterIdentifier: secondary.id, - * instanceClass: "db.r4.large", + * instanceClass: aws.rds.InstanceType.R4_Large, * dbSubnetGroupName: "default", * }); * ``` @@ -91,7 +91,7 @@ import * as utilities from "../utilities"; * engineVersion: example.engineVersion, * identifier: "test-primary-cluster-instance", * clusterIdentifier: primary.id, - * instanceClass: "db.r4.large", + * instanceClass: aws.rds.InstanceType.R4_Large, * dbSubnetGroupName: "default", * }); * const secondary = new aws.rds.Cluster("secondary", { @@ -107,7 +107,7 @@ import * as utilities from "../utilities"; * engineVersion: example.engineVersion, * identifier: "test-secondary-cluster-instance", * clusterIdentifier: secondary.id, - * instanceClass: "db.r4.large", + * instanceClass: aws.rds.InstanceType.R4_Large, * dbSubnetGroupName: "default", * }); * ``` @@ -161,7 +161,7 @@ import * as utilities from "../utilities"; * engine: primary.engine, * engineVersion: primary.engineVersion, * identifier: "donetsklviv", - * instanceClass: "db.r4.large", + * instanceClass: aws.rds.InstanceType.R4_Large, * }); * ``` * diff --git a/sdk/nodejs/rds/instance.ts b/sdk/nodejs/rds/instance.ts index b20066ec4e0..949e590117e 100644 --- a/sdk/nodejs/rds/instance.ts +++ b/sdk/nodejs/rds/instance.ts @@ -59,7 +59,7 @@ import * as utilities from "../utilities"; * dbName: "mydb", * engine: "mysql", * engineVersion: "5.7", - * instanceClass: "db.t3.micro", + * instanceClass: aws.rds.InstanceType.T3_Micro, * username: "foo", * password: "foobarbaz", * parameterGroupName: "default.mysql5.7", @@ -100,7 +100,7 @@ import * as utilities from "../utilities"; * engine: custom_oracle.then(custom_oracle => custom_oracle.engine), * engineVersion: custom_oracle.then(custom_oracle => custom_oracle.engineVersion), * identifier: "ee-instance-demo", - * instanceClass: custom_oracle.then(custom_oracle => custom_oracle.instanceClass).apply((x) => aws.rds.instancetype.InstanceType[x]), + * instanceClass: custom_oracle.then(custom_oracle => custom_oracle.instanceClass).apply((x) => aws.rds.InstanceType[x]), * kmsKeyId: byId.then(byId => byId.arn), * licenseModel: custom_oracle.then(custom_oracle => custom_oracle.licenseModel), * multiAz: false, @@ -115,7 +115,7 @@ import * as utilities from "../utilities"; * customIamInstanceProfile: "AWSRDSCustomInstanceProfile", * backupRetentionPeriod: 7, * identifier: "ee-instance-replica", - * instanceClass: custom_oracle.then(custom_oracle => custom_oracle.instanceClass).apply((x) => aws.rds.instancetype.InstanceType[x]), + * instanceClass: custom_oracle.then(custom_oracle => custom_oracle.instanceClass).apply((x) => aws.rds.InstanceType[x]), * kmsKeyId: byId.then(byId => byId.arn), * multiAz: false, * skipFinalSnapshot: true, @@ -155,7 +155,7 @@ import * as utilities from "../utilities"; * engine: custom_sqlserver.then(custom_sqlserver => custom_sqlserver.engine), * engineVersion: custom_sqlserver.then(custom_sqlserver => custom_sqlserver.engineVersion), * identifier: "sql-instance-demo", - * instanceClass: custom_sqlserver.then(custom_sqlserver => custom_sqlserver.instanceClass).apply((x) => aws.rds.instancetype.InstanceType[x]), + * instanceClass: custom_sqlserver.then(custom_sqlserver => custom_sqlserver.instanceClass).apply((x) => aws.rds.InstanceType[x]), * kmsKeyId: byId.then(byId => byId.arn), * multiAz: false, * password: "avoid-plaintext-passwords", @@ -213,7 +213,7 @@ import * as utilities from "../utilities"; * engine: example.then(example => example.engine), * engineVersion: example.then(example => example.engineVersion), * identifier: "db2-instance-demo", - * instanceClass: example.then(example => example.instanceClass).apply((x) => aws.rds.instancetype.InstanceType[x]), + * instanceClass: example.then(example => example.instanceClass).apply((x) => aws.rds.InstanceType[x]), * parameterGroupName: exampleParameterGroup.name, * password: "avoid-plaintext-passwords", * username: "test", @@ -253,7 +253,7 @@ import * as utilities from "../utilities"; * dbName: "mydb", * engine: "mysql", * engineVersion: "5.7", - * instanceClass: "db.t3.micro", + * instanceClass: aws.rds.InstanceType.T3_Micro, * manageMasterUserPassword: true, * username: "foo", * parameterGroupName: "default.mysql5.7", @@ -278,7 +278,7 @@ import * as utilities from "../utilities"; * dbName: "mydb", * engine: "mysql", * engineVersion: "5.7", - * instanceClass: "db.t3.micro", + * instanceClass: aws.rds.InstanceType.T3_Micro, * manageMasterUserPassword: true, * masterUserSecretKmsKeyId: example.keyId, * username: "foo", diff --git a/sdk/nodejs/rds/instanceAutomatedBackupsReplication.ts b/sdk/nodejs/rds/instanceAutomatedBackupsReplication.ts index 694ce2f9e3c..9f2dfb2a087 100644 --- a/sdk/nodejs/rds/instanceAutomatedBackupsReplication.ts +++ b/sdk/nodejs/rds/instanceAutomatedBackupsReplication.ts @@ -51,7 +51,7 @@ import * as utilities from "../utilities"; * identifier: "mydb", * engine: "postgres", * engineVersion: "13.4", - * instanceClass: "db.t3.micro", + * instanceClass: aws.rds.InstanceType.T3_Micro, * dbName: "mydb", * username: "masterusername", * password: "mustbeeightcharacters", diff --git a/sdk/nodejs/rds/snapshot.ts b/sdk/nodejs/rds/snapshot.ts index 086295f2b53..74074a1b7fb 100644 --- a/sdk/nodejs/rds/snapshot.ts +++ b/sdk/nodejs/rds/snapshot.ts @@ -18,7 +18,7 @@ import * as utilities from "../utilities"; * allocatedStorage: 10, * engine: "mysql", * engineVersion: "5.6.21", - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "baz", * password: "barbarbarbar", * username: "foo", diff --git a/sdk/nodejs/rds/snapshotCopy.ts b/sdk/nodejs/rds/snapshotCopy.ts index ace95fd3bc6..83d715f42c7 100644 --- a/sdk/nodejs/rds/snapshotCopy.ts +++ b/sdk/nodejs/rds/snapshotCopy.ts @@ -18,7 +18,7 @@ import * as utilities from "../utilities"; * allocatedStorage: 10, * engine: "mysql", * engineVersion: "5.6.21", - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "baz", * password: "barbarbarbar", * username: "foo", diff --git a/sdk/nodejs/route53/getZone.ts b/sdk/nodejs/route53/getZone.ts index fda06466ec5..bc5b512f3e2 100644 --- a/sdk/nodejs/route53/getZone.ts +++ b/sdk/nodejs/route53/getZone.ts @@ -25,7 +25,7 @@ import * as utilities from "../utilities"; * const www = new aws.route53.Record("www", { * zoneId: selected.then(selected => selected.zoneId), * name: selected.then(selected => `www.${selected.name}`), - * type: "A", + * type: aws.route53.RecordType.A, * ttl: 300, * records: ["10.0.0.1"], * }); @@ -143,7 +143,7 @@ export interface GetZoneResult { * const www = new aws.route53.Record("www", { * zoneId: selected.then(selected => selected.zoneId), * name: selected.then(selected => `www.${selected.name}`), - * type: "A", + * type: aws.route53.RecordType.A, * ttl: 300, * records: ["10.0.0.1"], * }); diff --git a/sdk/nodejs/route53/record.ts b/sdk/nodejs/route53/record.ts index 2c41987707e..73e781ccfc7 100644 --- a/sdk/nodejs/route53/record.ts +++ b/sdk/nodejs/route53/record.ts @@ -22,7 +22,7 @@ import * as utilities from "../utilities"; * const www = new aws.route53.Record("www", { * zoneId: primary.zoneId, * name: "www.example.com", - * type: "A", + * type: aws.route53.RecordType.A, * ttl: 300, * records: [lb.publicIp], * }); @@ -41,7 +41,7 @@ import * as utilities from "../utilities"; * const www_dev = new aws.route53.Record("www-dev", { * zoneId: primary.zoneId, * name: "www", - * type: "CNAME", + * type: aws.route53.RecordType.CNAME, * ttl: 5, * weightedRoutingPolicies: [{ * weight: 10, @@ -52,7 +52,7 @@ import * as utilities from "../utilities"; * const www_live = new aws.route53.Record("www-live", { * zoneId: primary.zoneId, * name: "www", - * type: "CNAME", + * type: aws.route53.RecordType.CNAME, * ttl: 5, * weightedRoutingPolicies: [{ * weight: 90, @@ -73,7 +73,7 @@ import * as utilities from "../utilities"; * const www = new aws.route53.Record("www", { * zoneId: primary.zoneId, * name: "www.example.com", - * type: "CNAME", + * type: aws.route53.RecordType.CNAME, * ttl: 300, * geoproximityRoutingPolicy: { * coordinates: [{ @@ -113,7 +113,7 @@ import * as utilities from "../utilities"; * const www = new aws.route53.Record("www", { * zoneId: primary.zoneId, * name: "example.com", - * type: "A", + * type: aws.route53.RecordType.A, * aliases: [{ * name: main.dnsName, * zoneId: main.zoneId, @@ -137,7 +137,7 @@ import * as utilities from "../utilities"; * allowOverwrite: true, * name: "test.example.com", * ttl: 172800, - * type: "NS", + * type: aws.route53.RecordType.NS, * zoneId: example.zoneId, * records: [ * example.nameServers[0], diff --git a/sdk/nodejs/route53/zone.ts b/sdk/nodejs/route53/zone.ts index 39512212179..61f8765a4ab 100644 --- a/sdk/nodejs/route53/zone.ts +++ b/sdk/nodejs/route53/zone.ts @@ -44,7 +44,7 @@ import * as utilities from "../utilities"; * const dev_ns = new aws.route53.Record("dev-ns", { * zoneId: main.zoneId, * name: "dev.example.com", - * type: "NS", + * type: aws.route53.RecordType.NS, * ttl: 30, * records: dev.nameServers, * }); diff --git a/sdk/nodejs/s3/bucket.ts b/sdk/nodejs/s3/bucket.ts index 7595ba9904a..098a162e734 100644 --- a/sdk/nodejs/s3/bucket.ts +++ b/sdk/nodejs/s3/bucket.ts @@ -28,7 +28,7 @@ import {RoutingRule} from "./index"; * * const b = new aws.s3.Bucket("b", { * bucket: "my-tf-test-bucket", - * acl: "private", + * acl: aws.s3.CannedAcl.Private, * tags: { * Name: "My bucket", * Environment: "Dev", @@ -47,7 +47,7 @@ import {RoutingRule} from "./index"; * * const b = new aws.s3.Bucket("b", { * bucket: "s3-website-test.mydomain.com", - * acl: "public-read", + * acl: aws.s3.CannedAcl.PublicRead, * policy: std.file({ * input: "policy.json", * }).then(invoke => invoke.result), @@ -77,7 +77,7 @@ import {RoutingRule} from "./index"; * * const b = new aws.s3.Bucket("b", { * bucket: "s3-website-test.mydomain.com", - * acl: "public-read", + * acl: aws.s3.CannedAcl.PublicRead, * corsRules: [{ * allowedHeaders: ["*"], * allowedMethods: [ @@ -101,7 +101,7 @@ import {RoutingRule} from "./index"; * * const b = new aws.s3.Bucket("b", { * bucket: "my-tf-test-bucket", - * acl: "private", + * acl: aws.s3.CannedAcl.Private, * versioning: { * enabled: true, * }, @@ -118,11 +118,11 @@ import {RoutingRule} from "./index"; * * const logBucket = new aws.s3.Bucket("log_bucket", { * bucket: "my-tf-log-bucket", - * acl: "log-delivery-write", + * acl: aws.s3.CannedAcl.LogDeliveryWrite, * }); * const b = new aws.s3.Bucket("b", { * bucket: "my-tf-test-bucket", - * acl: "private", + * acl: aws.s3.CannedAcl.Private, * loggings: [{ * targetBucket: logBucket.id, * targetPrefix: "log/", @@ -140,7 +140,7 @@ import {RoutingRule} from "./index"; * * const bucket = new aws.s3.Bucket("bucket", { * bucket: "my-bucket", - * acl: "private", + * acl: aws.s3.CannedAcl.Private, * lifecycleRules: [ * { * id: "log", @@ -176,7 +176,7 @@ import {RoutingRule} from "./index"; * }); * const versioningBucket = new aws.s3.Bucket("versioning_bucket", { * bucket: "my-versioning-bucket", - * acl: "private", + * acl: aws.s3.CannedAcl.Private, * versioning: { * enabled: true, * }, @@ -235,7 +235,7 @@ import {RoutingRule} from "./index"; * }); * const source = new aws.s3.Bucket("source", { * bucket: "tf-test-bucket-source-12345", - * acl: "private", + * acl: aws.s3.CannedAcl.Private, * versioning: { * enabled: true, * }, diff --git a/sdk/nodejs/s3/bucketNotification.ts b/sdk/nodejs/s3/bucketNotification.ts index f2b2ec78ed4..cb5db294dfc 100644 --- a/sdk/nodejs/s3/bucketNotification.ts +++ b/sdk/nodejs/s3/bucketNotification.ts @@ -120,7 +120,7 @@ import * as utilities from "../utilities"; * name: "example_lambda_name", * role: iamForLambda.arn, * handler: "exports.example", - * runtime: "go1.x", + * runtime: aws.lambda.Runtime.Go1dx, * }); * const bucket = new aws.s3.BucketV2("bucket", {bucket: "your-bucket-name"}); * const allowBucket = new aws.lambda.Permission("allow_bucket", { @@ -168,7 +168,7 @@ import * as utilities from "../utilities"; * name: "example_lambda_name1", * role: iamForLambda.arn, * handler: "exports.example", - * runtime: "go1.x", + * runtime: aws.lambda.Runtime.Go1dx, * }); * const bucket = new aws.s3.BucketV2("bucket", {bucket: "your-bucket-name"}); * const allowBucket1 = new aws.lambda.Permission("allow_bucket1", { diff --git a/sdk/nodejs/s3/getBucket.ts b/sdk/nodejs/s3/getBucket.ts index 81d40d4e11f..a673bbbaaf8 100644 --- a/sdk/nodejs/s3/getBucket.ts +++ b/sdk/nodejs/s3/getBucket.ts @@ -28,7 +28,7 @@ import * as utilities from "../utilities"; * const example = new aws.route53.Record("example", { * zoneId: testZone.then(testZone => testZone.id), * name: "bucket", - * type: "A", + * type: aws.route53.RecordType.A, * aliases: [{ * name: selected.then(selected => selected.websiteDomain), * zoneId: selected.then(selected => selected.hostedZoneId), @@ -134,7 +134,7 @@ export interface GetBucketResult { * const example = new aws.route53.Record("example", { * zoneId: testZone.then(testZone => testZone.id), * name: "bucket", - * type: "A", + * type: aws.route53.RecordType.A, * aliases: [{ * name: selected.then(selected => selected.websiteDomain), * zoneId: selected.then(selected => selected.hostedZoneId), diff --git a/sdk/nodejs/s3/getBucketObject.ts b/sdk/nodejs/s3/getBucketObject.ts index ae2e66cc3b7..e9d678fd8dd 100644 --- a/sdk/nodejs/s3/getBucketObject.ts +++ b/sdk/nodejs/s3/getBucketObject.ts @@ -27,7 +27,7 @@ import * as utilities from "../utilities"; * key: "ec2-bootstrap-script.sh", * }); * const example = new aws.ec2.Instance("example", { - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * ami: "ami-2757f631", * userData: bootstrapScript.then(bootstrapScript => bootstrapScript.body), * }); @@ -224,7 +224,7 @@ export interface GetBucketObjectResult { * key: "ec2-bootstrap-script.sh", * }); * const example = new aws.ec2.Instance("example", { - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * ami: "ami-2757f631", * userData: bootstrapScript.then(bootstrapScript => bootstrapScript.body), * }); diff --git a/sdk/nodejs/s3/getObject.ts b/sdk/nodejs/s3/getObject.ts index 998a6c32870..b3e02d9eb73 100644 --- a/sdk/nodejs/s3/getObject.ts +++ b/sdk/nodejs/s3/getObject.ts @@ -25,7 +25,7 @@ import * as utilities from "../utilities"; * key: "ec2-bootstrap-script.sh", * }); * const example = new aws.ec2.Instance("example", { - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * ami: "ami-2757f631", * userData: bootstrapScript.then(bootstrapScript => bootstrapScript.body), * }); @@ -240,7 +240,7 @@ export interface GetObjectResult { * key: "ec2-bootstrap-script.sh", * }); * const example = new aws.ec2.Instance("example", { - * instanceType: "t2.micro", + * instanceType: aws.ec2.InstanceType.T2_Micro, * ami: "ami-2757f631", * userData: bootstrapScript.then(bootstrapScript => bootstrapScript.body), * }); diff --git a/sdk/nodejs/ses/domainDkim.ts b/sdk/nodejs/ses/domainDkim.ts index 5378965b11f..213e93cd9d2 100644 --- a/sdk/nodejs/ses/domainDkim.ts +++ b/sdk/nodejs/ses/domainDkim.ts @@ -23,7 +23,7 @@ import * as utilities from "../utilities"; * exampleAmazonsesDkimRecord.push(new aws.route53.Record(`example_amazonses_dkim_record-${range.value}`, { * zoneId: "ABCDEFGHIJ123", * name: exampleDomainDkim.dkimTokens.apply(dkimTokens => `${dkimTokens[range.value]}._domainkey`), - * type: "CNAME", + * type: aws.route53.RecordType.CNAME, * ttl: 600, * records: [exampleDomainDkim.dkimTokens.apply(dkimTokens => `${dkimTokens[range.value]}.dkim.amazonses.com`)], * })); diff --git a/sdk/nodejs/ses/domainIdentity.ts b/sdk/nodejs/ses/domainIdentity.ts index 41f74b4e3e8..05250d36cb4 100644 --- a/sdk/nodejs/ses/domainIdentity.ts +++ b/sdk/nodejs/ses/domainIdentity.ts @@ -31,7 +31,7 @@ import * as utilities from "../utilities"; * const exampleAmazonsesVerificationRecord = new aws.route53.Record("example_amazonses_verification_record", { * zoneId: "ABCDEFGHIJ123", * name: "_amazonses.example.com", - * type: "TXT", + * type: aws.route53.RecordType.TXT, * ttl: 600, * records: [example.verificationToken], * }); diff --git a/sdk/nodejs/ses/domainIdentityVerification.ts b/sdk/nodejs/ses/domainIdentityVerification.ts index 132dfaf9203..c60df82c182 100644 --- a/sdk/nodejs/ses/domainIdentityVerification.ts +++ b/sdk/nodejs/ses/domainIdentityVerification.ts @@ -24,7 +24,7 @@ import * as utilities from "../utilities"; * const exampleAmazonsesVerificationRecord = new aws.route53.Record("example_amazonses_verification_record", { * zoneId: exampleAwsRoute53Zone.zoneId, * name: pulumi.interpolate`_amazonses.${example.id}`, - * type: "TXT", + * type: aws.route53.RecordType.TXT, * ttl: 600, * records: [example.verificationToken], * }); diff --git a/sdk/nodejs/ses/mailFrom.ts b/sdk/nodejs/ses/mailFrom.ts index 397941b6dbf..6a88529f48f 100644 --- a/sdk/nodejs/ses/mailFrom.ts +++ b/sdk/nodejs/ses/mailFrom.ts @@ -28,7 +28,7 @@ import * as utilities from "../utilities"; * const exampleSesDomainMailFromMx = new aws.route53.Record("example_ses_domain_mail_from_mx", { * zoneId: exampleAwsRoute53Zone.id, * name: example.mailFromDomain, - * type: "MX", + * type: aws.route53.RecordType.MX, * ttl: 600, * records: ["10 feedback-smtp.us-east-1.amazonses.com"], * }); @@ -36,7 +36,7 @@ import * as utilities from "../utilities"; * const exampleSesDomainMailFromTxt = new aws.route53.Record("example_ses_domain_mail_from_txt", { * zoneId: exampleAwsRoute53Zone.id, * name: example.mailFromDomain, - * type: "TXT", + * type: aws.route53.RecordType.TXT, * ttl: 600, * records: ["v=spf1 include:amazonses.com -all"], * }); diff --git a/sdk/nodejs/ssm/parameter.ts b/sdk/nodejs/ssm/parameter.ts index e03dc09edb4..85c7f915e00 100644 --- a/sdk/nodejs/ssm/parameter.ts +++ b/sdk/nodejs/ssm/parameter.ts @@ -23,7 +23,7 @@ import * as utilities from "../utilities"; * * const foo = new aws.ssm.Parameter("foo", { * name: "foo", - * type: "String", + * type: aws.ssm.ParameterType.String, * value: "bar", * }); * ``` @@ -38,10 +38,10 @@ import * as utilities from "../utilities"; * * const _default = new aws.rds.Instance("default", { * allocatedStorage: 10, - * storageType: "gp2", + * storageType: aws.rds.StorageType.GP2, * engine: "mysql", * engineVersion: "5.7.16", - * instanceClass: "db.t2.micro", + * instanceClass: aws.rds.InstanceType.T2_Micro, * dbName: "mydb", * username: "foo", * password: databaseMasterPassword, @@ -51,7 +51,7 @@ import * as utilities from "../utilities"; * const secret = new aws.ssm.Parameter("secret", { * name: "/production/database/password/master", * description: "The parameter description", - * type: "SecureString", + * type: aws.ssm.ParameterType.SecureString, * value: databaseMasterPassword, * tags: { * environment: "production", diff --git a/sdk/nodejs/storagegateway/fileSystemAssociation.ts b/sdk/nodejs/storagegateway/fileSystemAssociation.ts index f10b5a94fbe..67766274901 100644 --- a/sdk/nodejs/storagegateway/fileSystemAssociation.ts +++ b/sdk/nodejs/storagegateway/fileSystemAssociation.ts @@ -42,7 +42,7 @@ import * as utilities from "../utilities"; * const test = new aws.ec2.Instance("test", { * ami: awsServiceStoragegatewayAmiFILES3Latest.then(awsServiceStoragegatewayAmiFILES3Latest => awsServiceStoragegatewayAmiFILES3Latest.value), * associatePublicIpAddress: true, - * instanceType: aws.ec2.instancetype.InstanceType[available.instanceType], + * instanceType: aws.ec2.InstanceType[available.instanceType], * vpcSecurityGroupIds: [testAwsSecurityGroup.id], * subnetId: testAwsSubnet[0].id, * }); diff --git a/sdk/python/pulumi_aws/acm/certificate.py b/sdk/python/pulumi_aws/acm/certificate.py index 8c11c5decf9..6b71bb7879e 100644 --- a/sdk/python/pulumi_aws/acm/certificate.py +++ b/sdk/python/pulumi_aws/acm/certificate.py @@ -767,7 +767,7 @@ def __init__(__self__, name=range["value"]["name"], records=[range["value"]["record"]], ttl=60, - type=aws.route53/recordtype.RecordType(range["value"]["type"]), + type=aws.route53.RecordType(range["value"]["type"]), zone_id=example_aws_route53_zone["zoneId"])) ``` @@ -930,7 +930,7 @@ def __init__(__self__, name=range["value"]["name"], records=[range["value"]["record"]], ttl=60, - type=aws.route53/recordtype.RecordType(range["value"]["type"]), + type=aws.route53.RecordType(range["value"]["type"]), zone_id=example_aws_route53_zone["zoneId"])) ``` diff --git a/sdk/python/pulumi_aws/apigateway/domain_name.py b/sdk/python/pulumi_aws/apigateway/domain_name.py index 5f5b498bb32..a324415f18a 100644 --- a/sdk/python/pulumi_aws/apigateway/domain_name.py +++ b/sdk/python/pulumi_aws/apigateway/domain_name.py @@ -641,7 +641,7 @@ def __init__(__self__, # Route53 is not specifically required; any DNS host can be used. example_record = aws.route53.Record("example", name=example.domain_name, - type="A", + type=aws.route53.RecordType.A, zone_id=example_aws_route53_zone["id"], aliases=[aws.route53.RecordAliasArgs( evaluate_target_health=True, @@ -668,7 +668,7 @@ def __init__(__self__, # Route53 is not specifically required; any DNS host can be used. example_record = aws.route53.Record("example", name=example.domain_name, - type="A", + type=aws.route53.RecordType.A, zone_id=example_aws_route53_zone["id"], aliases=[aws.route53.RecordAliasArgs( evaluate_target_health=True, @@ -756,7 +756,7 @@ def __init__(__self__, # Route53 is not specifically required; any DNS host can be used. example_record = aws.route53.Record("example", name=example.domain_name, - type="A", + type=aws.route53.RecordType.A, zone_id=example_aws_route53_zone["id"], aliases=[aws.route53.RecordAliasArgs( evaluate_target_health=True, @@ -783,7 +783,7 @@ def __init__(__self__, # Route53 is not specifically required; any DNS host can be used. example_record = aws.route53.Record("example", name=example.domain_name, - type="A", + type=aws.route53.RecordType.A, zone_id=example_aws_route53_zone["id"], aliases=[aws.route53.RecordAliasArgs( evaluate_target_health=True, diff --git a/sdk/python/pulumi_aws/apigateway/integration.py b/sdk/python/pulumi_aws/apigateway/integration.py index 279ca26aac2..990fc90b951 100644 --- a/sdk/python/pulumi_aws/apigateway/integration.py +++ b/sdk/python/pulumi_aws/apigateway/integration.py @@ -705,7 +705,7 @@ def __init__(__self__, name="mylambda", role=role.arn, handler="lambda.lambda_handler", - runtime="python3.7", + runtime=aws.lambda_.Runtime.PYTHON3D7, source_code_hash=std.filebase64sha256(input="lambda.zip").result) integration = aws.apigateway.Integration("integration", rest_api=api.id, @@ -901,7 +901,7 @@ def __init__(__self__, name="mylambda", role=role.arn, handler="lambda.lambda_handler", - runtime="python3.7", + runtime=aws.lambda_.Runtime.PYTHON3D7, source_code_hash=std.filebase64sha256(input="lambda.zip").result) integration = aws.apigateway.Integration("integration", rest_api=api.id, diff --git a/sdk/python/pulumi_aws/apigatewayv2/domain_name.py b/sdk/python/pulumi_aws/apigatewayv2/domain_name.py index fd1547e2a0b..83702793e85 100644 --- a/sdk/python/pulumi_aws/apigatewayv2/domain_name.py +++ b/sdk/python/pulumi_aws/apigatewayv2/domain_name.py @@ -261,7 +261,7 @@ def __init__(__self__, )) example_record = aws.route53.Record("example", name=example.domain_name, - type="A", + type=aws.route53.RecordType.A, zone_id=example_aws_route53_zone["zoneId"], aliases=[aws.route53.RecordAliasArgs( name=example.domain_name_configuration.target_domain_name, @@ -334,7 +334,7 @@ def __init__(__self__, )) example_record = aws.route53.Record("example", name=example.domain_name, - type="A", + type=aws.route53.RecordType.A, zone_id=example_aws_route53_zone["zoneId"], aliases=[aws.route53.RecordAliasArgs( name=example.domain_name_configuration.target_domain_name, diff --git a/sdk/python/pulumi_aws/apigatewayv2/integration.py b/sdk/python/pulumi_aws/apigatewayv2/integration.py index cbdd35613b9..c1c9134fae8 100644 --- a/sdk/python/pulumi_aws/apigatewayv2/integration.py +++ b/sdk/python/pulumi_aws/apigatewayv2/integration.py @@ -706,7 +706,7 @@ def __init__(__self__, name="Example", role=example_aws_iam_role["arn"], handler="index.handler", - runtime="nodejs16.x") + runtime=aws.lambda_.Runtime.NODE_JS16D_X) example_integration = aws.apigatewayv2.Integration("example", api_id=example_aws_apigatewayv2_api["id"], integration_type="AWS_PROXY", @@ -854,7 +854,7 @@ def __init__(__self__, name="Example", role=example_aws_iam_role["arn"], handler="index.handler", - runtime="nodejs16.x") + runtime=aws.lambda_.Runtime.NODE_JS16D_X) example_integration = aws.apigatewayv2.Integration("example", api_id=example_aws_apigatewayv2_api["id"], integration_type="AWS_PROXY", diff --git a/sdk/python/pulumi_aws/autoscaling/group.py b/sdk/python/pulumi_aws/autoscaling/group.py index b00d77e99e1..82bfb6504cd 100644 --- a/sdk/python/pulumi_aws/autoscaling/group.py +++ b/sdk/python/pulumi_aws/autoscaling/group.py @@ -1522,7 +1522,7 @@ def __init__(__self__, test = aws.ec2.PlacementGroup("test", name="test", - strategy="cluster") + strategy=aws.ec2.PlacementStrategy.CLUSTER) bar = aws.autoscaling.Group("bar", name="foobar3-test", max_size=5, @@ -2054,7 +2054,7 @@ def __init__(__self__, test = aws.ec2.PlacementGroup("test", name="test", - strategy="cluster") + strategy=aws.ec2.PlacementStrategy.CLUSTER) bar = aws.autoscaling.Group("bar", name="foobar3-test", max_size=5, diff --git a/sdk/python/pulumi_aws/batch/compute_environment.py b/sdk/python/pulumi_aws/batch/compute_environment.py index 61838a876a6..133d07ebfba 100644 --- a/sdk/python/pulumi_aws/batch/compute_environment.py +++ b/sdk/python/pulumi_aws/batch/compute_environment.py @@ -480,7 +480,7 @@ def __init__(__self__, cidr_block="10.1.1.0/24") sample_placement_group = aws.ec2.PlacementGroup("sample", name="sample", - strategy="cluster") + strategy=aws.ec2.PlacementStrategy.CLUSTER) sample_compute_environment = aws.batch.ComputeEnvironment("sample", compute_environment_name="sample", compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs( @@ -634,7 +634,7 @@ def __init__(__self__, cidr_block="10.1.1.0/24") sample_placement_group = aws.ec2.PlacementGroup("sample", name="sample", - strategy="cluster") + strategy=aws.ec2.PlacementStrategy.CLUSTER) sample_compute_environment = aws.batch.ComputeEnvironment("sample", compute_environment_name="sample", compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs( diff --git a/sdk/python/pulumi_aws/cloudformation/get_export.py b/sdk/python/pulumi_aws/cloudformation/get_export.py index d4cdcc98f0f..ca9ef919c56 100644 --- a/sdk/python/pulumi_aws/cloudformation/get_export.py +++ b/sdk/python/pulumi_aws/cloudformation/get_export.py @@ -95,7 +95,7 @@ def get_export(name: Optional[str] = None, subnet_id = aws.cloudformation.get_export(name="mySubnetIdExportName") web = aws.ec2.Instance("web", ami="ami-abb07bcb", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet_id.value) ``` @@ -134,7 +134,7 @@ def get_export_output(name: Optional[pulumi.Input[str]] = None, subnet_id = aws.cloudformation.get_export(name="mySubnetIdExportName") web = aws.ec2.Instance("web", ami="ami-abb07bcb", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet_id.value) ``` diff --git a/sdk/python/pulumi_aws/cloudformation/get_stack.py b/sdk/python/pulumi_aws/cloudformation/get_stack.py index b0564faefe6..28389e4632e 100644 --- a/sdk/python/pulumi_aws/cloudformation/get_stack.py +++ b/sdk/python/pulumi_aws/cloudformation/get_stack.py @@ -190,7 +190,7 @@ def get_stack(name: Optional[str] = None, network = aws.cloudformation.get_stack(name="my-network-stack") web = aws.ec2.Instance("web", ami="ami-abb07bcb", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=network.outputs["SubnetId"], tags={ "Name": "HelloWorld", @@ -241,7 +241,7 @@ def get_stack_output(name: Optional[pulumi.Input[str]] = None, network = aws.cloudformation.get_stack(name="my-network-stack") web = aws.ec2.Instance("web", ami="ami-abb07bcb", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=network.outputs["SubnetId"], tags={ "Name": "HelloWorld", diff --git a/sdk/python/pulumi_aws/cognito/user_pool_domain.py b/sdk/python/pulumi_aws/cognito/user_pool_domain.py index 3a90b8cb8f2..5b56458207d 100644 --- a/sdk/python/pulumi_aws/cognito/user_pool_domain.py +++ b/sdk/python/pulumi_aws/cognito/user_pool_domain.py @@ -260,7 +260,7 @@ def __init__(__self__, example = aws.route53.get_zone(name="example.com") auth_cognito__a = aws.route53.Record("auth-cognito-A", name=main.domain, - type="A", + type=aws.route53.RecordType.A, zone_id=example.zone_id, aliases=[aws.route53.RecordAliasArgs( evaluate_target_health=False, @@ -324,7 +324,7 @@ def __init__(__self__, example = aws.route53.get_zone(name="example.com") auth_cognito__a = aws.route53.Record("auth-cognito-A", name=main.domain, - type="A", + type=aws.route53.RecordType.A, zone_id=example.zone_id, aliases=[aws.route53.RecordAliasArgs( evaluate_target_health=False, diff --git a/sdk/python/pulumi_aws/ec2/capacity_reservation.py b/sdk/python/pulumi_aws/ec2/capacity_reservation.py index 2fd8dfe168a..039cfed8958 100644 --- a/sdk/python/pulumi_aws/ec2/capacity_reservation.py +++ b/sdk/python/pulumi_aws/ec2/capacity_reservation.py @@ -524,8 +524,8 @@ def __init__(__self__, import pulumi_aws as aws default = aws.ec2.CapacityReservation("default", - instance_type="t2.micro", - instance_platform="Linux/UNIX", + instance_type=aws.ec2.InstanceType.T2_MICRO, + instance_platform=aws.ec2.InstancePlatform.LINUX_UNIX, availability_zone="eu-west-1a", instance_count=1) ``` @@ -572,8 +572,8 @@ def __init__(__self__, import pulumi_aws as aws default = aws.ec2.CapacityReservation("default", - instance_type="t2.micro", - instance_platform="Linux/UNIX", + instance_type=aws.ec2.InstanceType.T2_MICRO, + instance_platform=aws.ec2.InstancePlatform.LINUX_UNIX, availability_zone="eu-west-1a", instance_count=1) ``` diff --git a/sdk/python/pulumi_aws/ec2/eip.py b/sdk/python/pulumi_aws/ec2/eip.py index d9e93031e1a..2a191862750 100644 --- a/sdk/python/pulumi_aws/ec2/eip.py +++ b/sdk/python/pulumi_aws/ec2/eip.py @@ -616,7 +616,7 @@ def __init__(__self__, map_public_ip_on_launch=True) foo = aws.ec2.Instance("foo", ami="ami-5189a661", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, private_ip="10.0.0.12", subnet_id=my_test_subnet.id) bar = aws.ec2.Eip("bar", @@ -736,7 +736,7 @@ def __init__(__self__, map_public_ip_on_launch=True) foo = aws.ec2.Instance("foo", ami="ami-5189a661", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, private_ip="10.0.0.12", subnet_id=my_test_subnet.id) bar = aws.ec2.Eip("bar", diff --git a/sdk/python/pulumi_aws/ec2/eip_association.py b/sdk/python/pulumi_aws/ec2/eip_association.py index 718cd3b8953..b0bd54566ac 100644 --- a/sdk/python/pulumi_aws/ec2/eip_association.py +++ b/sdk/python/pulumi_aws/ec2/eip_association.py @@ -286,7 +286,7 @@ def __init__(__self__, web = aws.ec2.Instance("web", ami="ami-21f78e11", availability_zone="us-west-2a", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, tags={ "Name": "HelloWorld", }) @@ -348,7 +348,7 @@ def __init__(__self__, web = aws.ec2.Instance("web", ami="ami-21f78e11", availability_zone="us-west-2a", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, tags={ "Name": "HelloWorld", }) diff --git a/sdk/python/pulumi_aws/ec2/instance.py b/sdk/python/pulumi_aws/ec2/instance.py index 5475eeadcce..2f984d9d506 100644 --- a/sdk/python/pulumi_aws/ec2/instance.py +++ b/sdk/python/pulumi_aws/ec2/instance.py @@ -1822,7 +1822,7 @@ def __init__(__self__, owners=["099720109477"]) web = aws.ec2.Instance("web", ami=ubuntu.id, - instance_type="t3.micro", + instance_type=aws.ec2.InstanceType.T3_MICRO, tags={ "Name": "HelloWorld", }) @@ -1855,7 +1855,7 @@ def __init__(__self__, max_price="0.0031", ), ), - instance_type="t4g.nano", + instance_type=aws.ec2.InstanceType.T4G_NANO, tags={ "Name": "test-spot", }) @@ -1889,7 +1889,7 @@ def __init__(__self__, }) foo_instance = aws.ec2.Instance("foo", ami="ami-005e54dee72cc1d00", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, network_interfaces=[aws.ec2.InstanceNetworkInterfaceArgs( network_interface_id=foo.id, device_index=0, @@ -1927,7 +1927,7 @@ def __init__(__self__, )]) example_instance = aws.ec2.Instance("example", ami=amzn_linux_2023_ami.id, - instance_type="c6a.2xlarge", + instance_type=aws.ec2.InstanceType.C6A_2_X_LARGE, subnet_id=example_subnet.id, cpu_options=aws.ec2.InstanceCpuOptionsArgs( core_count=2, @@ -1952,7 +1952,7 @@ def __init__(__self__, this = aws.ec2.Instance("this", ami="ami-0dcc1e21636832c5d", - instance_type="m5.large", + instance_type=aws.ec2.InstanceType.M5_LARGE, host_resource_group_arn="arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost", tenancy="host") ``` @@ -2065,7 +2065,7 @@ def __init__(__self__, owners=["099720109477"]) web = aws.ec2.Instance("web", ami=ubuntu.id, - instance_type="t3.micro", + instance_type=aws.ec2.InstanceType.T3_MICRO, tags={ "Name": "HelloWorld", }) @@ -2098,7 +2098,7 @@ def __init__(__self__, max_price="0.0031", ), ), - instance_type="t4g.nano", + instance_type=aws.ec2.InstanceType.T4G_NANO, tags={ "Name": "test-spot", }) @@ -2132,7 +2132,7 @@ def __init__(__self__, }) foo_instance = aws.ec2.Instance("foo", ami="ami-005e54dee72cc1d00", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, network_interfaces=[aws.ec2.InstanceNetworkInterfaceArgs( network_interface_id=foo.id, device_index=0, @@ -2170,7 +2170,7 @@ def __init__(__self__, )]) example_instance = aws.ec2.Instance("example", ami=amzn_linux_2023_ami.id, - instance_type="c6a.2xlarge", + instance_type=aws.ec2.InstanceType.C6A_2_X_LARGE, subnet_id=example_subnet.id, cpu_options=aws.ec2.InstanceCpuOptionsArgs( core_count=2, @@ -2195,7 +2195,7 @@ def __init__(__self__, this = aws.ec2.Instance("this", ami="ami-0dcc1e21636832c5d", - instance_type="m5.large", + instance_type=aws.ec2.InstanceType.M5_LARGE, host_resource_group_arn="arn:aws:resource-groups:us-west-2:012345678901:group/win-testhost", tenancy="host") ``` diff --git a/sdk/python/pulumi_aws/ec2/network_interface_security_group_attachment.py b/sdk/python/pulumi_aws/ec2/network_interface_security_group_attachment.py index ffbb0585a05..6ca81632d12 100644 --- a/sdk/python/pulumi_aws/ec2/network_interface_security_group_attachment.py +++ b/sdk/python/pulumi_aws/ec2/network_interface_security_group_attachment.py @@ -129,7 +129,7 @@ def __init__(__self__, )], owners=["amazon"]) instance = aws.ec2.Instance("instance", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, ami=ami.id, tags={ "type": "test-instance", @@ -213,7 +213,7 @@ def __init__(__self__, )], owners=["amazon"]) instance = aws.ec2.Instance("instance", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, ami=ami.id, tags={ "type": "test-instance", diff --git a/sdk/python/pulumi_aws/ec2/placement_group.py b/sdk/python/pulumi_aws/ec2/placement_group.py index e234ab879cc..aeb1d93d421 100644 --- a/sdk/python/pulumi_aws/ec2/placement_group.py +++ b/sdk/python/pulumi_aws/ec2/placement_group.py @@ -277,7 +277,7 @@ def __init__(__self__, web = aws.ec2.PlacementGroup("web", name="hunky-dory-pg", - strategy="cluster") + strategy=aws.ec2.PlacementStrategy.CLUSTER) ``` @@ -319,7 +319,7 @@ def __init__(__self__, web = aws.ec2.PlacementGroup("web", name="hunky-dory-pg", - strategy="cluster") + strategy=aws.ec2.PlacementStrategy.CLUSTER) ``` diff --git a/sdk/python/pulumi_aws/ec2/security_group.py b/sdk/python/pulumi_aws/ec2/security_group.py index 3da795ca2e7..52002f16144 100644 --- a/sdk/python/pulumi_aws/ec2/security_group.py +++ b/sdk/python/pulumi_aws/ec2/security_group.py @@ -505,7 +505,7 @@ def __init__(__self__, example = aws.ec2.SecurityGroup("example", name="sg") example_instance = aws.ec2.Instance("example", - instance_type="t3.small", + instance_type=aws.ec2.InstanceType.T3_SMALL, vpc_security_group_ids=[test["id"]]) ``` @@ -736,7 +736,7 @@ def __init__(__self__, example = aws.ec2.SecurityGroup("example", name="sg") example_instance = aws.ec2.Instance("example", - instance_type="t3.small", + instance_type=aws.ec2.InstanceType.T3_SMALL, vpc_security_group_ids=[test["id"]]) ``` diff --git a/sdk/python/pulumi_aws/ec2/security_group_rule.py b/sdk/python/pulumi_aws/ec2/security_group_rule.py index 8cdbf3dbd61..5789381aa1e 100644 --- a/sdk/python/pulumi_aws/ec2/security_group_rule.py +++ b/sdk/python/pulumi_aws/ec2/security_group_rule.py @@ -454,7 +454,7 @@ def __init__(__self__, type="ingress", from_port=0, to_port=65535, - protocol="tcp", + protocol=aws.ec2.ProtocolType.TCP, cidr_blocks=[example_aws_vpc["cidrBlock"]], ipv6_cidr_blocks=[example_aws_vpc["ipv6CidrBlock"]], security_group_id="sg-123456") @@ -502,7 +502,7 @@ def __init__(__self__, security_group_id="sg-123456", from_port=443, to_port=443, - protocol="tcp", + protocol=aws.ec2.ProtocolType.TCP, prefix_list_ids=[s3.id]) ``` @@ -612,7 +612,7 @@ def __init__(__self__, type="ingress", from_port=0, to_port=65535, - protocol="tcp", + protocol=aws.ec2.ProtocolType.TCP, cidr_blocks=[example_aws_vpc["cidrBlock"]], ipv6_cidr_blocks=[example_aws_vpc["ipv6CidrBlock"]], security_group_id="sg-123456") @@ -660,7 +660,7 @@ def __init__(__self__, security_group_id="sg-123456", from_port=443, to_port=443, - protocol="tcp", + protocol=aws.ec2.ProtocolType.TCP, prefix_list_ids=[s3.id]) ``` diff --git a/sdk/python/pulumi_aws/ec2/volume_attachment.py b/sdk/python/pulumi_aws/ec2/volume_attachment.py index 030326825fc..8f735a4f4bf 100644 --- a/sdk/python/pulumi_aws/ec2/volume_attachment.py +++ b/sdk/python/pulumi_aws/ec2/volume_attachment.py @@ -280,7 +280,7 @@ def __init__(__self__, web = aws.ec2.Instance("web", ami="ami-21f78e11", availability_zone="us-west-2a", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, tags={ "Name": "HelloWorld", }) @@ -342,7 +342,7 @@ def __init__(__self__, web = aws.ec2.Instance("web", ami="ami-21f78e11", availability_zone="us-west-2a", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, tags={ "Name": "HelloWorld", }) diff --git a/sdk/python/pulumi_aws/ec2transitgateway/instance_state.py b/sdk/python/pulumi_aws/ec2transitgateway/instance_state.py index f04880e6a75..69c2138e17a 100644 --- a/sdk/python/pulumi_aws/ec2transitgateway/instance_state.py +++ b/sdk/python/pulumi_aws/ec2transitgateway/instance_state.py @@ -164,7 +164,7 @@ def __init__(__self__, owners=["099720109477"]) test = aws.ec2.Instance("test", ami=ubuntu.id, - instance_type="t3.micro", + instance_type=aws.ec2.InstanceType.T3_MICRO, tags={ "Name": "HelloWorld", }) @@ -222,7 +222,7 @@ def __init__(__self__, owners=["099720109477"]) test = aws.ec2.Instance("test", ami=ubuntu.id, - instance_type="t3.micro", + instance_type=aws.ec2.InstanceType.T3_MICRO, tags={ "Name": "HelloWorld", }) diff --git a/sdk/python/pulumi_aws/ec2transitgateway/multicast_domain.py b/sdk/python/pulumi_aws/ec2transitgateway/multicast_domain.py index da83e978b4c..2fe723b4f7f 100644 --- a/sdk/python/pulumi_aws/ec2transitgateway/multicast_domain.py +++ b/sdk/python/pulumi_aws/ec2transitgateway/multicast_domain.py @@ -290,15 +290,15 @@ def __init__(__self__, availability_zone=available.names[0]) instance1 = aws.ec2.Instance("instance1", ami=amazon_linux.id, - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet1.id) instance2 = aws.ec2.Instance("instance2", ami=amazon_linux.id, - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet2.id) instance3 = aws.ec2.Instance("instance3", ami=amazon_linux.id, - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet3.id) tgw = aws.ec2transitgateway.TransitGateway("tgw", multicast_support="enable") attachment1 = aws.ec2transitgateway.VpcAttachment("attachment1", @@ -406,15 +406,15 @@ def __init__(__self__, availability_zone=available.names[0]) instance1 = aws.ec2.Instance("instance1", ami=amazon_linux.id, - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet1.id) instance2 = aws.ec2.Instance("instance2", ami=amazon_linux.id, - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet2.id) instance3 = aws.ec2.Instance("instance3", ami=amazon_linux.id, - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, subnet_id=subnet3.id) tgw = aws.ec2transitgateway.TransitGateway("tgw", multicast_support="enable") attachment1 = aws.ec2transitgateway.VpcAttachment("attachment1", diff --git a/sdk/python/pulumi_aws/elb/get_hosted_zone_id.py b/sdk/python/pulumi_aws/elb/get_hosted_zone_id.py index a758c59f31f..133fd3e6351 100644 --- a/sdk/python/pulumi_aws/elb/get_hosted_zone_id.py +++ b/sdk/python/pulumi_aws/elb/get_hosted_zone_id.py @@ -70,7 +70,7 @@ def get_hosted_zone_id(region: Optional[str] = None, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="example.com", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=main_aws_elb["dnsName"], zone_id=main.id, @@ -111,7 +111,7 @@ def get_hosted_zone_id_output(region: Optional[pulumi.Input[Optional[str]]] = No www = aws.route53.Record("www", zone_id=primary["zoneId"], name="example.com", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=main_aws_elb["dnsName"], zone_id=main.id, diff --git a/sdk/python/pulumi_aws/kinesis/firehose_delivery_stream.py b/sdk/python/pulumi_aws/kinesis/firehose_delivery_stream.py index 25f907f7504..6bcfd5af09b 100644 --- a/sdk/python/pulumi_aws/kinesis/firehose_delivery_stream.py +++ b/sdk/python/pulumi_aws/kinesis/firehose_delivery_stream.py @@ -626,7 +626,7 @@ def __init__(__self__, name="firehose_lambda_processor", role=lambda_iam.arn, handler="exports.handler", - runtime="nodejs16.x") + runtime=aws.lambda_.Runtime.NODE_JS16D_X) extended_s3_stream = aws.kinesis.FirehoseDeliveryStream("extended_s3_stream", name="kinesis-firehose-extended-s3-test-stream", destination="extended_s3", @@ -1203,7 +1203,7 @@ def __init__(__self__, name="firehose_lambda_processor", role=lambda_iam.arn, handler="exports.handler", - runtime="nodejs16.x") + runtime=aws.lambda_.Runtime.NODE_JS16D_X) extended_s3_stream = aws.kinesis.FirehoseDeliveryStream("extended_s3_stream", name="kinesis-firehose-extended-s3-test-stream", destination="extended_s3", diff --git a/sdk/python/pulumi_aws/lambda_/function.py b/sdk/python/pulumi_aws/lambda_/function.py index 29b9d75aa15..d6f7bcbcf41 100644 --- a/sdk/python/pulumi_aws/lambda_/function.py +++ b/sdk/python/pulumi_aws/lambda_/function.py @@ -1367,7 +1367,7 @@ def __init__(__self__, role=iam_for_lambda.arn, handler="index.test", source_code_hash=lambda_.output_base64sha256, - runtime="nodejs18.x", + runtime=aws.lambda_.Runtime.NODE_JS18D_X, environment=aws.lambda_.FunctionEnvironmentArgs( variables={ "foo": "bar", @@ -1413,7 +1413,7 @@ def __init__(__self__, name="lambda_function_name", role=iam_for_lambda.arn, handler="index.test", - runtime="nodejs18.x", + runtime=aws.lambda_.Runtime.NODE_JS18D_X, ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs( size=10240, )) @@ -1615,7 +1615,7 @@ def __init__(__self__, role=iam_for_lambda.arn, handler="index.test", source_code_hash=lambda_.output_base64sha256, - runtime="nodejs18.x", + runtime=aws.lambda_.Runtime.NODE_JS18D_X, environment=aws.lambda_.FunctionEnvironmentArgs( variables={ "foo": "bar", @@ -1661,7 +1661,7 @@ def __init__(__self__, name="lambda_function_name", role=iam_for_lambda.arn, handler="index.test", - runtime="nodejs18.x", + runtime=aws.lambda_.Runtime.NODE_JS18D_X, ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs( size=10240, )) diff --git a/sdk/python/pulumi_aws/lambda_/permission.py b/sdk/python/pulumi_aws/lambda_/permission.py index 51ce6dbac0c..a52c0cae57b 100644 --- a/sdk/python/pulumi_aws/lambda_/permission.py +++ b/sdk/python/pulumi_aws/lambda_/permission.py @@ -456,7 +456,7 @@ def __init__(__self__, name="lambda_function_name", role=iam_for_lambda.arn, handler="exports.handler", - runtime="nodejs16.x") + runtime=aws.lambda_.Runtime.NODE_JS16D_X) test_alias = aws.lambda_.Alias("test_alias", name="testalias", description="a sample description", @@ -499,7 +499,7 @@ def __init__(__self__, name="lambda_called_from_sns", role=default_role.arn, handler="exports.handler", - runtime="python3.7") + runtime=aws.lambda_.Runtime.PYTHON3D7) with_sns = aws.lambda_.Permission("with_sns", statement_id="AllowExecutionFromSNS", action="lambda:InvokeFunction", @@ -556,7 +556,7 @@ def __init__(__self__, name="lambda_called_from_cloudwatch_logs", handler="exports.handler", role=default_role.arn, - runtime="python3.7") + runtime=aws.lambda_.Runtime.PYTHON3D7) logging = aws.lambda_.Permission("logging", action="lambda:InvokeFunction", function=logging_function.name, @@ -676,7 +676,7 @@ def __init__(__self__, name="lambda_function_name", role=iam_for_lambda.arn, handler="exports.handler", - runtime="nodejs16.x") + runtime=aws.lambda_.Runtime.NODE_JS16D_X) test_alias = aws.lambda_.Alias("test_alias", name="testalias", description="a sample description", @@ -719,7 +719,7 @@ def __init__(__self__, name="lambda_called_from_sns", role=default_role.arn, handler="exports.handler", - runtime="python3.7") + runtime=aws.lambda_.Runtime.PYTHON3D7) with_sns = aws.lambda_.Permission("with_sns", statement_id="AllowExecutionFromSNS", action="lambda:InvokeFunction", @@ -776,7 +776,7 @@ def __init__(__self__, name="lambda_called_from_cloudwatch_logs", handler="exports.handler", role=default_role.arn, - runtime="python3.7") + runtime=aws.lambda_.Runtime.PYTHON3D7) logging = aws.lambda_.Permission("logging", action="lambda:InvokeFunction", function=logging_function.name, diff --git a/sdk/python/pulumi_aws/lb/get_hosted_zone_id.py b/sdk/python/pulumi_aws/lb/get_hosted_zone_id.py index 77f7c4c7982..1f0d01e1054 100644 --- a/sdk/python/pulumi_aws/lb/get_hosted_zone_id.py +++ b/sdk/python/pulumi_aws/lb/get_hosted_zone_id.py @@ -79,7 +79,7 @@ def get_hosted_zone_id(load_balancer_type: Optional[str] = None, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="example.com", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=main_aws_lb["dnsName"], zone_id=main.id, @@ -123,7 +123,7 @@ def get_hosted_zone_id_output(load_balancer_type: Optional[pulumi.Input[Optional www = aws.route53.Record("www", zone_id=primary["zoneId"], name="example.com", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=main_aws_lb["dnsName"], zone_id=main.id, diff --git a/sdk/python/pulumi_aws/licensemanager/association.py b/sdk/python/pulumi_aws/licensemanager/association.py index 8b51412eb0f..b1ec80cb299 100644 --- a/sdk/python/pulumi_aws/licensemanager/association.py +++ b/sdk/python/pulumi_aws/licensemanager/association.py @@ -117,7 +117,7 @@ def __init__(__self__, )]) example_instance = aws.ec2.Instance("example", ami=example.id, - instance_type="t2.micro") + instance_type=aws.ec2.InstanceType.T2_MICRO) example_license_configuration = aws.licensemanager.LicenseConfiguration("example", name="Example", license_counting_type="Instance") @@ -166,7 +166,7 @@ def __init__(__self__, )]) example_instance = aws.ec2.Instance("example", ami=example.id, - instance_type="t2.micro") + instance_type=aws.ec2.InstanceType.T2_MICRO) example_license_configuration = aws.licensemanager.LicenseConfiguration("example", name="Example", license_counting_type="Instance") diff --git a/sdk/python/pulumi_aws/rds/cluster.py b/sdk/python/pulumi_aws/rds/cluster.py index 07dca9ae97f..3c17cd753bd 100644 --- a/sdk/python/pulumi_aws/rds/cluster.py +++ b/sdk/python/pulumi_aws/rds/cluster.py @@ -1932,7 +1932,7 @@ def __init__(__self__, default = aws.rds.Cluster("default", cluster_identifier="aurora-cluster-demo", - engine="aurora-mysql", + engine=aws.rds.EngineType.AURORA_MYSQL, engine_version="5.7.mysql_aurora.2.03.2", availability_zones=[ "us-west-2a", @@ -1978,7 +1978,7 @@ def __init__(__self__, postgresql = aws.rds.Cluster("postgresql", cluster_identifier="aurora-cluster-demo", - engine="aurora-postgresql", + engine=aws.rds.EngineType.AURORA_POSTGRESQL, availability_zones=[ "us-west-2a", "us-west-2b", @@ -2036,8 +2036,8 @@ def __init__(__self__, example = aws.rds.Cluster("example", cluster_identifier="example", - engine="aurora-postgresql", - engine_mode="provisioned", + engine=aws.rds.EngineType.AURORA_POSTGRESQL, + engine_mode=aws.rds.EngineMode.PROVISIONED, engine_version="13.6", database_name="test", master_username="test", @@ -2105,7 +2105,7 @@ def __init__(__self__, example = aws.rds.get_cluster_snapshot(db_cluster_identifier="example-original-cluster", most_recent=True) example_cluster = aws.rds.Cluster("example", - engine="aurora", + engine=aws.rds.EngineType.AURORA, engine_version="5.6.mysql_aurora.1.22.4", cluster_identifier="example", snapshot_identifier=example.id) @@ -2219,7 +2219,7 @@ def __init__(__self__, default = aws.rds.Cluster("default", cluster_identifier="aurora-cluster-demo", - engine="aurora-mysql", + engine=aws.rds.EngineType.AURORA_MYSQL, engine_version="5.7.mysql_aurora.2.03.2", availability_zones=[ "us-west-2a", @@ -2265,7 +2265,7 @@ def __init__(__self__, postgresql = aws.rds.Cluster("postgresql", cluster_identifier="aurora-cluster-demo", - engine="aurora-postgresql", + engine=aws.rds.EngineType.AURORA_POSTGRESQL, availability_zones=[ "us-west-2a", "us-west-2b", @@ -2323,8 +2323,8 @@ def __init__(__self__, example = aws.rds.Cluster("example", cluster_identifier="example", - engine="aurora-postgresql", - engine_mode="provisioned", + engine=aws.rds.EngineType.AURORA_POSTGRESQL, + engine_mode=aws.rds.EngineMode.PROVISIONED, engine_version="13.6", database_name="test", master_username="test", @@ -2392,7 +2392,7 @@ def __init__(__self__, example = aws.rds.get_cluster_snapshot(db_cluster_identifier="example-original-cluster", most_recent=True) example_cluster = aws.rds.Cluster("example", - engine="aurora", + engine=aws.rds.EngineType.AURORA, engine_version="5.6.mysql_aurora.1.22.4", cluster_identifier="example", snapshot_identifier=example.id) diff --git a/sdk/python/pulumi_aws/rds/cluster_activity_stream.py b/sdk/python/pulumi_aws/rds/cluster_activity_stream.py index cc8dadb4583..c289236ed6a 100644 --- a/sdk/python/pulumi_aws/rds/cluster_activity_stream.py +++ b/sdk/python/pulumi_aws/rds/cluster_activity_stream.py @@ -206,13 +206,13 @@ def __init__(__self__, database_name="mydb", master_username="foo", master_password="mustbeeightcharaters", - engine="aurora-postgresql", + engine=aws.rds.EngineType.AURORA_POSTGRESQL, engine_version="13.4") default_cluster_instance = aws.rds.ClusterInstance("default", identifier="aurora-instance-demo", cluster_identifier=default.cluster_identifier, engine=default.engine, - instance_class="db.r6g.large") + instance_class=aws.rds.InstanceType.R6_G_LARGE) default_key = aws.kms.Key("default", description="AWS KMS Key to encrypt Database Activity Stream") default_cluster_activity_stream = aws.rds.ClusterActivityStream("default", resource_arn=default.arn, @@ -270,13 +270,13 @@ def __init__(__self__, database_name="mydb", master_username="foo", master_password="mustbeeightcharaters", - engine="aurora-postgresql", + engine=aws.rds.EngineType.AURORA_POSTGRESQL, engine_version="13.4") default_cluster_instance = aws.rds.ClusterInstance("default", identifier="aurora-instance-demo", cluster_identifier=default.cluster_identifier, engine=default.engine, - instance_class="db.r6g.large") + instance_class=aws.rds.InstanceType.R6_G_LARGE) default_key = aws.kms.Key("default", description="AWS KMS Key to encrypt Database Activity Stream") default_cluster_activity_stream = aws.rds.ClusterActivityStream("default", resource_arn=default.arn, diff --git a/sdk/python/pulumi_aws/rds/cluster_endpoint.py b/sdk/python/pulumi_aws/rds/cluster_endpoint.py index d99d57b1d67..6c6b47394c9 100644 --- a/sdk/python/pulumi_aws/rds/cluster_endpoint.py +++ b/sdk/python/pulumi_aws/rds/cluster_endpoint.py @@ -309,21 +309,21 @@ def __init__(__self__, apply_immediately=True, cluster_identifier=default.id, identifier="test1", - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, engine=default.engine, engine_version=default.engine_version) test2 = aws.rds.ClusterInstance("test2", apply_immediately=True, cluster_identifier=default.id, identifier="test2", - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, engine=default.engine, engine_version=default.engine_version) test3 = aws.rds.ClusterInstance("test3", apply_immediately=True, cluster_identifier=default.id, identifier="test3", - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, engine=default.engine, engine_version=default.engine_version) eligible = aws.rds.ClusterEndpoint("eligible", @@ -395,21 +395,21 @@ def __init__(__self__, apply_immediately=True, cluster_identifier=default.id, identifier="test1", - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, engine=default.engine, engine_version=default.engine_version) test2 = aws.rds.ClusterInstance("test2", apply_immediately=True, cluster_identifier=default.id, identifier="test2", - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, engine=default.engine, engine_version=default.engine_version) test3 = aws.rds.ClusterInstance("test3", apply_immediately=True, cluster_identifier=default.id, identifier="test3", - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, engine=default.engine, engine_version=default.engine_version) eligible = aws.rds.ClusterEndpoint("eligible", diff --git a/sdk/python/pulumi_aws/rds/cluster_instance.py b/sdk/python/pulumi_aws/rds/cluster_instance.py index bf7919e541c..111a7e463df 100644 --- a/sdk/python/pulumi_aws/rds/cluster_instance.py +++ b/sdk/python/pulumi_aws/rds/cluster_instance.py @@ -1033,7 +1033,7 @@ def __init__(__self__, cluster_instances.append(aws.rds.ClusterInstance(f"cluster_instances-{range['value']}", identifier=f"aurora-cluster-demo-{range['value']}", cluster_identifier=default.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, engine=default.engine, engine_version=default.engine_version)) ``` @@ -1121,7 +1121,7 @@ def __init__(__self__, cluster_instances.append(aws.rds.ClusterInstance(f"cluster_instances-{range['value']}", identifier=f"aurora-cluster-demo-{range['value']}", cluster_identifier=default.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, engine=default.engine, engine_version=default.engine_version)) ``` diff --git a/sdk/python/pulumi_aws/rds/event_subscription.py b/sdk/python/pulumi_aws/rds/event_subscription.py index 2196dbf78ac..4faa7b13028 100644 --- a/sdk/python/pulumi_aws/rds/event_subscription.py +++ b/sdk/python/pulumi_aws/rds/event_subscription.py @@ -364,7 +364,7 @@ def __init__(__self__, allocated_storage=10, engine="mysql", engine_version="5.6.17", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydb", username="foo", password="bar", @@ -430,7 +430,7 @@ def __init__(__self__, allocated_storage=10, engine="mysql", engine_version="5.6.17", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydb", username="foo", password="bar", diff --git a/sdk/python/pulumi_aws/rds/export_task.py b/sdk/python/pulumi_aws/rds/export_task.py index 5834071bddf..b421d91d6d6 100644 --- a/sdk/python/pulumi_aws/rds/export_task.py +++ b/sdk/python/pulumi_aws/rds/export_task.py @@ -504,7 +504,7 @@ def __init__(__self__, db_name="test", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, username="foo", password="foobarbaz", parameter_group_name="default.mysql5.7", @@ -631,7 +631,7 @@ def __init__(__self__, db_name="test", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, username="foo", password="foobarbaz", parameter_group_name="default.mysql5.7", diff --git a/sdk/python/pulumi_aws/rds/get_cluster_snapshot.py b/sdk/python/pulumi_aws/rds/get_cluster_snapshot.py index 1460497672b..9d5f2a306f5 100644 --- a/sdk/python/pulumi_aws/rds/get_cluster_snapshot.py +++ b/sdk/python/pulumi_aws/rds/get_cluster_snapshot.py @@ -297,7 +297,7 @@ def get_cluster_snapshot(db_cluster_identifier: Optional[str] = None, db_subnet_group_name="my_db_subnet_group") aurora_cluster_instance = aws.rds.ClusterInstance("aurora", cluster_identifier=aurora.id, - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, db_subnet_group_name="my_db_subnet_group") ``` @@ -384,7 +384,7 @@ def get_cluster_snapshot_output(db_cluster_identifier: Optional[pulumi.Input[Opt db_subnet_group_name="my_db_subnet_group") aurora_cluster_instance = aws.rds.ClusterInstance("aurora", cluster_identifier=aurora.id, - instance_class="db.t2.small", + instance_class=aws.rds.InstanceType.T2_SMALL, db_subnet_group_name="my_db_subnet_group") ``` diff --git a/sdk/python/pulumi_aws/rds/get_snapshot.py b/sdk/python/pulumi_aws/rds/get_snapshot.py index 3d4246efb5e..902f72d75b1 100644 --- a/sdk/python/pulumi_aws/rds/get_snapshot.py +++ b/sdk/python/pulumi_aws/rds/get_snapshot.py @@ -333,7 +333,7 @@ def get_snapshot(db_instance_identifier: Optional[str] = None, allocated_storage=10, engine="mysql", engine_version="5.6.17", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydb", username="foo", password="bar", @@ -343,7 +343,7 @@ def get_snapshot(db_instance_identifier: Optional[str] = None, most_recent=True) # Use the latest production snapshot to create a dev instance. dev = aws.rds.Instance("dev", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydbdev", snapshot_identifier=latest_prod_snapshot.id) ``` @@ -430,7 +430,7 @@ def get_snapshot_output(db_instance_identifier: Optional[pulumi.Input[Optional[s allocated_storage=10, engine="mysql", engine_version="5.6.17", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydb", username="foo", password="bar", @@ -440,7 +440,7 @@ def get_snapshot_output(db_instance_identifier: Optional[pulumi.Input[Optional[s most_recent=True) # Use the latest production snapshot to create a dev instance. dev = aws.rds.Instance("dev", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydbdev", snapshot_identifier=latest_prod_snapshot.id) ``` diff --git a/sdk/python/pulumi_aws/rds/global_cluster.py b/sdk/python/pulumi_aws/rds/global_cluster.py index 4cc20e0e4e4..80b8e9a8798 100644 --- a/sdk/python/pulumi_aws/rds/global_cluster.py +++ b/sdk/python/pulumi_aws/rds/global_cluster.py @@ -391,7 +391,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-primary-cluster-instance", cluster_identifier=primary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") secondary = aws.rds.Cluster("secondary", engine=example.engine, @@ -404,7 +404,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-secondary-cluster-instance", cluster_identifier=secondary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") ``` @@ -435,7 +435,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-primary-cluster-instance", cluster_identifier=primary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") secondary = aws.rds.Cluster("secondary", engine=example.engine, @@ -449,7 +449,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-secondary-cluster-instance", cluster_identifier=secondary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") ``` @@ -499,7 +499,7 @@ def __init__(__self__, engine=primary.engine, engine_version=primary.engine_version, identifier="donetsklviv", - instance_class="db.r4.large") + instance_class=aws.rds.InstanceType.R4_LARGE) ``` @@ -564,7 +564,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-primary-cluster-instance", cluster_identifier=primary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") secondary = aws.rds.Cluster("secondary", engine=example.engine, @@ -577,7 +577,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-secondary-cluster-instance", cluster_identifier=secondary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") ``` @@ -608,7 +608,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-primary-cluster-instance", cluster_identifier=primary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") secondary = aws.rds.Cluster("secondary", engine=example.engine, @@ -622,7 +622,7 @@ def __init__(__self__, engine_version=example.engine_version, identifier="test-secondary-cluster-instance", cluster_identifier=secondary.id, - instance_class="db.r4.large", + instance_class=aws.rds.InstanceType.R4_LARGE, db_subnet_group_name="default") ``` @@ -672,7 +672,7 @@ def __init__(__self__, engine=primary.engine, engine_version=primary.engine_version, identifier="donetsklviv", - instance_class="db.r4.large") + instance_class=aws.rds.InstanceType.R4_LARGE) ``` diff --git a/sdk/python/pulumi_aws/rds/instance.py b/sdk/python/pulumi_aws/rds/instance.py index 7bd88de650b..3a8a74057e2 100644 --- a/sdk/python/pulumi_aws/rds/instance.py +++ b/sdk/python/pulumi_aws/rds/instance.py @@ -2787,7 +2787,7 @@ def __init__(__self__, db_name="mydb", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, username="foo", password="foobarbaz", parameter_group_name="default.mysql5.7", @@ -2823,7 +2823,7 @@ def __init__(__self__, engine=custom_oracle.engine, engine_version=custom_oracle.engine_version, identifier="ee-instance-demo", - instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)), kms_key_id=by_id.arn, license_model=custom_oracle.license_model, multi_az=False, @@ -2837,7 +2837,7 @@ def __init__(__self__, custom_iam_instance_profile="AWSRDSCustomInstanceProfile", backup_retention_period=7, identifier="ee-instance-replica", - instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)), kms_key_id=by_id.arn, multi_az=False, skip_final_snapshot=True, @@ -2872,7 +2872,7 @@ def __init__(__self__, engine=custom_sqlserver.engine, engine_version=custom_sqlserver.engine_version, identifier="sql-instance-demo", - instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds.InstanceType(x)), kms_key_id=by_id.arn, multi_az=False, password="avoid-plaintext-passwords", @@ -2924,7 +2924,7 @@ def __init__(__self__, engine=example.engine, engine_version=example.engine_version, identifier="db2-instance-demo", - instance_class=example.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=example.instance_class.apply(lambda x: aws.rds.InstanceType(x)), parameter_group_name=example_parameter_group.name, password="avoid-plaintext-passwords", username="test") @@ -2962,7 +2962,7 @@ def __init__(__self__, db_name="mydb", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, manage_master_user_password=True, username="foo", parameter_group_name="default.mysql5.7") @@ -2986,7 +2986,7 @@ def __init__(__self__, db_name="mydb", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, manage_master_user_password=True, master_user_secret_kms_key_id=example.key_id, username="foo", @@ -3209,7 +3209,7 @@ def __init__(__self__, db_name="mydb", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, username="foo", password="foobarbaz", parameter_group_name="default.mysql5.7", @@ -3245,7 +3245,7 @@ def __init__(__self__, engine=custom_oracle.engine, engine_version=custom_oracle.engine_version, identifier="ee-instance-demo", - instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)), kms_key_id=by_id.arn, license_model=custom_oracle.license_model, multi_az=False, @@ -3259,7 +3259,7 @@ def __init__(__self__, custom_iam_instance_profile="AWSRDSCustomInstanceProfile", backup_retention_period=7, identifier="ee-instance-replica", - instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)), kms_key_id=by_id.arn, multi_az=False, skip_final_snapshot=True, @@ -3294,7 +3294,7 @@ def __init__(__self__, engine=custom_sqlserver.engine, engine_version=custom_sqlserver.engine_version, identifier="sql-instance-demo", - instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds.InstanceType(x)), kms_key_id=by_id.arn, multi_az=False, password="avoid-plaintext-passwords", @@ -3346,7 +3346,7 @@ def __init__(__self__, engine=example.engine, engine_version=example.engine_version, identifier="db2-instance-demo", - instance_class=example.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)), + instance_class=example.instance_class.apply(lambda x: aws.rds.InstanceType(x)), parameter_group_name=example_parameter_group.name, password="avoid-plaintext-passwords", username="test") @@ -3384,7 +3384,7 @@ def __init__(__self__, db_name="mydb", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, manage_master_user_password=True, username="foo", parameter_group_name="default.mysql5.7") @@ -3408,7 +3408,7 @@ def __init__(__self__, db_name="mydb", engine="mysql", engine_version="5.7", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, manage_master_user_password=True, master_user_secret_kms_key_id=example.key_id, username="foo", diff --git a/sdk/python/pulumi_aws/rds/instance_automated_backups_replication.py b/sdk/python/pulumi_aws/rds/instance_automated_backups_replication.py index 9f7154c4082..6d870ceb58a 100644 --- a/sdk/python/pulumi_aws/rds/instance_automated_backups_replication.py +++ b/sdk/python/pulumi_aws/rds/instance_automated_backups_replication.py @@ -209,7 +209,7 @@ def __init__(__self__, identifier="mydb", engine="postgres", engine_version="13.4", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, db_name="mydb", username="masterusername", password="mustbeeightcharacters", @@ -289,7 +289,7 @@ def __init__(__self__, identifier="mydb", engine="postgres", engine_version="13.4", - instance_class="db.t3.micro", + instance_class=aws.rds.InstanceType.T3_MICRO, db_name="mydb", username="masterusername", password="mustbeeightcharacters", diff --git a/sdk/python/pulumi_aws/rds/snapshot.py b/sdk/python/pulumi_aws/rds/snapshot.py index 82973378106..3e886537e84 100644 --- a/sdk/python/pulumi_aws/rds/snapshot.py +++ b/sdk/python/pulumi_aws/rds/snapshot.py @@ -463,7 +463,7 @@ def __init__(__self__, allocated_storage=10, engine="mysql", engine_version="5.6.21", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="baz", password="barbarbarbar", username="foo", @@ -511,7 +511,7 @@ def __init__(__self__, allocated_storage=10, engine="mysql", engine_version="5.6.21", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="baz", password="barbarbarbar", username="foo", diff --git a/sdk/python/pulumi_aws/rds/snapshot_copy.py b/sdk/python/pulumi_aws/rds/snapshot_copy.py index e402177feed..092e4eea44a 100644 --- a/sdk/python/pulumi_aws/rds/snapshot_copy.py +++ b/sdk/python/pulumi_aws/rds/snapshot_copy.py @@ -564,7 +564,7 @@ def __init__(__self__, allocated_storage=10, engine="mysql", engine_version="5.6.21", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="baz", password="barbarbarbar", username="foo", @@ -620,7 +620,7 @@ def __init__(__self__, allocated_storage=10, engine="mysql", engine_version="5.6.21", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="baz", password="barbarbarbar", username="foo", diff --git a/sdk/python/pulumi_aws/route53/get_zone.py b/sdk/python/pulumi_aws/route53/get_zone.py index a0c8e604b2b..4dedecdba7f 100644 --- a/sdk/python/pulumi_aws/route53/get_zone.py +++ b/sdk/python/pulumi_aws/route53/get_zone.py @@ -211,7 +211,7 @@ def get_zone(name: Optional[str] = None, www = aws.route53.Record("www", zone_id=selected.zone_id, name=f"www.{selected.name}", - type="A", + type=aws.route53.RecordType.A, ttl=300, records=["10.0.0.1"]) ``` @@ -279,7 +279,7 @@ def get_zone_output(name: Optional[pulumi.Input[Optional[str]]] = None, www = aws.route53.Record("www", zone_id=selected.zone_id, name=f"www.{selected.name}", - type="A", + type=aws.route53.RecordType.A, ttl=300, records=["10.0.0.1"]) ``` diff --git a/sdk/python/pulumi_aws/route53/record.py b/sdk/python/pulumi_aws/route53/record.py index 809a62872ae..0098376e091 100644 --- a/sdk/python/pulumi_aws/route53/record.py +++ b/sdk/python/pulumi_aws/route53/record.py @@ -604,7 +604,7 @@ def __init__(__self__, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="www.example.com", - type="A", + type=aws.route53.RecordType.A, ttl=300, records=[lb["publicIp"]]) ``` @@ -622,7 +622,7 @@ def __init__(__self__, www_dev = aws.route53.Record("www-dev", zone_id=primary["zoneId"], name="www", - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=5, weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs( weight=10, @@ -632,7 +632,7 @@ def __init__(__self__, www_live = aws.route53.Record("www-live", zone_id=primary["zoneId"], name="www", - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=5, weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs( weight=90, @@ -652,7 +652,7 @@ def __init__(__self__, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="www.example.com", - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=300, geoproximity_routing_policy=aws.route53.RecordGeoproximityRoutingPolicyArgs( coordinates=[aws.route53.RecordGeoproximityRoutingPolicyCoordinateArgs( @@ -690,7 +690,7 @@ def __init__(__self__, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="example.com", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=main.dns_name, zone_id=main.zone_id, @@ -713,7 +713,7 @@ def __init__(__self__, allow_overwrite=True, name="test.example.com", ttl=172800, - type="NS", + type=aws.route53.RecordType.NS, zone_id=example.zone_id, records=[ example.name_servers[0], @@ -786,7 +786,7 @@ def __init__(__self__, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="www.example.com", - type="A", + type=aws.route53.RecordType.A, ttl=300, records=[lb["publicIp"]]) ``` @@ -804,7 +804,7 @@ def __init__(__self__, www_dev = aws.route53.Record("www-dev", zone_id=primary["zoneId"], name="www", - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=5, weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs( weight=10, @@ -814,7 +814,7 @@ def __init__(__self__, www_live = aws.route53.Record("www-live", zone_id=primary["zoneId"], name="www", - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=5, weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs( weight=90, @@ -834,7 +834,7 @@ def __init__(__self__, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="www.example.com", - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=300, geoproximity_routing_policy=aws.route53.RecordGeoproximityRoutingPolicyArgs( coordinates=[aws.route53.RecordGeoproximityRoutingPolicyCoordinateArgs( @@ -872,7 +872,7 @@ def __init__(__self__, www = aws.route53.Record("www", zone_id=primary["zoneId"], name="example.com", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=main.dns_name, zone_id=main.zone_id, @@ -895,7 +895,7 @@ def __init__(__self__, allow_overwrite=True, name="test.example.com", ttl=172800, - type="NS", + type=aws.route53.RecordType.NS, zone_id=example.zone_id, records=[ example.name_servers[0], diff --git a/sdk/python/pulumi_aws/route53/zone.py b/sdk/python/pulumi_aws/route53/zone.py index 0ad55f9f7c5..be705bdf476 100644 --- a/sdk/python/pulumi_aws/route53/zone.py +++ b/sdk/python/pulumi_aws/route53/zone.py @@ -361,7 +361,7 @@ def __init__(__self__, dev_ns = aws.route53.Record("dev-ns", zone_id=main.zone_id, name="dev.example.com", - type="NS", + type=aws.route53.RecordType.NS, ttl=30, records=dev.name_servers) ``` @@ -445,7 +445,7 @@ def __init__(__self__, dev_ns = aws.route53.Record("dev-ns", zone_id=main.zone_id, name="dev.example.com", - type="NS", + type=aws.route53.RecordType.NS, ttl=30, records=dev.name_servers) ``` diff --git a/sdk/python/pulumi_aws/s3/bucket.py b/sdk/python/pulumi_aws/s3/bucket.py index 3a500daf07a..b10f7e85c82 100644 --- a/sdk/python/pulumi_aws/s3/bucket.py +++ b/sdk/python/pulumi_aws/s3/bucket.py @@ -837,7 +837,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="my-tf-test-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, tags={ "Name": "My bucket", "Environment": "Dev", @@ -855,7 +855,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="s3-website-test.mydomain.com", - acl="public-read", + acl=aws.s3.CannedAcl.PUBLIC_READ, policy=std.file(input="policy.json").result, website=aws.s3.BucketWebsiteArgs( index_document="index.html", @@ -882,7 +882,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="s3-website-test.mydomain.com", - acl="public-read", + acl=aws.s3.CannedAcl.PUBLIC_READ, cors_rules=[aws.s3.BucketCorsRuleArgs( allowed_headers=["*"], allowed_methods=[ @@ -905,7 +905,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="my-tf-test-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, versioning=aws.s3.BucketVersioningArgs( enabled=True, )) @@ -921,10 +921,10 @@ def __init__(__self__, log_bucket = aws.s3.Bucket("log_bucket", bucket="my-tf-log-bucket", - acl="log-delivery-write") + acl=aws.s3.CannedAcl.LOG_DELIVERY_WRITE) b = aws.s3.Bucket("b", bucket="my-tf-test-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, loggings=[aws.s3.BucketLoggingArgs( target_bucket=log_bucket.id, target_prefix="log/", @@ -941,7 +941,7 @@ def __init__(__self__, bucket = aws.s3.Bucket("bucket", bucket="my-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, lifecycle_rules=[ aws.s3.BucketLifecycleRuleArgs( id="log", @@ -976,7 +976,7 @@ def __init__(__self__, ]) versioning_bucket = aws.s3.Bucket("versioning_bucket", bucket="my-versioning-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, versioning=aws.s3.BucketVersioningArgs( enabled=True, ), @@ -1032,7 +1032,7 @@ def __init__(__self__, )) source = aws.s3.Bucket("source", bucket="tf-test-bucket-source-12345", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, versioning=aws.s3.BucketVersioningArgs( enabled=True, ), @@ -1215,7 +1215,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="my-tf-test-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, tags={ "Name": "My bucket", "Environment": "Dev", @@ -1233,7 +1233,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="s3-website-test.mydomain.com", - acl="public-read", + acl=aws.s3.CannedAcl.PUBLIC_READ, policy=std.file(input="policy.json").result, website=aws.s3.BucketWebsiteArgs( index_document="index.html", @@ -1260,7 +1260,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="s3-website-test.mydomain.com", - acl="public-read", + acl=aws.s3.CannedAcl.PUBLIC_READ, cors_rules=[aws.s3.BucketCorsRuleArgs( allowed_headers=["*"], allowed_methods=[ @@ -1283,7 +1283,7 @@ def __init__(__self__, b = aws.s3.Bucket("b", bucket="my-tf-test-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, versioning=aws.s3.BucketVersioningArgs( enabled=True, )) @@ -1299,10 +1299,10 @@ def __init__(__self__, log_bucket = aws.s3.Bucket("log_bucket", bucket="my-tf-log-bucket", - acl="log-delivery-write") + acl=aws.s3.CannedAcl.LOG_DELIVERY_WRITE) b = aws.s3.Bucket("b", bucket="my-tf-test-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, loggings=[aws.s3.BucketLoggingArgs( target_bucket=log_bucket.id, target_prefix="log/", @@ -1319,7 +1319,7 @@ def __init__(__self__, bucket = aws.s3.Bucket("bucket", bucket="my-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, lifecycle_rules=[ aws.s3.BucketLifecycleRuleArgs( id="log", @@ -1354,7 +1354,7 @@ def __init__(__self__, ]) versioning_bucket = aws.s3.Bucket("versioning_bucket", bucket="my-versioning-bucket", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, versioning=aws.s3.BucketVersioningArgs( enabled=True, ), @@ -1410,7 +1410,7 @@ def __init__(__self__, )) source = aws.s3.Bucket("source", bucket="tf-test-bucket-source-12345", - acl="private", + acl=aws.s3.CannedAcl.PRIVATE, versioning=aws.s3.BucketVersioningArgs( enabled=True, ), diff --git a/sdk/python/pulumi_aws/s3/bucket_notification.py b/sdk/python/pulumi_aws/s3/bucket_notification.py index d163e55ab97..51ae7a08999 100644 --- a/sdk/python/pulumi_aws/s3/bucket_notification.py +++ b/sdk/python/pulumi_aws/s3/bucket_notification.py @@ -309,7 +309,7 @@ def __init__(__self__, name="example_lambda_name", role=iam_for_lambda.arn, handler="exports.example", - runtime="go1.x") + runtime=aws.lambda_.Runtime.GO1DX) bucket = aws.s3.BucketV2("bucket", bucket="your-bucket-name") allow_bucket = aws.lambda_.Permission("allow_bucket", statement_id="AllowExecutionFromS3Bucket", @@ -351,7 +351,7 @@ def __init__(__self__, name="example_lambda_name1", role=iam_for_lambda.arn, handler="exports.example", - runtime="go1.x") + runtime=aws.lambda_.Runtime.GO1DX) bucket = aws.s3.BucketV2("bucket", bucket="your-bucket-name") allow_bucket1 = aws.lambda_.Permission("allow_bucket1", statement_id="AllowExecutionFromS3Bucket1", @@ -575,7 +575,7 @@ def __init__(__self__, name="example_lambda_name", role=iam_for_lambda.arn, handler="exports.example", - runtime="go1.x") + runtime=aws.lambda_.Runtime.GO1DX) bucket = aws.s3.BucketV2("bucket", bucket="your-bucket-name") allow_bucket = aws.lambda_.Permission("allow_bucket", statement_id="AllowExecutionFromS3Bucket", @@ -617,7 +617,7 @@ def __init__(__self__, name="example_lambda_name1", role=iam_for_lambda.arn, handler="exports.example", - runtime="go1.x") + runtime=aws.lambda_.Runtime.GO1DX) bucket = aws.s3.BucketV2("bucket", bucket="your-bucket-name") allow_bucket1 = aws.lambda_.Permission("allow_bucket1", statement_id="AllowExecutionFromS3Bucket1", diff --git a/sdk/python/pulumi_aws/s3/get_bucket.py b/sdk/python/pulumi_aws/s3/get_bucket.py index c202774fe45..a69589f4741 100644 --- a/sdk/python/pulumi_aws/s3/get_bucket.py +++ b/sdk/python/pulumi_aws/s3/get_bucket.py @@ -159,7 +159,7 @@ def get_bucket(bucket: Optional[str] = None, example = aws.route53.Record("example", zone_id=test_zone.id, name="bucket", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=selected.website_domain, zone_id=selected.hosted_zone_id, @@ -225,7 +225,7 @@ def get_bucket_output(bucket: Optional[pulumi.Input[str]] = None, example = aws.route53.Record("example", zone_id=test_zone.id, name="bucket", - type="A", + type=aws.route53.RecordType.A, aliases=[aws.route53.RecordAliasArgs( name=selected.website_domain, zone_id=selected.hosted_zone_id, diff --git a/sdk/python/pulumi_aws/s3/get_bucket_object.py b/sdk/python/pulumi_aws/s3/get_bucket_object.py index a53220b37f2..15e36fb24e0 100644 --- a/sdk/python/pulumi_aws/s3/get_bucket_object.py +++ b/sdk/python/pulumi_aws/s3/get_bucket_object.py @@ -374,7 +374,7 @@ def get_bucket_object(bucket: Optional[str] = None, bootstrap_script = aws.s3.get_bucket_object(bucket="ourcorp-deploy-config", key="ec2-bootstrap-script.sh") example = aws.ec2.Instance("example", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, ami="ami-2757f631", user_data=bootstrap_script.body) ``` @@ -476,7 +476,7 @@ def get_bucket_object_output(bucket: Optional[pulumi.Input[str]] = None, bootstrap_script = aws.s3.get_bucket_object(bucket="ourcorp-deploy-config", key="ec2-bootstrap-script.sh") example = aws.ec2.Instance("example", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, ami="ami-2757f631", user_data=bootstrap_script.body) ``` diff --git a/sdk/python/pulumi_aws/s3/get_object.py b/sdk/python/pulumi_aws/s3/get_object.py index fab2946d544..ffae0cf206c 100644 --- a/sdk/python/pulumi_aws/s3/get_object.py +++ b/sdk/python/pulumi_aws/s3/get_object.py @@ -430,7 +430,7 @@ def get_object(bucket: Optional[str] = None, bootstrap_script = aws.s3.get_object(bucket="ourcorp-deploy-config", key="ec2-bootstrap-script.sh") example = aws.ec2.Instance("example", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, ami="ami-2757f631", user_data=bootstrap_script.body) ``` @@ -538,7 +538,7 @@ def get_object_output(bucket: Optional[pulumi.Input[str]] = None, bootstrap_script = aws.s3.get_object(bucket="ourcorp-deploy-config", key="ec2-bootstrap-script.sh") example = aws.ec2.Instance("example", - instance_type="t2.micro", + instance_type=aws.ec2.InstanceType.T2_MICRO, ami="ami-2757f631", user_data=bootstrap_script.body) ``` diff --git a/sdk/python/pulumi_aws/ses/domain_dkim.py b/sdk/python/pulumi_aws/ses/domain_dkim.py index 3b99dad217d..56d9ef95a58 100644 --- a/sdk/python/pulumi_aws/ses/domain_dkim.py +++ b/sdk/python/pulumi_aws/ses/domain_dkim.py @@ -110,7 +110,7 @@ def __init__(__self__, example_amazonses_dkim_record.append(aws.route53.Record(f"example_amazonses_dkim_record-{range['value']}", zone_id="ABCDEFGHIJ123", name=example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f"{dkim_tokens[range['value']]}._domainkey"), - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=600, records=[example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f"{dkim_tokens[range['value']]}.dkim.amazonses.com")])) ``` @@ -153,7 +153,7 @@ def __init__(__self__, example_amazonses_dkim_record.append(aws.route53.Record(f"example_amazonses_dkim_record-{range['value']}", zone_id="ABCDEFGHIJ123", name=example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f"{dkim_tokens[range['value']]}._domainkey"), - type="CNAME", + type=aws.route53.RecordType.CNAME, ttl=600, records=[example_domain_dkim.dkim_tokens.apply(lambda dkim_tokens: f"{dkim_tokens[range['value']]}.dkim.amazonses.com")])) ``` diff --git a/sdk/python/pulumi_aws/ses/domain_identity.py b/sdk/python/pulumi_aws/ses/domain_identity.py index 846c4e03ed0..421db7c6f61 100644 --- a/sdk/python/pulumi_aws/ses/domain_identity.py +++ b/sdk/python/pulumi_aws/ses/domain_identity.py @@ -138,7 +138,7 @@ def __init__(__self__, example_amazonses_verification_record = aws.route53.Record("example_amazonses_verification_record", zone_id="ABCDEFGHIJ123", name="_amazonses.example.com", - type="TXT", + type=aws.route53.RecordType.TXT, ttl=600, records=[example.verification_token]) ``` @@ -189,7 +189,7 @@ def __init__(__self__, example_amazonses_verification_record = aws.route53.Record("example_amazonses_verification_record", zone_id="ABCDEFGHIJ123", name="_amazonses.example.com", - type="TXT", + type=aws.route53.RecordType.TXT, ttl=600, records=[example.verification_token]) ``` diff --git a/sdk/python/pulumi_aws/ses/domain_identity_verification.py b/sdk/python/pulumi_aws/ses/domain_identity_verification.py index 5bf1e5d3583..c7fdef31832 100644 --- a/sdk/python/pulumi_aws/ses/domain_identity_verification.py +++ b/sdk/python/pulumi_aws/ses/domain_identity_verification.py @@ -101,7 +101,7 @@ def __init__(__self__, example_amazonses_verification_record = aws.route53.Record("example_amazonses_verification_record", zone_id=example_aws_route53_zone["zoneId"], name=example.id.apply(lambda id: f"_amazonses.{id}"), - type="TXT", + type=aws.route53.RecordType.TXT, ttl=600, records=[example.verification_token]) example_verification = aws.ses.DomainIdentityVerification("example_verification", domain=example.id) @@ -138,7 +138,7 @@ def __init__(__self__, example_amazonses_verification_record = aws.route53.Record("example_amazonses_verification_record", zone_id=example_aws_route53_zone["zoneId"], name=example.id.apply(lambda id: f"_amazonses.{id}"), - type="TXT", + type=aws.route53.RecordType.TXT, ttl=600, records=[example.verification_token]) example_verification = aws.ses.DomainIdentityVerification("example_verification", domain=example.id) diff --git a/sdk/python/pulumi_aws/ses/mail_from.py b/sdk/python/pulumi_aws/ses/mail_from.py index e003e1476ea..31eabd8f2fd 100644 --- a/sdk/python/pulumi_aws/ses/mail_from.py +++ b/sdk/python/pulumi_aws/ses/mail_from.py @@ -161,14 +161,14 @@ def __init__(__self__, example_ses_domain_mail_from_mx = aws.route53.Record("example_ses_domain_mail_from_mx", zone_id=example_aws_route53_zone["id"], name=example.mail_from_domain, - type="MX", + type=aws.route53.RecordType.MX, ttl=600, records=["10 feedback-smtp.us-east-1.amazonses.com"]) # Example Route53 TXT record for SPF example_ses_domain_mail_from_txt = aws.route53.Record("example_ses_domain_mail_from_txt", zone_id=example_aws_route53_zone["id"], name=example.mail_from_domain, - type="TXT", + type=aws.route53.RecordType.TXT, ttl=600, records=["v=spf1 include:amazonses.com -all"]) ``` @@ -234,14 +234,14 @@ def __init__(__self__, example_ses_domain_mail_from_mx = aws.route53.Record("example_ses_domain_mail_from_mx", zone_id=example_aws_route53_zone["id"], name=example.mail_from_domain, - type="MX", + type=aws.route53.RecordType.MX, ttl=600, records=["10 feedback-smtp.us-east-1.amazonses.com"]) # Example Route53 TXT record for SPF example_ses_domain_mail_from_txt = aws.route53.Record("example_ses_domain_mail_from_txt", zone_id=example_aws_route53_zone["id"], name=example.mail_from_domain, - type="TXT", + type=aws.route53.RecordType.TXT, ttl=600, records=["v=spf1 include:amazonses.com -all"]) ``` diff --git a/sdk/python/pulumi_aws/ssm/parameter.py b/sdk/python/pulumi_aws/ssm/parameter.py index e45e143dc12..dd1cf50ec96 100644 --- a/sdk/python/pulumi_aws/ssm/parameter.py +++ b/sdk/python/pulumi_aws/ssm/parameter.py @@ -511,7 +511,7 @@ def __init__(__self__, foo = aws.ssm.Parameter("foo", name="foo", - type="String", + type=aws.ssm.ParameterType.STRING, value="bar") ``` @@ -525,10 +525,10 @@ def __init__(__self__, default = aws.rds.Instance("default", allocated_storage=10, - storage_type="gp2", + storage_type=aws.rds.StorageType.GP2, engine="mysql", engine_version="5.7.16", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydb", username="foo", password=database_master_password, @@ -537,7 +537,7 @@ def __init__(__self__, secret = aws.ssm.Parameter("secret", name="/production/database/password/master", description="The parameter description", - type="SecureString", + type=aws.ssm.ParameterType.SECURE_STRING, value=database_master_password, tags={ "environment": "production", @@ -594,7 +594,7 @@ def __init__(__self__, foo = aws.ssm.Parameter("foo", name="foo", - type="String", + type=aws.ssm.ParameterType.STRING, value="bar") ``` @@ -608,10 +608,10 @@ def __init__(__self__, default = aws.rds.Instance("default", allocated_storage=10, - storage_type="gp2", + storage_type=aws.rds.StorageType.GP2, engine="mysql", engine_version="5.7.16", - instance_class="db.t2.micro", + instance_class=aws.rds.InstanceType.T2_MICRO, db_name="mydb", username="foo", password=database_master_password, @@ -620,7 +620,7 @@ def __init__(__self__, secret = aws.ssm.Parameter("secret", name="/production/database/password/master", description="The parameter description", - type="SecureString", + type=aws.ssm.ParameterType.SECURE_STRING, value=database_master_password, tags={ "environment": "production", diff --git a/sdk/python/pulumi_aws/storagegateway/file_system_association.py b/sdk/python/pulumi_aws/storagegateway/file_system_association.py index 0049ae772ea..0b8a908178a 100644 --- a/sdk/python/pulumi_aws/storagegateway/file_system_association.py +++ b/sdk/python/pulumi_aws/storagegateway/file_system_association.py @@ -332,7 +332,7 @@ def __init__(__self__, test = aws.ec2.Instance("test", ami=aws_service_storagegateway_ami_files3_latest.value, associate_public_ip_address=True, - instance_type=aws.ec2/instancetype.InstanceType(available["instanceType"]), + instance_type=aws.ec2.InstanceType(available["instanceType"]), vpc_security_group_ids=[test_aws_security_group["id"]], subnet_id=test_aws_subnet[0]["id"]) test_gateway = aws.storagegateway.Gateway("test", @@ -420,7 +420,7 @@ def __init__(__self__, test = aws.ec2.Instance("test", ami=aws_service_storagegateway_ami_files3_latest.value, associate_public_ip_address=True, - instance_type=aws.ec2/instancetype.InstanceType(available["instanceType"]), + instance_type=aws.ec2.InstanceType(available["instanceType"]), vpc_security_group_ids=[test_aws_security_group["id"]], subnet_id=test_aws_subnet[0]["id"]) test_gateway = aws.storagegateway.Gateway("test",